There's a bit of a tiff going on about pixelfed leaking followers-only ActivityPub posts due to a limitation of its implementation of ActivityPub. This is, of course, a problem, and I don't intend to leap to the defense of Pixelfed. But we ought to learn from history, especially when it repeats itself, and notice that there is an inherent limitation in the ability of federated systems to protect user privacy.
Mastodon did not originate as an ActivityPub implementation. It was an OStatus implementation, designed to be compatible with the older Gnu Social. This pairing had the exact same problem: Gnu Social didn't support direct messages at all, so neither did OStatus. When Mastodon implemented direct messages as an extension to the OStatus protocol, Gnu Social didn't understand the extension and treated direct messages as normal public posts. This was, like, 2017 or so. This problem was never solved exactly, but was obviated when Mastodon adopted the pump.io-derived ActivityPub protocol as a replacement for OStatus (pump.io being, very roughly speaking, a successor to Gnu Social intended to address many of its limitations).
This is a generic problem with federated systems, also evidenced in very old ones like email. The best privacy the system as a whole can guarantee is whatever is enforced by its weakest, and often oldest, implementation.
Does this mean that we shouldn't try to implement direct messaging, followers-only, or other privacy-restricted modes on federated protocols? In my darker moments, I think so. Making privacy guarantees to users without the technical ability to guarantee them always comes with some ethical risk, and software projects have a long history of deprioritizing privacy, as much out of featureitis as malice. But we can also be more optimistic, and note that well-designed protocols help to avoid privacy problems.
But the weakest link principle still applies, and technical solutions are very difficult. Perhaps more realistic is a certification scheme, and you could argue that the choice of some Mastodon instances to defederate Pixelfed instances represents a de facto compliance certification program.
Always buy Genuine Certified ActivityPub ™️, independently tested by ActivityLabs S. A. de C. V.
let the record show that I nailed character limit on this instance, even now that they've turned it up.
To be a little less shitposty, I have been openly critical of Mastodon in the past for this exact issue. Providing "private messaging" at all is a choice, one that Mastodon's forebearers often declined. The decision of the Mastodon project to introduce visibility restrictions when its primary federation partner did not support them has always felt irresponsible, a very clear case of selling a product that you cannot actually deliver. And, potentially, with user safety on the line.
Mastodon deserves the credit that they have implemented a scare banner when you author a mentions-only post, but I would still quibble with the wording of that banner, which makes it sound like the only limitation is the lack of end-to-end encryption. The fact that the nature of federated systems imposes an inherent limit on the ability of Mastodon to protect your messages goes unmentioned, although that probably has something to do with it being difficult to explain to non-technical users without a page of text.
Mastodon posts ought to be considered, as a best case, no more private than email: email has a similar lack of E2E or even uniform in-transit encryption, but at least it was designed from the beginning for a limited-visibility use case. Microblogging originated as a completely public format, making the weakest privacy assertions possible, and the vestiges of that are still everywhere you look in the fediverse.
@jbcrawford to add to that, I have interacted with so many people who did not understand the privacy implications.
So whatever steps the mastodon interface is taking, it's proven to be not enough in the real world.
This is a drum I beat every time I can, and people are being misled by it on this platform.
