I run an instance that I meant to be private for my family. I have accounts posted to require approval of followers and post privacy set to followers only. I thought that meant that you wouldn’t be able to view posts unless you were logged in and explicitly approved as a follower. Unfortunately, much to my dismay, I found that when you go to myinstance.social/@myusername, you can see all my posts (from any browser, without logging in). Is this a bug? Or just a really misleading set of configuration parameters? In any case, is there any way to achieve the functionality I want (posts only viewable by approved followers)?
If the posts are set to followers-only then you shouldn’t be able to view them at myinstance.social/@myusername
Ensure the padlock icon shows on the toots:
I found the problem–the iPhone app I was using to post wasn’t respecting the default setting for post privacy. So though I had set the default to followers-only, the posts were still showing up.