Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow user‐level (and/or post‐level?) opting out of (parts of) AUTHORIZED_FETCH #10

Open
marrus-sh opened this issue Sep 12, 2021 · 2 comments
Open

Allow user‐level (and/or post‐level?) opting out of (parts of) AUTHORIZED_FETCH #10

marrus-sh opened this issue Sep 12, 2021 · 2 comments
Labels
LV.1: Application Backend @ installing and running the application LV.4: S2S Networking @ Server‐to‐server support LV.4: Security Networking @ Security STATUS: discuss This issue should be discussed before further actions are taken STATUS: enhancement New feature or improvements to existing STATUS: need info Further information is requested

Comments

@marrus-sh
Copy link
Member

marrus-sh commented Sep 12, 2021
edited
Loading

A bit contrary to #8, but also helps justify it. There are good reasons not to want AUTHORIZED_FETCH:

  • Embedding of information (e.g. on personal websites) or referring to it (Linked Data).
  • Allowing ActivityPub clients to read resources without needing to direct their request through a server.

The main utility of preventingenforcing AUTHORIZED_FETCH is:

  • Prevent scraping of data.
  • Prevent federation of information to e.g. blocked instances.

Users should be able to decide for themselves what their priorities are in this regard. Under no circumstances should timelines, follower/following information, &cetera be made available without AUTHORIZED_FETCH.
@marrus-sh marrus-sh added STATUS: enhancement New feature or improvements to existing STATUS: need info Further information is requested LV.3: JSON‐LD Serialization @ JSON‐LD support LV.1: Application Backend @ installing and running the application STATUS: discuss This issue should be discussed before further actions are taken labels Sep 12, 2021
@aescling
Copy link
Contributor

i’m confused: how does preventing AUTHORIZED_FETCH enable the latter two bullet points? i thought those were things AUTHORIZED_FETCH enforces

@marrus-sh
Copy link
Member Author

pardon, i meant enforcing AUTHORIZED_FETCH; preventing unauthorized access

@marrus-sh marrus-sh added LV.4: S2S Networking @ Server‐to‐server support LV.4: Security Networking @ Security and removed LV.3: JSON‐LD Serialization @ JSON‐LD support labels Sep 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
LV.1: Application Backend @ installing and running the application LV.4: S2S Networking @ Server‐to‐server support LV.4: Security Networking @ Security STATUS: discuss This issue should be discussed before further actions are taken STATUS: enhancement New feature or improvements to existing STATUS: need info Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marrus-sh @aescling