- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
Repeat after me: anything I write on the internet should be treated as public information. If I want to keep any conversation private, I will not post it in a public website.
I agree with you, however there are issues with not just privacy but also authenticity. I should be able to post as me, even in public, and have a way to prove it. Nobody else should be posting information as me, if that makes sense.
Sure, but that’s already solved on the fediverse by using HTTP Signatures and isn’t related to Authorized Fetch.
I meant to say generally, for folks that might read this comment and think problems surrounding the platform and security are solved.
For that, we should start bringing our own private keys to the server, instead of trusting the server to control everything.
And if we start doing that, pretty soon we will end up asking ourselves why do we need the server in the first place, and we will evolve to something like what nostr is doing.
I’m all for it.
Giving places for cryptobros to wank without being pointed at and laughed at by their betters?
No. You are thinking of Discord.
I’m pretty sure that 99.44% of nostr is cryptobros.
My friend, you suck at trolling. Can you just let it go?
When I see nostr users that number more than, say, six who aren’t also cryptobros, I’ll drop the nostr disrespect. Until then … 🤷♂️
Clear sign every post using a third-party application. Make your public keys known far and wide. Authenticity solved.
And now we’re dealing with key management instead
You always need key management if you have decentralized authentication.
You always need key management if you have decentralized authentication.
To add a bit of important nuance to this idea (particularly how this argument comes up with regards to threads). This does not apply to legal rights over your content. That is to say, of course you should treat any information you put out there as out of your control with regards to access but if somebody tries to claim legal rights over your content they are probably breaking the law.
Right. Publicly available does not mean in public domain. But the issue here is not of copyright, but merely of gated access.
anything I write on the internet should be treated as my private information. If I want to keep any conversation private, I will still post it in a public website.
EDIT: I’m so sorry that my stupid comment offended some people. Always forget how special some people can be on this website. Once again I’m sorry for my lack of better judgement.
Wow, why are you so triggered just because some people didn’t think you were funny?
?
He thought he was funny, he repeated what the above poster said to repeat.
I don’t think your comment was offensive per se. It was just ridiculously naive. If we are trying to build practical tools, they have to fit how things work in the real world, not how they work in anybody’s dreams. If you want to have private conversations on a public website, use encryption.