Authorized Fetch Circumvented by Alt-Right Developers
Authorized Fetch Circumvented by Alt-Right Developers

wedistribute.org
Authorized Fetch Circumvented by Alt-Right Developers

Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
The article doesn't say, did they fix it?
Why would they fix it?
Fixing this in general is not so easy as ActivityPub wasn't designed to prevent such things and AFAIK without some fundamental changes like proposed in Spritely or implemented in the Zot protocol it can't really prevent this from happening.
Why would you want threads and/or alt right people to be able to get around blocks?