Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • heavy@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    27
    ·
    1 year ago

    I agree with you, however there are issues with not just privacy but also authenticity. I should be able to post as me, even in public, and have a way to prove it. Nobody else should be posting information as me, if that makes sense.

    • rglullis@communick.news
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 year ago

      For that, we should start bringing our own private keys to the server, instead of trusting the server to control everything.

      And if we start doing that, pretty soon we will end up asking ourselves why do we need the server in the first place, and we will evolve to something like what nostr is doing.

      I’m all for it.

      • ttmrichter@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        …evolve to something like what nostr is doing.

        Giving places for cryptobros to wank without being pointed at and laughed at by their betters?

              • ttmrichter@lemmy.world
                link
                fedilink
                arrow-up
                4
                ·
                1 year ago

                When I see nostr users that number more than, say, six who aren’t also cryptobros, I’ll drop the nostr disrespect. Until then … 🤷‍♂️

                • rglullis@communick.news
                  link
                  fedilink
                  English
                  arrow-up
                  7
                  ·
                  edit-2
                  1 year ago

                  You are doing nothing but a strawman. Lemmy is developed by shit-for-brains tankies, yet there is no denying that their work has brought progress to the distributed web.

                  Same thing for nostr. Whether you like it or not, nostr “cryptobros” have shown a bunch of things that need improvement on the Fediverse and they are backing their words with actions and working code. You on the other hand have nothing but smug, pretentious bullshit to throw around.

                  • ttmrichter@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    3
                    ·
                    1 year ago

                    Again, when you can show me a cryptobro concentration lower than 99.44%, I’ll take nostr seriously. And when you can show it not turning into a Hellhole worse than Xhitter and Farcebook combined because of the very philosophy underpinning it, then I’ll think it’s actually worth looking at. (Hint: this is not possible.)

                    Until then I’ll call it what it is: a place for cryptobros to wank to their faux-libertarian fantasies.

    • 0x1C3B00DA@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Sure, but that’s already solved on the fediverse by using HTTP Signatures and isn’t related to Authorized Fetch.

      • heavy@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I meant to say generally, for folks that might read this comment and think problems surrounding the platform and security are solved.

    • ttmrichter@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Clear sign every post using a third-party application. Make your public keys known far and wide. Authenticity solved.