EDIT: As pointed out by @[email protected] in this comment, communities set to local are not viewable by guests. TIL!
This makes this whole idea redundant, since it solves the issue perfectly.
I wish Lemmy had better documentation 😬
Thanks again to Styrocrow for taking the time to explain this to me!
I’m seriously thinking of creating an API gateway that would drop API requests to privated communities (that we may choose) coming from guest users. This could potentially take me 1-2 weeks of development since i regrettably still have a day job that i need to attend to.
Since Lemmy development is somewhat erratic and we can’t really rely on developers to release lemmy 1.0 in a timely manner, i was thinking of just DIY’ing a custom solution for this instance only.
I would not normally suggest this solution, as it means basically swimming “against the current” of how lemmy works internally and potentially delivering a bad user experience to lurkers, but since the consensus in our userbase seems to be that privacy and opsec should be our number one priority, i think that beating around the bush with this problem is only going to generate pain and discomfort for everyone down the line.
Please vote on the strawpoll if this focus seems reasonable to you, even if it means pushing other features / fixes back for the meantime (Self ban feature, auto purge posts by request, web ui fixes)…
Thanks for your participation!
we could just set most communities to local so lurkers can’t see them
Unfortunately that does nothing as of now. “local only” means that communities can only be seen from tranistan.com and not from other lemmy instances like https://llemmy.world/ or https://lemmy.dbzer0.com/
Since we are not federated with anyone this is basically the same as setting them as public.
Really? I’m exclusively on desktop, so I can’t vouch for mobile, but when I open local communities like [email protected] and [email protected] in an incognito tab, I can’t see them. I have to be logged in to peak. Otherwise I get this page:
I’ll admit that I’m not super familiar with Lemmy in general, so I could absolutely be missing something
Okay you’re right lmao holy shit this is great 🤣
Oh wow! That is interesting… Let me check…
would the goal behind this feature be to make the entire website private from lurkers? or just individual communities?
Just individual communities, but it could potentially be just all communities except 1-2 newfren ones. would be up to the community’s moderators.
I like the idea of it mostly just being private with a few newfren ones (but we was actually let people into the rest of the site unlike ttttrans and 4tst).
but I’m not opposed to just a private selfies/blog posting communities but it can wait since it sounds like a pain to implement without lemmy 1.0
i think its not a critical issue to work on right now
That’s v good to know tbh. I assumed the user’s opinions would be way more heavily skewed in favor of this, but looking at the poll I’m starting to see that this feature felt more urgent in my head than it is in reality. It’s good news tbh, i was not looking forward to implementing this. It’s good to know that users are not as concerned with the perceived lack of privacy of this server as i thought. Good to know.
idt it should be a priority, this would be the equivalent of private subs right? private subs always have much lower activity than public subs, i think it’ll be the same, i don’t think it’s a bad idea tho, i do think it’s not worth the effort, for now we can private the whole instance and turn off registrations if someone tweets about us or something
i thought privating the whole instance wasn’t an option currently hmm
I would like to see it happen, but not at the expense of bug reports and whatnot.
This is a bit confusing for me, what exactly does this mean for the tech illiterate?
So basically making it impossible for guests to see or participate in communities we declare as “private”. We would have a list of communities, and i would create a program that reads every request that the server receives and checks the request against the list of private communities. If the request comes from a guest user and it is addressed to a community whose name is on the private list, the program will simply drop the request.
We’ll be basically programming a “bouncer” that sits between users and the lemmy service. The problem is that lemmy us supposed to be “open for all” and such, so it’s very likely that the ui could freak out and show weird errors to guest users because no lemmy ui is used to this “bouncer” guy existing in between the user and the lemmy service.
Oh, I see. That sounds great!
how would that program be able to tell if the user is a guest tho? looking at it seems lemmy uses jwt so i guess if you could copy the secret key into the program?
Yes, it would decode the jwt with the secret and then check if it’s a valid one.
should be very easy then tbh
in theory yes, but i would need to see how well it interacts with various clients etc… could slightly grow in complexity depending on that
ok no its not easy what is this disgusting code and api
are you talking about the lemmy source code? 🤣
deleted by creator
