173

Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

you are viewing a single comment's thread
view the rest of the comments
[-] rglullis@communick.news 122 points 11 months ago* (last edited 11 months ago)

Repeat after me: anything I write on the internet should be treated as public information. If I want to keep any conversation private, I will not post it in a public website.

[-] heavy@sh.itjust.works 25 points 11 months ago

I agree with you, however there are issues with not just privacy but also authenticity. I should be able to post as me, even in public, and have a way to prove it. Nobody else should be posting information as me, if that makes sense.

[-] rglullis@communick.news 14 points 11 months ago

For that, we should start bringing our own private keys to the server, instead of trusting the server to control everything.

And if we start doing that, pretty soon we will end up asking ourselves why do we need the server in the first place, and we will evolve to something like what nostr is doing.

I'm all for it.

[-] ttmrichter@lemmy.world 2 points 11 months ago

...evolve to something like what nostr is doing.

Giving places for cryptobros to wank without being pointed at and laughed at by their betters?

[-] rglullis@communick.news 10 points 11 months ago

No. You are thinking of Discord.

[-] ttmrichter@lemmy.world 0 points 11 months ago

I'm pretty sure that 99.44% of nostr is cryptobros.

[-] rglullis@communick.news 4 points 11 months ago

My friend, you suck at trolling. Can you just let it go?

[-] ttmrichter@lemmy.world -2 points 11 months ago

When I see nostr users that number more than, say, six who aren't also cryptobros, I'll drop the nostr disrespect. Until then ... ๐Ÿคทโ€โ™‚๏ธ

[-] rglullis@communick.news 6 points 11 months ago* (last edited 11 months ago)

You are doing nothing but a strawman. Lemmy is developed by shit-for-brains tankies, yet there is no denying that their work has brought progress to the distributed web.

Same thing for nostr. Whether you like it or not, nostr "cryptobros" have shown a bunch of things that need improvement on the Fediverse and they are backing their words with actions and working code. You on the other hand have nothing but smug, pretentious bullshit to throw around.

[-] ttmrichter@lemmy.world -3 points 11 months ago

Again, when you can show me a cryptobro concentration lower than 99.44%, I'll take nostr seriously. And when you can show it not turning into a Hellhole worse than Xhitter and Farcebook combined because of the very philosophy underpinning it, then I'll think it's actually worth looking at. (Hint: this is not possible.)

Until then I'll call it what it is: a place for cryptobros to wank to their faux-libertarian fantasies.

[-] deafboy@lemmy.world 3 points 11 months ago
[-] ttmrichter@lemmy.world 0 points 11 months ago

And yet has overwhelmingly cryptobros.

[-] Supermariofan67@programming.dev 3 points 11 months ago

Do you realize that you are fighting against an open Internet?

[-] ttmrichter@lemmy.world -1 points 11 months ago

I am mocking cryptobro fantasies and their favoured lines of communication.

[-] chicken@lemmy.dbzer0.com 2 points 11 months ago

Not really, you're saying if people you dislike are associated with something then you automatically write it off without understanding it. That's self mockery.

[-] ttmrichter@lemmy.world -1 points 11 months ago

Whatever you say, child. Buh-bye.

[-] 0x1C3B00DA@kbin.social 4 points 11 months ago

Sure, but that's already solved on the fediverse by using HTTP Signatures and isn't related to Authorized Fetch.

[-] heavy@sh.itjust.works 2 points 11 months ago

I meant to say generally, for folks that might read this comment and think problems surrounding the platform and security are solved.

[-] ttmrichter@lemmy.world -1 points 11 months ago

Clear sign every post using a third-party application. Make your public keys known far and wide. Authenticity solved.

[-] Natanael@slrpnk.net 4 points 11 months ago

And now we're dealing with key management instead

[-] ttmrichter@lemmy.world 2 points 11 months ago

You always need key management if you have decentralized authentication.

[-] ttmrichter@lemmy.world 0 points 11 months ago

You always need key management if you have decentralized authentication.

[-] sj_zero@lotide.fbxl.net 5 points 11 months ago

Seriously. Bobthenazi could just go to an aligned server and make an account Bobthenotzi and boom -- perfectly able to follow whoever he wants.

[-] rglullis@communick.news 4 points 11 months ago* (last edited 11 months ago)

One more reason to argue that we should drop the idea of "aligned" servers and that we are moving to a future where it is better to charge (small) amounts from everyone instead of depending on (large) donations from a few.

[-] sj_zero@lotide.fbxl.net 3 points 11 months ago

Ideally, a distributed fediverse wouldn't need much in terms of donations because it's a bunch of small instances instead of a few huge ones.

[-] rglullis@communick.news 3 points 11 months ago* (last edited 11 months ago)

Not the point. The point that instances that are open for everyone will be open for bad actors as well.

If the mere act of signing up to an instance requires a small payment, you are automatically preventing the absolute majority of spammers, "spray and pray" scammers and channer trolls.

[-] spaduf@slrpnk.net 5 points 11 months ago

To add a bit of important nuance to this idea (particularly how this argument comes up with regards to threads). This does not apply to legal rights over your content. That is to say, of course you should treat any information you put out there as out of your control with regards to access but if somebody tries to claim legal rights over your content they are probably breaking the law.

[-] rglullis@communick.news 6 points 11 months ago

Right. Publicly available does not mean in public domain. But the issue here is not of copyright, but merely of gated access.

[-] spaduf@slrpnk.net 2 points 11 months ago* (last edited 11 months ago)

Totally. I'm just trying to bring it up whenever I see folks having this discussion because some people don't seem to make the distinction. Worries me that some are so willing to cede that big social will illegally hoover up our data and there's nothing we can do about it.

this post was submitted on 26 Dec 2023
173 points (96.3% liked)

Fediverse

28493 readers
447 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS