1.3 KiB
Privacy features for federation
General logic
Two level of privacy for activities :
- from the Actor of the activities
- from the Object of the activities
We follow both actor and object privacy_level. If an user want to share it's playlist he need both the user privacy level and playlist privacy level set to allow it.
User level privacy_level
Check is done in activity_pass_user_privacy_level but only works if actor is passed within the context
Object privacy_level
Playlist support it's own privacy level. Check is done in activity_pass_object_privacy_level. Other objects should be added manually to this function.
Followers privacy_level
If a user follow a local user we don't need to send ActivityPub activities since the data is already in our db. We can use the local database the fetch the data. That's why Funkwhale outbox will always discard activities that are not public. But this need to be updated to support followers privacy level. Some warning should be displayed to the users to explain that setting a privacy_level to followers will send the data to remote server. This means we need to trust the remote server admins to follow our privacy_level wish. In other words when you trust your followers your also trust the admins of your followers.