Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://akko.erincandescent.net/objects/e45dbcb6-8a86-44c6-8245-2dd91d83de66">Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Friday, 11-Oct-2024 02:44:31 JST</a><a href="https://akko.erincandescent.net/users/erincandescent" title="erincandescent@akko.erincandescent.net"><img src="https://gnusocial.jp/avatar/242079-48-20240514235327.webp" width="48" height="48" alt="Erin 💽✨" style="position: absolute; left: 0; top: 0;">Erin 💽✨</a><div><a href="https://mastodon.social/@trwnh/113284317756045196" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/19216" title="thisismissem@hachyderm.io">Emelia 👸🏻</a></li><li><a href="https://gnusocial.jp/user/85321" title="silverpill@mitra.social">silverpill</a></li></ul></div></section><article><p><a href="https://mastodon.social/@trwnh">@trwnh</a> <a href="https://community.nodebb.org/user/julian">@julian</a> <a href="https://hachyderm.io/@thisismissem">@thisismissem</a> <a href="https://mitra.social/users/silverpill">@silverpill</a> In any case I don’t think “origin based authentication” for fetches is a good idea for the simple reason that its not, to my knowledge, what implementations do today and it strongly risks leaking private posts. Certainly what the ActivityPub spec heavily implies if not outright says is that anything fetchable via a given identity should be visible to that identity, and I’m generally iffy on the idea of trying to make implementations execute potentially complicated ACLs on behalf of each other; that way is certainly a security disaster.</p><p>So that then leaves us with the question: is leaking the identity of the actor who has pasted a post’s URL into their instance’s search bar a real issue?</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3806586#notice-7446752">In conversation</a><time datetime="2024-10-11T02:44:31+09:00" title="Friday, 11-Oct-2024 02:44:31 JST">about a month ago</time> <span>from <span><a href="https://akko.erincandescent.net/objects/e45dbcb6-8a86-44c6-8245-2dd91d83de66" rel="external" title="Sent from akko.erincandescent.net via ActivityPub">akko.erincandescent.net</a></span></span><a href="https://akko.erincandescent.net/objects/e45dbcb6-8a86-44c6-8245-2dd91d83de66">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2926109">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Friday, 11-Oct-2024 02:44:31 JSTErin 💽✨
in reply to
@trwnh @julian @thisismissem @silverpill In any case I don’t think “origin based authentication” for fetches is a good idea for the simple reason that its not, to my knowledge, what implementations do today and it strongly risks leaking private posts. Certainly what the ActivityPub spec heavily implies if not outright says is that anything fetchable via a given identity should be visible to that identity, and I’m generally iffy on the idea of trying to make implementations execute potentially complicated ACLs on behalf of each other; that way is certainly a security disaster.
So that then leaves us with the question: is leaking the identity of the actor who has pasted a post’s URL into their instance’s search bar a real issue?
In conversationabout a month ago from akko.erincandescent.netpermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice