@Zergling_man @kirby @teratology I'm not complaining about locking the instance down to require a login. I'm complaining about the whole "oh 404 you have a bad link" instead of just "403 fuck you auth or go away"

and then the redirect goes and leaks the fact that the resource exists anyway. I wonder if it would do the redirect for DMs? not that knowing that the url exists matters in the slightest