[nightpool]

"that add signature requirements to public APIs to reduce bot and spam load" Hmm? Are you talking about AUTHORIZED_FETCH? That's specifically an opt-in (and discouraged) feature that's meant to reduce the possibility of blocked instances retrieving your posts and displaying/replying to them on their own servers, it has nothing to do with bot or spam load.

"This isn't in the spec as a mandatory requirement, but if you don't do it then parts of the Fediverse won't be able to follow you."

I don't think this is true even when using AUTHORIZED_FETCH, Mastodon still displays the minimum set of Actor information necessary to complete a follow request (public key, username, etc), so I don't really know what this part of the post might be referring to.

[jeroenhd]

Authorized fetch is just one lever to pull in the massive moderation machine that Mastodon offers. On its own it's not very useful, but together with decent configuration it can help against scammers impersonating accounts on your server from a similar domain. Twitter is full of people who replicate other accounts and add random racist shit for some obscure reason (a deep grudge? Mental illness?) and without authorized fetch you'll have no way to effectively block such scrapers.

Enabling authorised fetch breaks federation with several other servers and some apps as well. Previously valid post IDs may suddenly become unavailable or break, which some services trying to backfill posts absolutely cannot deal with.

I believe actors are available as barebones actor information not to break federation completely, but I don't believe this type of compatibility is available for individual statuses.

Personally, I don't see why I shouldn't enable the setting on my own servers because the extra control it provides is probably worth it for the few exotic broken servers out there, but it's a gotcha if you expect the protocol to work as described in the spec alone.