Recent searches
Search options
Hey @coop, has anyone seen anything like this?
I decided to see what Googling my handle would return and after hitting a few on our server I got this URL which seems to be an imperfect mirror of my profile here.
@virtuous_sloth anyone that follows you, their server potentially caches some of your posts on their server
Depending on the server cache settings, it will cache your posts local to their server.
Our own servers cache for 7 days? @mick there's a difference between media and posts I think?
That other server a Pleroma install, a different but compatible ActivityPub microblogging server
Here's an example link of me on another server https://cosocial.ca/deck/@boris@toolsforthought.social
If you're logged into CoSocial, that will load my profile and you can browse the whole thing.
If you're not logged in, it should redirect to the remote profile (try it in an incognito browser window)
I guess Pleroma doesn't do that, but it SHOULD, precisely because of the indexing thing.
@boris @virtuous_sloth @mick @coop I believe pleroma CAN be configured not to show that class of URLs (or at least not to show any URLs) to unauthorized agents... I saw that setting when I played around with a test install
@virtuous_sloth @atomicpoet hey, isn't this your server? Seems like you're serving up third-party posts to users without authentication, not only does this mean privacy issues for those remote users & duplicate content in search indexes, it also importantly means: any illegal content that might rich your instance is now served publicly by your instance on your domain
@virtuous_sloth @atomicpoet e.g., if CSAM or terrorist content reached your server, you're currently serving it, and having it indexed by search engines, and therefore certainly liable for it.
@thisismissem@hachyderm.io @virtuous_sloth@cosocial.ca Thanks for the head’s up. I’ve only had one person complain about this, and I purged them from my instance. I also defederate any servers serving CSAM and illegal content. However, since I don’t know who is going to send illegal content until they do it, I’ve taken the step to remove the viewing of content from inauthenticated users.
@atomicpoet @virtuous_sloth cool, so this issue should be fixed on your server — was this a setting in Pleroma? Maybe there's an issue that needs to be opened up to never serve cached content from remote actors without authentication?
@thisismissem@hachyderm.io @virtuous_sloth@cosocial.ca Yeah, it's a Pleroma server setting. By default, all posts are public. I have to manually go into MRF to change this.
@atomicpoet @virtuous_sloth yikes.. that sounds like a terrible default.