Comment

Comment on The two most upvoted comments on any Lemmy instance are on Feddit.dk, but you won't see them on your own instance

<- View Parent

SorteKanin@feddit.dk ⁨1⁩ ⁨month⁩ ago

No, but how could it? Let’s say Feddit.dk receives a Like from mastodon.social. Then Feddit.dk would have to tell the other instances that mastodon.social sent that Like. But how can Feddit.dk prove that the Like actually did come from mastodon.social, i.e. it is not just a fabricated Like that Feddit.dk made up and hid by pretending it came from mastodon.social. That’s not easy.

source

Sort:hotnew top

rglullis@communick.news ⁨1⁩ ⁨month⁩ ago
The like is an activity. Any activity has an actor. Every actor has a public key. If the activity is sent with a cryptographic signature (like LD signatures, which Mastodon does implement) the any one can verify that the activity is legit.

source
- SorteKanin@feddit.dk ⁨1⁩ ⁨month⁩ ago
  Mastodon explicitly discourages support of LD signatures.
  
  source
  - rglullis@communick.news ⁨1⁩ ⁨month⁩ ago
    Discouraged, but still supported. There is also another FEP (forgot the code now) being worked on and implemented by Mitra.
    
    The point is that it is possible for an instance to federate an activity which is not originated by them.
    
    source
ShittyKopper@lemmy.blahaj.zone ⁨1⁩ ⁨month⁩ ago
I seriously doubt Lemmy currently does any validation whatsoever. There were communities using this blatant security issue for non-malicious purposes (see endlesstalk.org/c/tails@lemmon.website, which re-wrote posts from people (which is only possible if the posts weren’t validated)).

There is a way to re-share and validate remote activities, either through LD signatures (ew, JSON-LD processing :vomit:) (which only Mastodon and Misskey implement) or the newfangled FEP-8b32 Object Integrity Proofs (which nobody relevant on the microblogging space implements).

source
- SorteKanin@feddit.dk ⁨1⁩ ⁨month⁩ ago
  
  There were communities using this blatant security issue for non-malicious purposes (see endlesstalk.org/c/tails@lemmon.website, which re-wrote posts from people (which is only possible if the posts weren’t validated, or at least re-fetched from their origins)).
  
  The reason this is possible is because of the way Lemmy federates activities.
  
  When you on instance A post, comment or upvote something in a community on instance B, your instance sends the activity to instance B, regardless of the instance of who you’re replying to or upvoting. It is sent to the community, and the community then shares it out to all other instances. AFAIK, lemmy does nothing to verify that received content from a community actually comes from the original instance. See here for one of the main Lemmy devs commenting on this..
  
  Is this secure or reasonable? I’m honestly not sure but it doesn’t feel great. Signatures on objects could fix this I think.
  
  source
  - ShittyKopper@lemmy.blahaj.zone ⁨1⁩ ⁨month⁩ ago
    Instead of sending the entire object embedded in the activity the secure way would be to only the URI instead. This is permitted by JSON-LD.
    
    In the receiving side, if the object is untrusted (i.e. if it isn’t signed or if it’s from a separate authority from the parent object containing it) it should be thrown away and the id should be fetched from the remote instance directly. This is completely an oversight on Lemmy’s implementation and not a protocol problem.
    
    source
    SorteKanin@feddit.dk ⁨1⁩ ⁨month⁩ ago
    That would be a way to do it, but it seems needlessly wasteful as it requires an additional HTTP request. But yea, that could be a way.
    
    source
    -> View More Comments
iso@lemy.lol ⁨1⁩ ⁨month⁩ ago
You’re right, that’s worse.

source
finickydesert@lemmy.ml ⁨1⁩ ⁨month⁩ ago
I mean it could be proven by having every account create a cryptographic key and adding a public key to the vote. Memory might be an issue though.

source
- SorteKanin@feddit.dk ⁨1⁩ ⁨month⁩ ago
  This is in fact how Feddit.dk knows that the Like came from mastodon.social at first. The problem is that the signature is a HTTP Signature which is only associated with the HTTP request that mastodon.social makes to Feddit.dk. It is not on the Like object itself. Thus that signature can’t be transferred to the Like object if Feddit.dk wanted to share it further.
  
  source
  - skullgiver@popplesburger.hilciferous.nl ⁨1⁩ ⁨month⁩ ago
    [deleted]
    source
    SorteKanin@feddit.dk ⁨1⁩ ⁨month⁩ ago
    Yes, fetching the URL directly would be a way to verify it. I don’t know if Lemmy currently does that. In any case, it seems very round-about.
    
    source
    -> View More Comments
  - finickydesert@lemmy.ml ⁨1⁩ ⁨month⁩ ago
    So there’s no way for feddit.dk to translate into a Lemmy style upvote?
    
    source
    SorteKanin@feddit.dk ⁨1⁩ ⁨month⁩ ago
    There’s not such a thing as a “Lemmy style” upvote. It’s all Like objects under the hood shared via the ActivityPub protocol. But ActivityPub has no mechanism for sharing an activity further than the original receiver (i.e. forwarding from A to B to C and so on). It’s really only made for direct sharing from A to B.
    
    source
    -> View More Comments
  - muntedcrocodile@lemm.ee ⁨1⁩ ⁨month⁩ ago
    So we need to convince the mastodon devs to change it so the signature is on the like object itself.
    
    source
    SorteKanin@feddit.dk ⁨1⁩ ⁨month⁩ ago
    Unfortunately it is not that easy. It’s not Mastodon that places the signature like that, it is the ActivityPub protocol. Lemmy, Mastodon and all other ActivityPub instances do it this way. You’d need to extend or change the protocol to somehow fix this. That is not easy and not something that will be done overnight.
    
    source
    -> View More Comments