I have noticed since watching apache logs on my blog that the emails of Pleroma users are visible. Is that how it should be? Seems like it's a security leak.
Are mastodon emails de facto public too?
@Sphinx thank you! That puts me at ease
You're welcome.
@lhackworth Where do emails appear in the log? Some kind of cookie or header?
@lhackworth Thanks! Looked it up, and that's the contact email for each instance, not the registration email for the user. So if you see unusual traffic in your logs, you can send an email to the responsible admin. It basically saves you the trouble of figuring out which instance made the request (reverse DNS may be ambiguous if the IP address hosts multiple instances), going to that site, and finding the contact info for the admin.
@lhackworth
To answer your question,
Mastodon are not email default public.(perhaps moderators can see users email.)
As far as I know Pleroma and mastodon are based on different structural.