Controlling access to uploads in private messages and chats
One thing I noticed more recently is that uploads that are meant for private messages or chats (to only be seen by certain users) are publicly visible regardless of that context. Take this private chat of an image from a test administrator to a test user in local dev environment for example.
If we copy the image link and open it in a private browser tab, we can easily see the image regardless of the fact that we didn't log in.
This could present a security and privacy issue. Imagine if this image were instead a photo of a government-issued ID only meant to be sent to the administrator to verify that they're a real person per se. The moment someone figured out the link to it, the user's privacy would be compromised and therefore also, the security of the fediverse instance.
For this reason, I think we should figure out a good way to control access to uploads meant for posts and chats that aren't supposed to be visible to the public.