Another dust-up with Dansup lol…

cross-posted from: https://lemmy.crimedad.work/post/903768

The author of the article characterizes their findings as a vulnerability in Pixelfed, that it was treating all follow requests as approved. An update has already been released to make Pixelfed honor that setting, but the vulnerability still exists with ActivityPub in the feature itself. It gives users a false expectation of privacy, which is not safe.

  • Rentlar@lemmy.ca
    link
    fedilink
    arrow-up
    3
    ·
    5 days ago

    The Mastodon folk that have an expectation that publishing stuff on the Fediverse could be private, makes no sense to my silly little Lemmibrain.

    That said it is a bug, it is worth being disclosed, it has been fixed, it wasn’t a malicious omission as far as I can tell. So chill. Dan is doing his best. Awareness is fine but constantly needing to make everything about him drama is unnecessary imo.

    • irelephant [he/him]🍭@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 days ago

      They can be private, if the instances you’re sending the post to co-operate. For example, all my followers on mastodon are on mastodon, sharkey, wafrn and gotosocial, these all comply and hide private posts, so if i set my posts to followers only, only they will get the post.

      • CrimeDadOPA
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 days ago

        Maybe I misunderstood, but I thought the issue was with the follower approval feature. Apparently on Mastodon, users have the option to review all prospective followers. With this setting enabled, no one is supposed to be able to just follow your account with a click. You have to approve each one. Pixelfed wasn’t honoring this setting. I think it’s a bad feature that gives anyone who uses it a false sense of security.

        • PhilipTheBucket@ponder.cat
          link
          fedilink
          arrow-up
          3
          ·
          5 days ago

          While we’re on the subject, all your votes on Lemmy are public, and Lemmy takes the same approach of “every software needs to agree to keep it a secret, and the ones that do not, don’t count, and the information is private because I say it’s supposed to be even if in practice it is not.” This should be more widely known.

        • irelephant [he/him]🍭@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          5 days ago

          Well, I was responding to the person who said private posts weren’t possible.

          AP is push based, meaning servers recieve posts, rather than servers pulling posts. When you make a post its sent to your followers inbox. If its public, anyone can see the post, it can be “boosted” into people’s timelines and it can be fetched with the url of the post. If its followers only, it will be sent to your followers inboxs, but it cannot be boosted, and the url will fail for anyone not authenticated.

          The followers thing seems to be that the post was sent to pixelfed.social, but it wasn’t made private. If I have no followers on pixelfed, and I don’t let anyone on pixelfed view my posts, then pixelfed.social will have no record of my post, and thus it cannot expose it.

          Consider email, a faulty, negliegent or malicious server could start publicly exposing emails, but if you send to emails to that server, the server cannot expose them.

      • PhilipTheBucket@ponder.cat
        link
        fedilink
        arrow-up
        3
        ·
        5 days ago

        Lemmy DMs can be private, if all the people who have the ability to look at them all agree not to. That’s not how it works, so Lemmy does the right thing and warns you that they are not private.

        Privacy systems that depend on broadcasting information and then requesting that everyone who isn’t supposed to receive it should not pay attention are fine, for some things, but they are not good privacy systems.

        • irelephant [he/him]🍭@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 days ago

          The same can be said about email, which is arguable private.

          The privacy warning is because instance admins can see dms, not because random servers can.

          • PhilipTheBucket@ponder.cat
            link
            fedilink
            arrow-up
            2
            ·
            5 days ago

            Email is not private. I think we’re running into a difference of definitions.

            Stuff that random unauthorized people can read if they want to, even if the number of people is small, is not private. To me. Other people might have different definitions, but that’s the one I am using when I say “private.”