174
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 26 Jul 2024
174 points (98.9% liked)
Fediverse
28518 readers
79 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 2 years ago
MODERATORS
Isn't there a mechanism for this? If the receiving instance doest respond the sending instance marks it as dead.
I think they do get marked as dead after the Bodis subdomain does not act as a Lemmy instance. But I was wondering if a large number of instances "waking up from the dead" and acting maliciously could cause some trouble. Or would such "undead" instances pose no more threat to the fediverse than the same number of newly created malicious instances ? I'm mainly thinking about stuff like being in a privileged position to DoS most instances at once, or impersonation of accounts that used to actually exist on these "undead" instances
From what I can tell, an instance is either 'linked' (federated) or 'blocked' (defederated) on Lemmy. Mastodon has some more granularity. If an instance came back as a zombie, it wouldn't be any more powerful privilege wise than a new instance that is malicious. It would get defederated same as always.
What could be a problem is on the individual user level. Say that a lot of users sort their feed by subscribed. They are not affected by random instances coming and going. However, they will be affected if a bunch of their (dead) subscribed communities suddenly become malicious.
It's an important point for sure.
Your sensitive data and logins are tied to email addresses, which are tied to domains. Lose your domain, someone can access everything.
I recently stumbled upon an article showing how bad this can be when the expired domains were used for important/serious stuff