@a_breakin_glass Hmmm, dunno, lemme go poke it and find out...

@a_breakin_glass Looks like it's exactly the same - get the post's URL from the timestamp, and then search it in the Mastodon web UI search box. :)

@cassolotl honestly previously I'd just pasted mastodon toot ids into the "statuses" url

@a_breakin_glass Whatever works! :)

@TritTriton No problem! :)

@InspectorCaracal That sounds like it would be pretty good, yeah!

@Laurelai Ack! That sucks. At which stage does it all go wrong?

@cassolotl When i put the url into the search the post doesnt come up

@Laurelai Can you send me an example of a URL that doesn't work when you search it?

@cassolotl https://kitty.town/@GinnyMcQueen/99026494992410175 this one, its followers only and i follow her ergo it should show up

@Laurelai Bea ( @bea ) tells me that followers-only toots are not searchable even if you follow the person, and that is intended and expected behaviour: https://glitch.social/@bea/99066331292790616

@cassolotl @bea So what your telling me is that i cannot see a followers only post when i am a follower when it is linked to me in any way at all ever and this is by design. Wonderful.

@Laurelai @cassolotl its KINDA by design

i don't think there's a way to make it happen but only for followers

the code prevents pulling all direct and followers-only toots through the search box and since you are asking the remote instance for the toot, it actually has no idea who you are

it only knows your instance is asking for something private, and disallows it

@bea @Laurelai Ahhhh that makes sense.

I wonder if it is worth submitting on the Github issue list. https://github.com/tootsuite/mastodon/issues Thanks Bea!

@cassolotl @Laurelai imo ........ probably not, strictly from the perspective of "is this worth your spoons"

@bea @Laurelai Yeah, fair enough!

@bea @cassolotl The software should know im allowed to see it and show it to me, im just saying.

@Laurelai @cassolotl i agree i just don't know if it's possible to do securely and kinda suspect it isnt :c

@bea @Laurelai @cassolotl there certainly is the risk of a malicious instance pretending to be a follower to read a followers only post

@packetcharmer @Laurelai @cassolotl exact 🤷

@bea @packetcharmer @Laurelai @cassolotl the local instance could try querying or deducing its unique id, and then search in its own local database

cant find a solution that isn't a terrible hack right now but it's surely doable somehow

@CobaltVelvet @packetcharmer @Laurelai @cassolotl yes, we can check locally but the thread was originally about pulling statuses from remote instances...

@bea @CobaltVelvet @packetcharmer @cassolotl Like is it just not possible to have two instances talk to each other and be like "yes person x follows person y, show post"

@Laurelai @bea @CobaltVelvet @packetcharmer @cassolotl

If one person (A) from an instance (1) follows said person, that instance (1) could then fake that request from (A@1) for anyone else on instance (1)

@Laurelai @bea @packetcharmer @cassolotl having only access to posts you have been sent (mostly means "since you've been following") is also a good security feature

@CobaltVelvet @bea @packetcharmer @cassolotl Seems like security through obscurity i mean i could just take hours to scroll through the person in questions timeline for the post, but i dont want to do that. All im asking for is a faster way to see what im theoretically already allowed to see.

@Laurelai @CobaltVelvet @bea @packetcharmer "All im asking for is a faster way to see what im theoretically already allowed to see." - That's my feeling too! But it sounds like it can't be done in a way that wouldn't risk the security of someone's followers-only posts. :/

@cassolotl @CobaltVelvet @bea @packetcharmer If a human can do it manually by scrolling a computer should be able to automate it this makes no sense its just automating a repetitive task.

@Laurelai @CobaltVelvet @bea @packetcharmer I mean, yes, that does make sense, but I do not know the back-end stuff and I am bowing to the superior knowledge and experience of the other people in this thread!

@Laurelai @CobaltVelvet @packetcharmer @cassolotl if your instance does not have the toot you wanted to search you also would not see it if you scrolled back their feed

@bea @CobaltVelvet @packetcharmer @cassolotl So followers only posts are just for your followers on that local instance???

@Laurelai @CobaltVelvet @packetcharmer @cassolotl no, they are federated but if someone makes follower only posts before anyone on your instance is following them your instance won't have a copy

@bea @Laurelai @CobaltVelvet @packetcharmer It makes sense that you should be able to find toots that your instance does know about and that you had seen before, though, I feel?

@Laurelai @bea @packetcharmer @cassolotl yeah i agree if that's the only problem, if your instance already has the toot it should be searchable. and that doesn't really require changing the protocol and is likely quite doable. (like maybe returning an indexed id with 404's, or storing the full URL somehow)

it becomes much more of an issue if you want to pull toots that you didn't already get in the first place, which probably won't ever be done but isn't impossible either.

@CobaltVelvet @Laurelai @bea @packetcharmer (Because of the toot I'm replying to, I made this Github issue: https://github.com/tootsuite/mastodon/issues/5818 No idea if it will go anywhere but it can't hurt.)

@packetcharmer @bea @Laurelai @cassolotl

Yeah, I don't think it's possible to do securely.

@LottieVixen @bea @Laurelai @cassolotl although this is why Mastodon allows you to block instances

@packetcharmer @bea @Laurelai @cassolotl

Yeahhhh but I'd rather not be reactive about that and there is no way to be proactive...without whitelisting (but instances can change at anytime, without notice)

@bea @Laurelai @cassolotl hmmmm what about the server asynchronously resending the toot to the requesting server’s inbox if it determines there’s a user on the requesting server that should be able to read it?

although then you’d have to rewrite the URL search handler to check for a local reference to the toot in addition to the remote fetch

@Laurelai @bea That would be pretty great! I'd like that too. Do you have a Github account? You could suggest it on the issue list here: https://github.com/tootsuite/mastodon/issues

@smallsees Ahh cool, glad I could help. :)