Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • froggers
    link
    English
    -45
    edit-2
    1 year ago

    anything I write on the internet should be treated as my private information. If I want to keep any conversation private, I will still post it in a public website.

    EDIT: I’m so sorry that my stupid comment offended some people. Always forget how special some people can be on this website. Once again I’m sorry for my lack of better judgement.

      • froggers
        link
        English
        -81 year ago

        About as triggered as those who downvoted me.

        • @[email protected]
          link
          fedilink
          English
          81 year ago

          No, you’re right. Everyone who downvoted probably also went on an angry tirade first, but they just didn’t type it out. Totally the same. 👍

    • @solrize
      link
      English
      41 year ago

      I don’t think your comment was offensive per se. It was just ridiculously naive. If we are trying to build practical tools, they have to fit how things work in the real world, not how they work in anybody’s dreams. If you want to have private conversations on a public website, use encryption.