Comment on Pixelfed leaks private posts from other Fediverse instances

<- View Parent
LWD@lemm.ee ⁨1⁩ ⁨week⁩ ago

Search that specification for “private.” You’ll find precisely one reference to it…

It might be better to look for what the article mentions: “manuallyApprovesFollowers”, and it is explicit about what to do when that value is set to true. I don’t understand how you’re confused by it.

Mastodon, in general, is regarded as careless with safety.

Regardless, two wrongs don’t make a right, and I found the description of how to properly handle a security issue as discussed in the article to be appropriate. For example, collaborating with administrators of large instances.

The “security issue” is created on Mastodon’s side

Are we reading the same article? I realize this isn’t the first time you implied this, but I thought I must have been mistaken.

From the original post: “Importantly, your Mastodon or GoToSocial instance isn’t handing your private posts to any random server, just because it asks.”

Mastodon is behaving. Pixelfed was not. Pixelfed fixed the security issue because it was their issue…

source
Sort:hotnewtop