FediverseEnglish • 1 year ago

Authorized Fetch Circumvented by Alt-Right Developers

wedistribute.org

176

Authorized Fetch Circumvented by Alt-Right Developers

wedistribute.org

FediverseEnglish • 1 year ago

A controversial developer circumvented one of Mastodon's primary tools for blocking bad actors, all so that his servers could connect to Threads.

Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

Chat

@ttmrichter
link
English
-1•1 year ago
Clear sign every post using a third-party application. Make your public keys known far and wide. Authenticity solved.
- Natanael
  link
  fedilink
  English
  5•1 year ago
  And now we’re dealing with key management instead
  - @ttmrichter
    link
    2•1 year ago
    You always need key management if you have decentralized authentication.
  - @ttmrichter
    link
    0•1 year ago
    You always need key management if you have decentralized authentication.

Fediverse

[email protected]

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

A community to talk about the Fediverse and all it’s related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

1.97K users / day
4.62K users / week
8.83K users / month
15.3K users / 6 months
29.5K subscribers
2.08K Posts
75.3K Comments
Modlog