Limit unauthenticated access to timelines
Please limit the timeline data returned by the API for unauthenticated requests. I can't think of a reason why an unauthenticated client should need more than the newest 50 or so statuses.
I know about #1206 (closed) but a lot of people will not be aware of the mentioned features if they get implemented. I think it should be the default to never return any post older than the 50eth most recent to an unauthenticated client.
Motivation
People are using the API to scrape all local public posts of instances. This is in most cases not wanted.
This is how researchers at the university of Milan did it:
The spider exploits the instance list obtained from the previous step and makes a pool of requests to the instance endpoint which returns the latest toots of the local timeline. Since the timelines implement a pagination mechanism, the spider extracts the URL for the next request and repeat this procedure till it reaches the end of the timeline.
https://aaai.org/ojs/index.php/ICWSM/article/download/3262/3130/