Feature: ability to hide remote timeline/profiles/posts to unauthenticated visitors
This is a feature request, not a bug.
Currently the :instance, public: false
setting seems to do the following things:
- unauthenticated visitors have no access to the local timeline
- unauthenticated visitors have no access to the network timeline
- unauthenticated visitors have no access to local posts. This means that users on other instances can no longer see your user's posts in their original context.
- unauthenticated visitors have no access to remote posts
- unauthenticated visitors have no access to local user profiles. This means that users on other instances can no longer follow the links to your user's profiles.
- unauthenticated visitors have no access to remote user profiles.
- nodeinfo reports
private
astrue
, so fediverse.network hides the server information
With public: true
all these things become accessible to unauthenticated visitors. I currently see
spiders coming by and indexing all kinds of remote profiles and posts as part of my site. I'd like them
to only index local content. These spiders find the urls presumably via the links in the network timeline.
The setting :instance, limit_to_local_content: :unauthenticated
(or :all
or false
) governs the use
of the user search box instead, it doesn't stop people from accessing profiles of or posts by remote users.
I'd like to have more control over what is shown to unauthenticated users and spiders. I can think of these levels:
- unauthenticated visitors see local and remote timelines, profiles and posts
- unauthenticated visitors see local and network timelines, and local but not remote profiles and posts. The network timeline avoids broken links by linking to the origin sites for remote posts and profiles.
- unauthenticated visitors see local but not remote timelines, profiles and posts
- unauthenticated visitors see nothing (except the login, instance panel, about, etc)
Meanwhile authenticated users can see everything.
Basically this is extending the meaning of limit_to_local_content
to timelines as well as search, but without disabling the network timeline for authenticated users in case of the :all
option. Or extend the possible values for public
as true
, :local_content_only
, :local_only
, false
for the four levels.
I'd also like to control the private
flag in nodeinfo independently.