Recent "vulnerability": Pixelfed leaks private posts from other Fediverse instances
Recent "vulnerability": Pixelfed leaks private posts from other Fediverse instances
fokus.cool
Pixelfed leaks private posts from other Fediverse instances - fiona fokus
Another dust-up with Dansup lol...
cross-posted from: https://lemmy.crimedad.work/post/903768
The author of the article characterizes their findings as a vulnerability in Pixelfed, that it was treating all follow requests as approved. An update has already been released to make Pixelfed honor that setting, but the vulnerability still exists with ActivityPub in the feature itself. It gives users a false expectation of privacy, which is not safe.
The Mastodon folk that have an expectation that publishing stuff on the Fediverse could be private, makes no sense to my silly little Lemmibrain.
That said it is a bug, it is worth being disclosed, it has been fixed, it wasn't a malicious omission as far as I can tell. So chill. Dan is doing his best. Awareness is fine but constantly needing to make everything about him drama is unnecessary imo.
They can be private, if the instances you're sending the post to co-operate. For example, all my followers on mastodon are on mastodon, sharkey, wafrn and gotosocial, these all comply and hide private posts, so if i set my posts to followers only, only they will get the post.
Lemmy DMs can be private, if all the people who have the ability to look at them all agree not to. That’s not how it works, so Lemmy does the right thing and warns you that they are not private.
Privacy systems that depend on broadcasting information and then requesting that everyone who isn’t supposed to receive it should not pay attention are fine, for some things, but they are not good privacy systems.
Maybe I misunderstood, but I thought the issue was with the follower approval feature. Apparently on Mastodon, users have the option to review all prospective followers. With this setting enabled, no one is supposed to be able to just follow your account with a click. You have to approve each one. Pixelfed wasn't honoring this setting. I think it's a bad feature that gives anyone who uses it a false sense of security.