Show Navigation
Conversation
Notices
-
@bhtooefr @farhan
that also requires competently managing the cryptography. instead, we get 'message franking' so that a user's client can become a decryption oracle (for reporting purposes, but will most certainly be abused by nation states and other adversaries in the future)
-
oh hey, i'm back.
Mastodon has disclosed to its admins that a security hole where it does not properly handle `Reject Follow` at all.
however, this security hole has existed since 2018.
also, the "fix" is to patch every Mastodon instance, because yet again, the entire trust architecture of the fediverse is backwards.
here's the bottom line: any other peer you federate with can do WHATEVER THE HELL IT WANTS with your data. the fact that admins are having to scramble to patch is because the whole fucking thing is broken.
scopes cannot work as advertised, it's IMPOSSIBLE. you have to rethink this in terms of expanded collections instead of virtual collections.
and even then, a hostile node can choose to just not be conformant with the spec and publish everything it receives for the public to see.
but hey, keep playing internet feudalism with broken crap, i guess.
-
by the way, that security hole is specific to Mastodon. Pleroma, Hubzilla and even GNU Social's ActivityPub plugin handle Reject Follow correctly in their default configurations.
-
@farhan it's a problem if you expect scopes to behave as advertised, which they can't in a federated network
-
@bhtooefr @farhan
in our current global political climate, using the fediverse for anything requiring privacy is foolish. mastodon should either adopt E2EE without message franking by default, or drop the scopes. they are not remotely trustworthy, and every moment that they exist is begging someone to shoot themselves in the foot.