Yes, by design: https://docs.joinmastodon.org/methods/accounts/
IMO, the problem is not them taking the information per se, but in abusing that info to further the massive surveillance apparatus that harms society.
You know what’s funny? I would never use something like this (my own Lemmy client is absolutely terrible in comparison!). But I’m so happy that Alexandrite exists: it’s proof that programming and web development can still be experimental and loads of fun. Congrats to the developers!
Or at the very least make them unenforceable.
It certainly would make it a bit more impractical to enforce some of these silly laws. The new tooling provides a buffer and a way to route around some of that silliness.
You could perhaps argue that without the threat of these kinds of bills becoming reality, the impetus to develop this tooling in the first place may not have been enough to get it where it is today.
No this is not in the specification.
A malicious instance could in theory distribute this information but it would be non-standard. Of the 2 systems I’ve studied - Mastodon and Lemmy - neither do this.
In this scenario they would be talking about the IP address(es) of the services.