A controversial developer circumvented one of Mastodon's primary tools for blocking bad actors, all so that his servers could connect to Threads.

Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • 0x1C3B00DA@kbin.social
    51·
    6 months ago

    Sure, but that’s already solved on the fediverse by using HTTP Signatures and isn’t related to Authorized Fetch.

    • heavy@sh.itjust.worksEnglish
      2·
      6 months ago

      I meant to say generally, for folks that might read this comment and think problems surrounding the platform and security are solved.