Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • rglullis@communick.news
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    For that, we should start bringing our own private keys to the server, instead of trusting the server to control everything.

    And if we start doing that, pretty soon we will end up asking ourselves why do we need the server in the first place, and we will evolve to something like what nostr is doing.

    I’m all for it.