A couple of questions about authorized fetch. Assume my instance is running authorized fetch.
- If I as a user block instance X, does that mean there's no way the content of my posts to get to instance X even if somebody on another instance boosts them? Or, does the content still get there, but it's just not visibile?
- is the answer different if my instance is blocking instance X?
@brook @FediTips @futzle you all seem like you might know the answer to this 😎
Lady, EVOLVED 
@jdp23 you have no guarantees about whether the content gets there. it can’t be FETCHED or VERIFIED by the receiving server if your server has them blocked; this comment by claire implies that this also takes effect for individual blocks <https://github.com/mastodon/mastodon/issues/18345#issuecomment-1120176872>.
mastodon does not appear to include the contents of boosted posts in boosts, so this is enough to prevent them from federating from a Mastodon server. however, other ActivityPub implementations could conceivably include the contents of the post being boosted. in this case, the content would be leaked, and just not verifiable.
on mastodon, every post is verified to protect against other instances lying about things that you said. this means: if you have AUTHORIZED_FETCH and a server is blocked, and it gets word of a status by you, then it will check to see if you actually posted that status. it won’t be able to confirm that, so it does the reasonable thing and assumes it may have been deleted. consequently, it does not record the status or show it to its users.
however, there is always the possibility that (a) a different ActivityPub implementation includes the full contents of your post when it boosts it, and (b) Threads accepts this content as true, even though it can’t verify it. there is nothing technologically which can be done about this sort of information leak, aside from not federating with instances which might fall into the category of (a).
@jdp23 @Lady But all three instances where Mastodon servers.
I don't know if this is further hrepfull.
https://hub.sunny.garden/2023/06/28/what-does-authorized_fetch-actually-do/
Have to say good night now, cause it's half past ten here and I spend half of last night on fedi.
Be back after tomorows workshift.
I'm 99% sure mastodon.online doesn't run authorized fetch, so that would explain the behavior.
@Lady thanks very much! The experiment @pieselpriemel did seems to show content getting to the blocked server, presumably this is because mastodon.de hasn't turned on authorized fetch?
Also, is another thing that could be done simply not federating with instances that directly or indirectly federate with Meta.
[Easier said than done of course - the word "simply" is doing a lot of work in that previous sentence! ]
https://mastodon.de/@pieselpriemel/111597498974094723