-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
include remote users in followers collection #418
Conversation
magazines returned the wrong amount of followers via ap because remote subscribers were not included
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this also shows remote subscribed user when querying for detailed list, while I can't find a group to query follower lists for cross checking, it looks like querying one for user would return similar results, so I think it should be fine
Since this is a privacy concern I think we should get rid of listing the users, but that is another issue |
I am slightly confused as to why
|
I think there is no difference. I tried it with SELECT name, subscriptions_count, (SELECT COUNT(*) FROM magazine_subscription WHERE magazine_id=magazine.id) as count2 FROM magazine WHERE ap_id IS NULL LIMIT 10; And the 2 counts were the same. I'll change it to the less expensive call and remove the output of the followers, as it is not used by anything and just a data leak |
I remove the method because at this point it is a one liner
Is this still in progress or part of other work? Just wanted to check because it looks like this PR still has the exposed subscriber list. That's interesting, I didn't realize that about kbin/Mbin. Comparing it to lemmy it looks like they don't expose that information e.g. here's {
"id": "https://lemmy.world/c/world/followers",
"type": "Collection",
"totalItems": 34492,
"items": []
} Edit: It seems |
Yeah it still includes the subscriber list. I didn't want to put that in this PR. I am aware of the problem. I just fixed that one can pull the local subscribers to a remote magazine, cause that just didn't make sense. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this looks good to me. I think there's broader privacy questions we've come up with from this that might need further looking into. definitely the less information on users we can return that isn't being used for AP actions, the better
magazines returned the wrong amount of followers via ap because remote subscribers were not included