Follow

I have noticed since watching apache logs on my blog that the emails of Pleroma users are visible. Is that how it should be? Seems like it's a security leak.
Are mastodon emails de facto public too?

@lhackworth

To answer your question,
Mastodon are not email default public.(perhaps moderators can see users email.)
As far as I know Pleroma and mastodon are based on different structural.

@lhackworth Where do emails appear in the log? Some kind of cookie or header?

@lhackworth Thanks! Looked it up, and that's the contact email for each instance, not the registration email for the user. So if you see unusual traffic in your logs, you can send an email to the responsible admin. It basically saves you the trouble of figuring out which instance made the request (reverse DNS may be ambiguous if the IP address hosts multiple instances), going to that site, and finding the contact info for the admin.

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves. A STEM-oriented instance.

An inclusive free speech instance.
All cultures and opinions welcome.
Explicit hate speech and harassment strictly forbidden.
We federate with all servers: we don't block any servers.