Cambiando la configuración del nodo para habilitar AUTHORIZED_FETCH. No descarto que se rompan cosas en el proceso 😅
https://docs.joinmastodon.org/admin/config/#authorized_fetch
#mastoadmin #authorizedfetch

@admin Is `AUTHORIZED_FETCH` turned on for floss.social?

https://fedi.tips/authorized-fetch/
https://hub.sunny.garden/2023/06/28/what-does-authorized_fetch-actually-do/
#AuthorizedFetch

@qbi Ich denke, das Feature ist eher als #AuthorizedFetch bekannt.

Und die #Mastodon-Doku mahnt zur Vorsicht, der hat nämlich auch Nachteile:
https://docs.joinmastodon.org/admin/config/#authorized_fetch

@jim #AuthorizedFetch is one option, there's a short explanation at https://hub.sunny.garden/2023/07/05/meta-coming-to-the-fediverse/ and a bunch of discussion on the issue tracker of things one could do:
https://github.com/mastodon/mastodon/issues?q=+%22authorized+fetch%22

I expect most experimentation in this area of #MastoDev will be from the forks, #Hometown and #Glitchsoc.
https://glitch-soc.github.io/docs/
https://github.com/hometown-fork/hometown/wiki

@alex Personal data deletion is definitely a headache under #GDPR.
https://github.com/mastodon/mastodon/issues/21674 proposes to make it a bit better for Mastodon with #AuthorizedFetch, but the problem remains that we can't guarantee deletion on all instances.

#MastoDev

@fsnk Ah, good. I think that's right. Initially I saw some discussion about it that only covered posts boosted by other servers, but reading the article you shared, and the one I found thereafter (below), the answer seems that the #AuthorizedFetch setting is designed to do what I want.

https://hub.sunny.garden/2023/06/28/what-does-authorized_fetch-actually-do/

@msteenhagen

maybe the #AuthorizedFetch thing all the kids are talking about?

https://fedi.tips/authorized-fetch/

@neil #AuthorizedFetch does nothing to protect from the dissemination of personal data in at least two very common cases:
https://github.com/mastodon/mastodon/issues/22620#issuecomment-1363670888
https://github.com/mastodon/mastodon/issues/21674

#MastoMeta #MastoDev

With #AuthorizedFetch, can a boost still end up on a misconfigured or maliciously configured server? Or would most boosting remote servers not include the message payload at all?

Does suspending an instance prevent them from seeing public posts on your #Mastodon instance?

My understanding is it does not by default, based on this discussion about "secure mode", which is an option that does require instances to be authorized to fetch posts from your server: https://github.com/mastodon/mastodon/issues/18353

Does #suspension (without secure mode) do anything from the #suspended instance's perspective, or does it only prevent your users from seeing it?

#MastoAdmin #SecureMode #AuthorizedFetch

@ben For the ActivityPub and API endpoints, maybe #AuthorizedFetch aka secure mode can help protect at least the database? https://docs.joinmastodon.org/admin/config/#authorized_fetch

@nemobis
Great suggestion, though it does appear that #authorizedfetch seems to have some harsh limitations.

It does seem like a poll of known subscriber instances (of users on your instance) should be plausible.

That treats the deletion request more like a traditional DSR where a controller must notify known subprocessors only -- not everybody who potentially might have received personal data.

@rriemann @bbennettesq @EDPS

@privacat I filed a feature request for #Mastodon to use #AuthorizedFetch better with account deletion/suspensions:
https://github.com/mastodon/mastodon/issues/21674

How do we get this tagged as potential #privacy / #GDPR enhancement to be funded by NLnet/NGI/EC, @rriemann? 😇

@bbennettesq @EDPS

@neil Thanks. Documentation for the mentioned #AuthorizedFetch setting:
https://docs.joinmastodon.org/admin/config/#authorized_fetch