Bonfire Boundaries: A User Guide

View Source

Bonfire’s circles and boundaries system is a powerful tool with which you can create custom groups of contacts and grant them specific permissions to interact with you and your content. They can help you take control of your online presence and ensure that your data is shared only with the people you want.

Boundaries define who can do what with your posts or activities, by enabling you to privately assign specific interaction permissions to any set of individual users and circles (groups of users), putting you in full control of your content and relationships.

Do you want to let certain circles see a post or activity, while other circles can both see and reply? You can do that with Boundaries. Want to make a post publicly viewable by everyone except a few specific people who won’t be interested? You can do that, too.

Boundaries help you maintain the integrity of your content and connections, and they’re interwoven with many other Bonfire features—and our underlying design principles—so using Bonfire will be easier and more intuitive once you start working with Boundaries.

Definitions

Circles

A circle is simply a list of people. Bonfire comes with some default circles, like “guests” and “people I follow,” and you can also make your own, like “friends”, “classmates”, “monster movie fans” or “people who don’t like monster movies.”

Circles are a tool that can be used to establish relationships. They are representations of multifaceted relationships that you have with people in your life. Circles can help you understand the different levels of intimacy and trust you have with various people, as well as the different contexts or topics relevant to particular relationships. They can also help build stronger, healthier connections.

In Bonfire, you can define circles based on your unique style of relationships and interests. For example, you might create a circle for your colleagues, which can help you keep track of work-related content and collaborate with them more efficiently. You could also have a locals circle, with which you may share and discover local events, news, and recommendations. You might also create a comrades circle, to stay connected with fellow activists and organise around shared goals. Finally, you could create a happy hour circle, to coordinate social gatherings with local friends or colleagues, and the crew for your inner circle.

With circles, you have the flexibility to manage your relationships and social activities in a way that makes sense for you.

Roles

Roles are sets of permissions. Bonfire comes with default roles, like “editor” and “moderator,” and you can also make your own with different sets of permissions. (Learn more about roles.)

In Bonfire, roles allow you to assign a defined set of permissions to users or circles, enabling them to perform specific actions.

Each role represents a labeled set of permissions. Each permission, also called a "verb," defines an action someone can take regarding content. These verbs can have one of three values:

  • Yes: Permission is explicitly granted.
  • Neutral: The default value, neither granted nor denied.
  • No: Permission is explicitly denied.


Roles are crucial in defining the scope of engagement and participation. By assigning roles, you can establish specific permissions and restrictions, ensuring that users or circles have appropriate access and abilities based on their relationship with you, the purpose of the boundary, or the nature of the content to which they're applied.

Here are some preset roles and their associated actions:

  • Read: can discover the content in lists (like feeds) and read it; request permission for another verb (e.g., request to follow).

  • Interact: can read, plus like an object (and notify the author); follow a user or thread; boost an object (and notify the author); pin something to highlight it.

  • Participate: can interact, plus reply to an activity or post; mention a user or object (and notify them); send a message.

  • Contribute: can participate, plus create a post or other object; tag a user or object or publish in a topic.

  • Caretaker: can perform all of the above actions and more, including actions like deletion.

There are also negative roles, indicating actions which you specifically do not want to allow a particular circle or user to do, such as:

  • Cannot Read: not discoverable in lists or readable, and also can't interact or participate.

  • Cannot Interact: cannot perform any actions related to interaction, including liking, following, boosting, and pinning, and also can't participate.

  • Cannot Participate: cannot perform any actions related to participation, including replying, mentioning, and sending messages.

Negative roles simply limit or override any permissions defined elsewhere, ensuring that the specified actions are explicitly restricted.

Boundaries

Boundaries are limits that you set for yourself or others to define what you're comfortable with.

These limits can be physical, like curtains or doors; digital, like privacy settings on a social network; written, like codes of conduct; emotional, such as taking time for self-care; or mental, like choosing what you pay attention to. In Bonfire, boundaries help limit the types of interactions others may have with you or your posts.

Boundaries are important because they help you protect yourself, maintain your autonomy, and communicate your needs and expectations clearly.

A boundary in Bonfire defines who (which users or circles) can do what (have which roles) with regard to a post or activity.

Boundaries can include multiple circles with different roles, giving you precise control over access and interaction. For example, you might give some circles permission to edit a post, while restricting others from interacting with it at all. You can give a boundary a name and description to make it into a standard setting you can re-use.

How to use boundaries

There are some very simple ways to use Boundaries, like selecting an option from the screen that appears when you publish a post/activity. For more advanced uses, we’ve built powerful controls and settings, and this guide will walk you through the key elements so you can effectively master this essential part of the Bonfire framework.

Quick Start: Setting a Boundary

  1. Write your post.

  2. Click the boundary dropdown (which displays the currently selected or default boundary, for example “Public”).

  3. Choose the “Local” boundary preset so only allow local users on your instance to see and reply to your post.

  4. Done! You’ve set a boundary.

Detailed guide to using boundaries

Whenever you publish a post, you can specify a Boundary from a list. You may pick from some default options, such as:

  • Public
  • Local Only
  • Following Only
  • Unlisted

Alternatively, you can use Boundary presets you’ve previously defined in your Boundary settings, which will appear in the drop-down list once set up.

If you want to tweak access or interaction permissions without setting up a new Boundary, you can use the “Advanced permissions” button to quickly grant or revoke permissions on the fly. For example, you could grant “admin” access to Ursula K. Le Guin while restricting interaction for another user, such as Bomelita.

Advanced permissions allows you to easily override and personalize your permissions for each specific post without needing to create a new Boundary each time, but if you find yourself making the same tweaks more than once or twice, you can hop into Boundary presets and set up a new one by giving it a name, selecting one or more circles, and assigning a role to each circle.

If you find yourself making the same changes repeatedly, you might want to create a new preset.

To do so, visit the Boundary presets page in your settings. There, you can create a new preset by adding a name and an optional description, then selecting one or more circles and assigning a role to each.

Once created, the Boundary will automatically be added to the composer Boundary list [fig. 6]. You can still control which Boundaries are shown in the composer list, as well as set your default active Boundary in the Boundary extension settings.

How Bonfire handles conflicting or complex sets of permissions

Since any Boundary can include multiple circles—each with its own role—and users may belong to several circles, the system must resolve situations where a user receives conflicting permissions.

For example, imagine you want to share a post publicly, but you want one specific circle to be unable to interact with the post (e.g., like or reply), while also allowing close collaborators to read, interact, and even edit it.

Bonfire handles these scenarios by merging all permissions from the different roles assigned to each circle in the Boundary, always applying the most restrictive permission for each user.

In this example, if a close collaborator (who should normally be able to interact and edit) also belongs to the circle that cannot interact, Bonfire will resolve their final permission to “cannot interact.”

To summarize:

  • No overrides both Neutral and Yes.
  • Yes is only granted if no other role explicitly denies it.

Or, more succinctly: No > Yes > Neutral

This cautious approach ensures that actions are never accidentally permitted. If a permission has been explicitly denied, it cannot be overridden by another role assigning it as Yes. Users must intentionally and explicitly set permissions to grant access or allow interaction, giving you consistent control over what others can do.

Understanding the final set of permissions applied to a user who belongs to multiple circles can be challenging. That’s why Bonfire provides a feature that allows you to look up a single user and preview the computed permissions associated with them.

How Boundaries federate

Boundaries in Bonfire are a technical tool for a primarily social mechanism for local control — not global enforcement. They give you powerful tools to decide what you see and how your content is shared, but they can’t (and shouldn’t) dictate what others do on their own terms.

Think of a boundary like a curtain:

• You can close it to block out what you don’t want to see.

• You can open it to share something with specific people.

• But you can’t control what others do behind their own curtains — or what happens in the street outside.

This distinction matters in a federated environment, where content flows across independently operated apps and servers.

✅ What boundaries can do

• Define who can see, reply to, or interact with content within your Bonfire instance.

• Deliver a post to specific people (and not to others) on remote servers — e.g. someone in your circle can receive the post, but someone you blocked won’t.

• Filter or ignore unwanted interactions based on your chosen roles — for example, you won’t see replies from someone you’ve marked as “cannot participate.”

⚠️ What boundaries can’t do

• Prevent someone from copying, screenshotting, or reposting something you shared with them.

• Block someone outside your instance from attempting to interact in a way you disallowed (e.g. replying to a “read-only” post) — their instance may still let them do it (and share it with their followers), though your instance will reject and won’t share it with you or your followers.

• Hide public posts from specific people — “cannot read” doesn’t work on content already made public.

• Guarantee that a remote instance will understand or enforce your permissions, as there is currently no widely supported standard for per-user permissions on federated objects (and even if there were, other apps would need to implement and all instances would need to respect them).

• Prevent server administrators of remote instances from accessing your content, since there is no end-to-end encryption (content is encrypted in transit but stored in plaintext on the server). If you need strong guarantees of privacy, consider using end-to-end encrypted tools like Signal.

In technical terms, Bonfire uses ActivityPub and related standards to express and transmit boundaries to other fediverse apps.

For example, if you create a post with a custom boundary (“Only Friends and Colleagues can reply”), Bonfire encodes that into a standard ActivityPub message. Only the intended recipients get it — much like BCC in email. If someone isn’t in the allowed audience, they won’t receive the post at all — unless it’s also marked as “public.”

In short, boundaries give you meaningful control over what you share and what you see — but not absolute control over the network.