Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • @solrize
    link
    English
    411 months ago

    I don’t think your comment was offensive per se. It was just ridiculously naive. If we are trying to build practical tools, they have to fit how things work in the real world, not how they work in anybody’s dreams. If you want to have private conversations on a public website, use encryption.