Cloudflare´s Wildebeest has a bug

The global internet infrastructure company Cloudflare has been building on their own fediverse server, based on Mastodon. It is known for only being able to run on Cloudflare´s own infrastructure. Within the community, Wildebeest and Cloudflare are regarded with suspicion, as they are regularly accused of pursueing an embrace-extend-extinguish approach to the fediverse.

Recently, a bug report for Wildebeest was filed that private messages are visible on the local timeline. This means that if you send a private message from, let's say, a Mastodon client to your friend who uses Wildebeest, everyone who visits the local timeline of your friends' Wildebeest server sees your private message.

Private messages are definitely not without issues on Mastodon either; since they are not encrypted, your server admin can also read the message. But leaking the message for the public is in general Pretty Bad.

The bug was listed on Github for a week, without any response from the developers, until it suddenly gained traction on the feeds. I think the community response is pretty notable here; mocking and making fun of Wildebeest. It's never great to get a bug report that your software leaks private messages, but if the community responds with laughing emoji's that's certainly not helping.

It feels like Cloudflare's Wildebeest project has misread the community response in general. They should have realised that everything they do will be viewed in a critical frame. By not responding to a serious bug for over a week, and only picking it up after serious community response, is a quick way to destroy little trust people had in the project. Cloudflare's reponse to the bug was to apply a fix so that Wildebeest rejects private and unlisted posts alltogether. This raises some serious questions if Wildebeest was indeed ready for launch when it was announced early February.