Backups should be under its own oauth scope
Someone thinks that read:accounts
is "not a sensitive scope":
0f54c5f reduces the permissions requested from Mastodon to read:accounts, so only data which isn't really sensitive will be accessible.
( https://github.com/liberapay/liberapay.com/issues/2149 )
But Pleroma's backup api requires only read:accounts
(even for the create backup api) -- that basically means that every app that has read:accounts
can access every status you have posted, including private ones. -- In this regard, we see that it somehow implies read:statuses
.
I think we should change backups to use its own scope, for example read:backups
.