Why aren't private communities on PieFed federated?

Is that different for Lemmy? If so, why is PieFed's approach to private communities different from Lemmy's?

Because once it leaves the server there is no guarantee that the remote server understands or even respects the notion that it should be private.

Lemmy doesn't have private communities yet afaik.

At a guess, private piefed communities don't federate because once content federates, you can't control who can see it. All you can do is hope that the remote instance will follow the privacy settings, but you can't enforce them.

Private lemmy communities don't federate because they don't exist.

@povoq@slrpnk.net okay, yes. This is true, once it leaves the local server there are no guarantees.

However I'd have to ask whether there is an acceptable tradeoff in risk of content exposure.

After all, even in local private groups, things could get leaked via copy-paste, screenshots, etc. The weakest link is the social element.

Real answer: private communities were released LAST MONTH and so far only for PieFed.

Federating would mean a new protocol for potentially both Lemmy and PieFed to agree on. Rules need to be agreed on over how data is handled. New UI/UX. Mod tools to allow communities to block instances that may leak private information. Encryption? Etcetera, etcetera, etcetera.

Give it time.

Oh, didn't know that. Okie

It's acceptable for some communities, not for others...

To be fair I also don't like the fact that "private" usually means that the server admins can still read what's inside. I get it for images but for text...

MLS on activitypub is very much needed

The weakest link is the social element.

From one sysadmin to watch, now there would be at least 2. It's better to not give a false sense of security, so I understand why one would not federate them at all.

Maybe "gated" communities would be better rather than private in the case you refer to

It's not a risk of content exposure. By definition, risk is something that may or may not happen. Federating private content is guaranteed content exposure.

There are websites that make it easy for anyone to see exactly who voted on a post. In a similar way, making a site that ignores or highlights private content is an inevitably. Not to mention federated software that doesn't even know what private content is and will publish it with no malicious intent.

It's very easy to federate and create your own federated database without the intent of actually using it for piefed/lemmy/etc... It's one of the biggest downsides to the fediverse: privacy is impossible. Absolutely nothing is stopping Facebook, Google, or anyone else from setting up an instance and gaining direct access to all federated data.

Yes I think you're right about that. The nomenclature is important to get right because once federation is added to the equation privacy (without some form of E2EE) cannot be guaranteed.

So perhaps calling it something like a gated community (like @ex_06@slrpnk.net said) would help, although that term has some other associations with it too