2y ago

Authorized Fetch Circumvented by Alt-Right Developers

Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

Privacy @lemmy.ml

btp @kbin.social

2y ago

wedistribute.org /2023/12/authorized-fetch-circumvented/

Fediverse @kbin.social

deadsuperhero @kbin.social

2y ago

Authorized Fetch Circumvented by Alt-Right Developers

wedistribute.org /2023/12/authorized-fetch-circumvented/

Fediverse @lemmy.world

Sean Tilley @lemmy.world

2y ago

Authorized Fetch Circumvented by Alt-Right Developers

wedistribute.org /2023/12/authorized-fetch-circumvented/

11 comments

The article doesn't say, did they fix it?
- Why would they fix it?
  Fixing this in general is not so easy as ActivityPub wasn't designed to prevent such things and AFAIK without some fundamental changes like proposed in Spritely or implemented in the Zot protocol it can't really prevent this from happening.
  
  Why would you want threads and/or alt right people to be able to get around blocks?
A thread linking to the blog post where they bragged about it.
@cadusilva@bolha.one