Well, large numbers of people are wrong about many things, all the time. I bet if you asked enough people, a sufficiently large majority of them would claim that there was a “Mastodon network”. If you asked enough people how Mastodon’s “unlisted” or “quiet public” feature worked, you would get several answers that are pretty much all incorrect. What people think or believe is irrelevant to what is reality, intended or actually-existing. At most, you can say that there is some miscommunication or lack of communication; maybe there is a way to reconcile the design of a certain software or the language it presents to users to better match expectation, but you’re going to have a tough time breaking reality. And the intended reality here is that “Public” means “without authentication”. Software implementations that declare their objects to be “public” while requiring authentication to fetch those objects are, quite simply put, lying. Ideally, they should not lie. They should declare their objects to be “requiring authentication, but any valid identity will do”. The way to declare this is by defining a class to represent the concept of authenticated actors or agents, and then declaring that they will only serve the resource to members of that class. One way to do this is via the use of Web Access Control, as described at WebAccessControl - W3C Wiki or Web Access Control or proposed via fep/fep/7502/fep-7502.md at main - fediverse/fep - Codeberg.org as a way to retrofit it onto ActivityPub’s addressing properties. If you want to go even further, you can use something like ODRL ODRL Information Model 2.2 to add additional restrictions and expectations on how the object is to be used.
1 Like