Fediverse @lemmy.ml Sean Tilley @lemmy.ml 10 mo. ago

Authorized Fetch Circumvented by Alt-Right Developers

wedistribute.org Authorized Fetch Circumvented by Alt-Right Developers

A controversial developer circumvented one of Mastodon's primary tools for blocking bad actors, all so that his servers could connect to Threads.

Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

Privacy @lemmy.ml btp @kbin.social 10 mo. ago

Authorized Fetch Circumvented by Alt-Right Developers

wedistribute.org /2023/12/authorized-fetch-circumvented/

Fediverse @kbin.social deadsuperhero @kbin.social 10 mo. ago

Authorized Fetch Circumvented by Alt-Right Developers

wedistribute.org /2023/12/authorized-fetch-circumvented/

Fediverse @lemmy.world Sean Tilley @lemmy.world 10 mo. ago

Authorized Fetch Circumvented by Alt-Right Developers

wedistribute.org /2023/12/authorized-fetch-circumvented/

11 comments

The article doesn't say, did they fix it?
- Why would they fix it?
  
  Fixing this in general is not so easy as ActivityPub wasn't designed to prevent such things and AFAIK without some fundamental changes like proposed in Spritely or implemented in the Zot protocol it can't really prevent this from happening.
  
  Why would you want threads and/or alt right people to be able to get around blocks?
A thread linking to the blog post where they bragged about it.
@cadusilva@bolha.one

You've viewed 11 comments.