subtoot
@Violet whoa that's horrific wtf
subtoot
@Violet is it from a cross domain @/violet?
subtoot
@vahnj yes, the account the toot was a reply to was locked so idk if it was an actual reply to a toot or not, but it was cross domain
subtoot
@Violet i am going to have to test this out i think. this is an important vulnerability that absolutely needs addressed
subtoot
@vahnj thanks!
subtoot
@Violet quick q- do you use regular mastodon, or glitch?
subtoot
@vahnj regular masto
subtoot
@Violet idk what's going on on your side but i just testing a lot of different conditions and i couldn't get anything to show up in my home column nor notifications related to @-ing an account with the same @, and display name did not seem to impact any part of it
1. accounts @-ing each other with nobody from server following
2. accounts @-ing each other with someone from server following
3. someone from the server who follows @-ing both accounts from the other domain
@Violet maybe not! i don't think my testing is conclusive on the problem happening. it could have even been that the @ directed at someone with your @ on a diff domain could have accidentally delivered to you too. idk
subtoot
@Violet idk if i missed a condition somewhere. it makes sense that you can see someone's private posts if you go into their profile, that's just how private posts work but if you're complaining about how there's no "shared mutuals only" for conversations then yea i'm 100% behind you on that being a problem i really want friend circles
subtoot
@vahnj the toot in question may not be a reply then even though it looked like one. I think it's just a mistake on my end