293
submitted 9 months ago* (last edited 9 months ago) by i_have_no_enemies@lemmy.world to c/technology@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] ISometimesAdmin@the.coolest.zone 63 points 9 months ago

OP, this title is stupidly misleading and incorrect, you should change it immediately.

The Taliban seized the DOMAIN, aka the ownership of the queer.af name that people could type into their browsers, and their system would resolve into an IP address.

As the Taliban control Afghanistan, (see where the domain comes from), this was inevitable and the instance owners were already planning to retire the instance as they didn't want to give money to the Taliban to keep it up.

The INSTANCE, aka the physical server, was not in Afghanistan, and still has its IP address(es), and so has had absolutely nothing happen to it.

[-] ryan@the.coolest.zone 38 points 9 months ago

Unfortunately, I think due to the way ActivityPub works, the domain name is inexorably tied to the instance. Trying to migrate to a new domain name would break a lot of federation to my understanding.

It looks like someone posted an attempt at a workaround here (latest reply): https://github.com/mastodon/mastodon/issues/5774

But it does require the self-destruct button because the old domain name has to be erased from other servers.

[-] ISometimesAdmin@the.coolest.zone 7 points 9 months ago* (last edited 9 months ago)

Yep, the other workaround that's elsewhere in this thread is to set up an entry with a different authoritative DNS in the hosts file, allowing a single machine to resolve the old domain manually.

This could be part of a greater effort, basically asking other instances to help the users evacuate the instance and transfer their accounts, before running tootctl self-destruct

[-] phx@lemmy.ca 4 points 9 months ago

Does federation involve some sort of key exchange? If not, would that mean that if one loses control of a domain somebody could spin up a new Lemmy instance to spoof the old one and potentially harvest data?

[-] Natanael@slrpnk.net 2 points 9 months ago* (last edited 9 months ago)

Not in ActivityPub no.

The main privacy/security issue is mostly mitigated by the fact that there's a sync behavior for accounts and follows and distribution of content where the host can push revocation messages, triggering other servers to delete follows and wipe cached account data originating from that hosting server, which means that somebody who takes over a domain after a wipe can't imitate the exact same accounts. But old links can still be redirected because there's no way to verify what they were supposed to point to, so some degree of impersonation remains possible unless other servers agree to preemptively defederate...

[-] Lmaydev@programming.dev 4 points 9 months ago* (last edited 9 months ago)

Literally says domain in the title. Also says they seized the domain in the summary text below.

this post was submitted on 12 Feb 2024
293 points (89.9% liked)

Technology

59366 readers
1272 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS