[feature request] allow user to toggle RSS feed of their posts

[compufox]

Pitch

currently every user has an automatic RSS feed containing their unlisted and public posts, i think it would be good if there was some account setting that allowed the user to turn this off.

Motivation

while unlisted/public posts are not hidden from other users, i can see where providing that data in an easy to scrape format (RSS feeds) would help provide new and faster methods for harassing users.

[VyrCossont]

Hometown implemented this in hometown-fork#1233; could we copy their implementation?

[tamazonx]

In light of the qoto ban evasion information (scraping rss feeds to get around people blocking other people), I would really like to see some movement on this.

[ClearlyClaire]

If the reason is to avoid bad actors subscribing to your feed, I'm afraid that limiting RSS would not be enough and would only provide a false sense of security: indeed, it would be as easy for a bad actor to use the REST API to get the same information.

What we could do, I guess, is an option to avoid non-logged users to list your posts. This would also disable the RSS feed. Of course, this means that random non-logged users will not be able to see your posts when visiting your profile. And it also doesn't prevent a bad actor from just looking at your feed from another server where you have a follower.

[whatSocks]

an option to avoid non-logged users to list your posts this would be great

[selfawaresoup]

Right now, RSS feeds are a way to circumvent DISALLOW_UNAUTHENTICATED_API_ACCESS so if that env setting is on, either the RSS feeds should respect it too or users should at least have the option to opt out.

[sgrigson]

DISALLOW_UNAUTHENTICATED_API_ACCESS as mentioned above, doesn't prevent this.

In addition, this is a setting only available to server admins with access to the server, and not individual users.

[ShadowJonathan]

Together with mastodon#29011, this would remove a ton of avenues that actors could use to scrape people's posts