I have noticed since watching apache logs on my blog that the emails of Pleroma users are visible. Is that how it should be? Seems like it's a security leak.
Are mastodon emails de facto public too?
Follow
@lhackworth Where do emails appear in the log? Some kind of cookie or header?
@lhackworth Thanks! Looked it up, and that's the contact email for each instance, not the registration email for the user. So if you see unusual traffic in your logs, you can send an email to the responsible admin. It basically saves you the trouble of figuring out which instance made the request (reverse DNS may be ambiguous if the IP address hosts multiple instances), going to that site, and finding the contact info for the admin.
@khird I think it's in the user agent of the request.