traewelling
traewelling copied to clipboard
Traewelling
public or unlisted check-ins are not publicly visible when profile is private
Describe the bug when the profile is private, setting a check-in to public or unlisted does not work. it behaves as if it is set to followers only (HTTP error 403 when trying to view it).
To Reproduce Steps to reproduce the behavior:
- make profile private
- do a check-in with public visibility
- open url in private browser window
Expected behavior the check-in is publicly visible
Desktop (please complete the following information):
- OS: gentoo linux
- Browser firefox
- Version 102.12.0
Smartphone (please complete the following information):
- Device: Xiamiao Mi 8
- OS: LineageOS 20 (Android 13)
- Browser Firefox
- Version 105.1.0
To be honest, I would also like us to implement it in this way. In the past, however, we had agreed on the variant that private profiles are completely private.
I would also prefer to take the approach of Mastodon - like here in your proposal. A private profile is nothing else than that you have to request someone. The visibility of the checkins would then be decisive.
But if you implement it this way, you have to set all public checkins of private profiles to followers only for safety's sake, so that they are not suddenly public.
I would be happy if there are other opinions. I would be in favor of implementing this issue.
In my opinion, a private profile should never be able to post anything public, so that someone cannot accidentally post private information publically.
Maybe we should remove the possibility to change the visibility to public if you have a private profile?
In my opinion, a private profile should never be able to post anything public, so that someone cannot accidentally post private information publically.
my use-case is that i want to share some stuff only to my followers. for that i need to approve them. if followers aren't approved, then posting follower-only is the same as posting public with another step. because anyone could just follow me and see everything.
Maybe we should remove the possibility to change the visibility to public if you have a private profile?
when we keep it this way, that private profiles can't post anything publicly, then yes, public and unlisted should be removed. also follower-only should be removed from public accounts, since it is meaningless and suggests a false security.
Maybe we should remove the possibility to change the visibility to public if you have a private profile?
I don't like this suggestion. I would like to have public checkins, but also some that are only visible to confirmed followers. This is currently not possible.
I would also prefer a change of the current behavior. It's more transparent and easier to understand who can see my check-in, if it's final visibility isn't determind by two seperate settings.
so that someone cannot accidentally post private information publically
Private profiles could have the default visiblity set to "Followers only" and I could also imagine a more explicit way to set a check-in to a (semi-)public visibility (e.g. a "Include options that prevent my privacy setting" you have to confirm first, before the option is available) for users with private profiles.
also follower-only should be removed from public accounts, since it is meaningless and suggests a false security
I understand your rationale and (personally) wouldn't mind this being removed, but I don't think it's meaningless.
- Users that don't follow you neither see the check-in itself
- nor that there are (somewhat) hidden check-ins at all (hard to explain, but on a private profile it's safe to assume there are check-ins that you can't see, on a public profile you wouldn't; and at least I don't randomly follow someone, just to check if there are hidden check-ins)
So it's like a "I don't want to shout it from the rooftops, but if you're really interested in my check-ins here you go" option.
I'm in favor of implementing this change but what would happen to existing public check-ins from private profiles? Those would become visible, right? Maybe this needs additional thoughts...
I'm in favor of implementing this change but what would happen to existing public check-ins from private profiles? Those would become visible, right? Maybe this needs additional thoughts...
This can be resolved with a simple migration, which sets all "public" checkins from private profiles to follower-only. Then nothing will effectively change in terms of behavior.
In my opinion it makes sense to treat "public" check-ins as such, because it makes clear that this check-in can be seen by everyone even when your profile is private. Maybe a warning can be raised if you're making a public check-in with your private profile:
This can be resolved with a simple migration, which sets all "public" checkins from private profiles to follower-only. Then nothing will effectively change in terms of behavior.
It might also be an idea to set the check-ins to private if you have made the profile private, just to ensure that you don't forget to make specific check-ins private (if you don't have the timer activated)
It might also be an idea to set the check-ins to private if you have made the profile private, just to ensure that you don't forget to make specific check-ins private (if you don't have the timer activated)
The timer shouldn't really matter, as the check-ins are set to private anyway.
If we write the migration á la "update visibility SET followers-only WHERE (public|unlisted) AND private_profile" there should be no problems from my point of view.
Another possibility could be to implement three different profile options. Public, Accept Followers and Private.
Private would be essentially the same as "Accept followers" only that you would only have the post-visibility-options "private" and "followers only" - no unlisted, no public.
This could reduce the complexity for the user and might not be as confusing.