Another dust-up with Dansup lol…
cross-posted from: https://lemmy.crimedad.work/post/903768
The author of the article characterizes their findings as a vulnerability in Pixelfed, that it was treating all follow requests as approved. An update has already been released to make Pixelfed honor that setting, but the vulnerability still exists with ActivityPub in the feature itself. It gives users a false expectation of privacy, which is not safe.
Email is not private. I think we’re running into a difference of definitions.
Stuff that random unauthorized people can read if they want to, even if the number of people is small, is not private. To me. Other people might have different definitions, but that’s the one I am using when I say “private.”
I agree, like you said in an earlier comment, they should be encrypted.