A common access control of social media is “friends of a friend”. That means that the content I am posting can be access by all my friends and all of their friends, but not anyone else.
Now, let’s assume we have a social media platform that is wholly Solid - then the page with the content I am loading in my browser grabs the post from the Solid of of the author. Let’s call that Pod A from User Z. Z has 60 friends, and I am a friend of number 54.
So, when I try to access the content, my application goes to Pod A and tells the pod that I am X and hands over my webID. Pod A immediately sees that I am not a friend of Z, so normally I wouldn’t see the content.
But Friend of friend is set, so…
…the pod goes to each pod of the 60 friends of Z and asks if they know me?
Or does the Pod periodically updates the friends of a friend list and keeps that data cached?
Neither way sounds very privacy-friendly nor efficient to me. Is friend-of-a-friend as access control option not really viable on Solid, or am I just missing something?