mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.

Administered by:

Server stats:

17K
active users

As a technical test, I'm going to be changing the server settings for the accounts @FediFollows, @FediVideo, @FediGarden and @homegrown. It should take effect in the next few days.

Don't worry, you don't have to do anything and you probably won't notice anything. However, if you encounter any problems such as broken follows etc please get in touch with me via this account or my personal account at @FediThing.

(For technical people, I'm going to try activating the "authorized fetch" feature.)

p.s. The switch hasn't actually been thrown yet, if anyone has good reasons not to please let me know ASAP. I've tried to read as much info as possible, and asked for advice in an earlier more low-key post. Asking again now in case something else was missed in previous thread.

@feditips I'm only aware of one reason not to, which is that it prevents people from browsing your profile for a vibe check or similar. But it's entirely your choice whether to care about that or not.

FediTips has moved!

@hazel

I'm not sure if that's the case though? There are people on the Mastodon github complaining that people who aren't logged on have too much access to public threads even with secure mode switched on:

github.com/mastodon/mastodon/i

This is partly why I'm doing the test, there's some contradiction in how this is documented/perceived.

GitHubRemove search from about page · Issue #20930 · mastodon/mastodonBy ryliejamesthomas

@feditips
Update: Oh wait, it seems like Mastodon might have split that into a second option. You also have to set DISALLOW_UNAUTHENTICATED_API_ACCESS to true to get the full security benefit.

Original message:
if that thread is correct, then Mastodon's implementation of Authorized Fetch is broken. When it's working, attempting to access anything through a web browser should return a 403 / similar error unless you log in. That's also how it works on Pleroma and Misskey.

@hazel

As far as I can tell, it does that if you're logged in on a blocked server but not if you're logged out?

The threads seem to say there's no way to stop scraping of public posts, but at least it would force people to scrape instead of viewing easily?

@feditips It seems like Mastodon may have split AUTHORIZED_FETCH into two separate toggles. To prevent scraping / public web access you have to also enable DISALLOW_UNAUTHENTICATED_API_ACCESS. With that disabled, the web interface will still work (but you lose most of the privacy benefits of AUTHORIZED_FETCH.

@hazel

Ahh... that perhaps explains the apparent contradictions. Thanks!