AwesomeLowlander

  • 127 Posts
  • 1.5K Comments
Joined 9 months ago
cake
Cake day: July 12th, 2024

help-circle




  • Not me who downvoted you, FYI.

    To me, a vulnerability is something unforeseen, that allows bad actors to exploit the system in an unintended manner. In this case, the system is working perfectly as designed. Just because another system decided to implement a new feature without consulting anybody else, does not make it a vulnerability. Or perhaps it does, but with the vulnerability on the side of Mastodon, since they’re the ones telling their users their post is private when it is actually nothing of the sort.

    What would I call it? An unsupported feature. One that Mastodon forced everybody else to implement without asking or any respect.






  • I’m not sure you can make that conclusion. This isn’t a real vulnerability, and this isn’t a surprise to anybody who knows how the AP protocol works. Dansup didn’t reveal anything that was previously unknown, the blog author just has an axe to grind. It’s unfair to assume that an actual 0 day vulnerability would have been treated the same way.



  • AwesomeLowlandertoFediverse@lemmy.worldThe fediverse has a bullying problem
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    2
    ·
    edit-2
    1 day ago

    To keep it secure from the servers themself would require users to handle the encryption. See PGP for an idea of how much uptake that’s likely to get. If you mean for the servers to handle the encryption, that’s already the case, and the issue right now is that servers are privy to what users do, and by nature are a 3rd party in the convo.