Untitled attachment

Notices where this attachment appears

1. Embed this notice
   Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Friday, 11-Oct-2024 02:44:31 JST Erin 💽✨

   in reply to

   @trwnh @julian @thisismissem @silverpill In any case I don’t think “origin based authentication” for fetches is a good idea for the simple reason that its not, to my knowledge, what implementations do today and it strongly risks leaking private posts. Certainly what the ActivityPub spec heavily implies if not outright says is that anything fetchable via a given identity should be visible to that identity, and I’m generally iffy on the idea of trying to make implementations execute potentially complicated ACLs on behalf of each other; that way is certainly a security disaster.

   So that then leaves us with the question: is leaking the identity of the actor who has pasted a post’s URL into their instance’s search bar a real issue?

2. Embed this notice
   AnarchoNinaWrites (anarchoninawrites@jorts.horse)'s status on Friday, 19-Jul-2024 10:20:25 JST AnarchoNinaWrites

   in reply to

   The difference between what YOU think, and what *I* am telling you, is that you're on some vibes and your opinion, and I'm looking at a bunch of numerical metrics that are demonstrating that you're fucking high and this is a complete fucking disaster.

   So unless you have a plan to become millions of voters, across multiple swing states, I am not all that interested in what you think and how you feel a way about it.