173
Authorized Fetch Circumvented by Alt-Right Developers
(wedistribute.org)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 26 Dec 2023
173 points (96.3% liked)
Fediverse
28493 readers
446 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 2 years ago
MODERATORS
Authorised Fetch existed long before Instagram Threads. When it is turned on, an instance will require any other server to sign their request to fetch any post. This prevents "leaking" of posts via ActivityPub to blocked instances.
This setting is turned off by default, because some software are incompatible with it (like /kbin, Pixelfed before June 2023, maybe Lemmy too), because it makes server load higher, and it may make some replies missing (at least on microblogging side).
Oh I see. Yeah that sounds pretty hopeless. Does it use the fetching site's domain validated TLS certificate? Is the idea to permit fetching unless the fetching domain is on a blacklist? If yes, someone didn't have their thinking cap on. The whole concept is dumb though, there is no way to prevent posts from leaking. The saying is that once 3 people know a secret, it is no longer secret.