Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://gleasonator.com/objects/1cfd3d9b-b58c-48dd-acfd-20f9d2429d9a">Alex Gleason (alex@gleasonator.com)'s status on Saturday, 27-May-2023 04:37:11 JST</a><a href="https://gleasonator.com/users/alex" title="alex@gleasonator.com"><img src="https://gnusocial.jp/avatar/1712-48-20220726020642.webp" width="48" height="48" alt="Alex Gleason" style="position: absolute; left: 0; top: 0;">Alex Gleason</a><div><a href="https://rdrama.cc/objects/6c586d6e-f67c-4ae9-8b3c-d1a38e37e44c" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><a href="https://rdrama.cc/users/crunklord420">@crunklord420</a> Nope. It hits /api/v1/accounts/lookup where the username is the OAuth token encoded to look like a Nostr pubkey @ <a href="http://mostr.fedirelay.xyz">mostr.fedirelay.xyz</a>. This causes your server to make a federation request where they simply monitor the logs and pull the token out of the username... absolutely nuts. Read the code. <a href="https://i.poastcdn.org/4ed28ef4fa5e18bfa5c1f75a5c1cc759f7b718c0b600e7e2fcc6d0cdb0215f15.txt">https://i.poastcdn.org/4ed28ef4fa5e18bfa5c1f75a5c1cc759f7b718c0b600e7e2fcc6d0cdb0215f15.txt</a></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1591351#notice-3137808">In conversation</a><time datetime="2023-05-27T04:37:11+09:00" title="Saturday, 27-May-2023 04:37:11 JST">Saturday, 27-May-2023 04:37:11 JST</time> <span>from <span><a href="https://gleasonator.com/objects/1cfd3d9b-b58c-48dd-acfd-20f9d2429d9a" rel="external" title="Sent from gleasonator.com via ActivityPub">gleasonator.com</a></span></span><a href="https://gleasonator.com/objects/1cfd3d9b-b58c-48dd-acfd-20f9d2429d9a">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/1076520">Untitled attachment</a></label><br><div>Invalid filename.</div></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 27-May-2023 04:37:11 JSTAlex Gleason
in reply to
- CrunkLord420
@crunklord420 Nope. It hits /api/v1/accounts/lookup where the username is the OAuth token encoded to look like a Nostr pubkey @ mostr.fedirelay.xyz. This causes your server to make a federation request where they simply monitor the logs and pull the token out of the username... absolutely nuts. Read the code. https://i.poastcdn.org/4ed28ef4fa5e18bfa5c1f75a5c1cc759f7b718c0b600e7e2fcc6d0cdb0215f15.txt
In conversationSaturday, 27-May-2023 04:37:11 JST from gleasonator.compermalink
Attachments
1. Untitled attachment
  Invalid filename.

Public

Embed Notice

HTML Code

Corresponding Notice