A controversial developer circumvented one of Mastodon's primary tools for blocking bad actors, all so that his servers could connect to Threads.

Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • rglullis@communick.newsEnglish
    3·
    6 months ago

    Not the point. The point that instances that are open for everyone will be open for bad actors as well.

    If the mere act of signing up to an instance requires a small payment, you are automatically preventing the absolute majority of spammers, “spray and pray” scammers and channer trolls.