Conversation

TIL:

When following someone on a different server on the Fediverse, the remote server decides whether you are allowed to do so. This enables features like private accounts. Due to an implementation mistake, Pixelfed ignores this and allows anyone to follow even private accounts on other servers. When a legitimate user from a Pixelfed instance follows you on your locked fediverse account, anyone on that Pixelfed instance can read your private posts. You don’t need to be a Pixelfed user to be affected.

Pixelfed admins should update to v1.12.5 ASAP, but upgrading can be a major hurdle.

mystical.garden/@fionafokus/11…
fokus.cool/2025/03/25/pixelfed…

Leaving my personal history with the project aside for a moment, and also paying respect to the fact that it has been a volunteer-driven community project mainly handled by one single individual (which definitely sets certain boundaries in what's possible): There always has been this stance that "the pixelfed team" can focus on other challenges because "pixelfed is perfect". It isn't. It has never been, and it never will. The difficult nature of the ActivityPub standard adds to this, as does overall complexity of server software in the 2020s, but at the core here, safety, privacy, security is a matter of attitude, professional stance on things and, well, also the will to be humble and open and learning and willing to /see/ ones own limitations, rather than putting a likely-to-be huge load of users at risk. It's bad to see not even staying away from #pixelfed apparently helps here to stay safe. (But yes, at the very core this seems a somewhat unsettling flaw in the very design of the protocol itself.)

Public

Notices

Feeds