The author of the article characterizes their findings as a vulnerability in Pixelfed, that it was treating all follow requests as approved. An update has already been released to make Pixelfed honor that setting, but the vulnerability still exists with ActivityPub in the feature itself. It gives users a false expectation of privacy, which is not safe.
Email is not private. I think we’re running into a difference of definitions.
Stuff that random unauthorized people can read if they want to, even if the number of people is small, is not private. To me. Other people might have different definitions, but that’s the one I am using when I say “private.”
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
Rules
Any drama must be posted as an observer, you cannot post drama that you are involved with.
When posting screenshots of drama, you must obscure the identity of all the participants.
The poster must have a credible post and comment history before submitting a piece of history. This is to avoid sock-puppetry and witch hunts.
The usual instance-wide rules also apply.
Chronicle the life and tale of the fediverse (+ matrix)
Largely a sublemmy about capturing drama, from fediverse spanning drama to just lemmy drama.
Includes lore like how a instance got it’s name, how an instance got defederated, how an admin got doxxed, fedihistory etc
(New) This sub’s intentions is to an archive/newspaper, as in preferably don’t get into fights with each other or the ppl featured in the drama
Email is not private. I think we’re running into a difference of definitions.
Stuff that random unauthorized people can read if they want to, even if the number of people is small, is not private. To me. Other people might have different definitions, but that’s the one I am using when I say “private.”
I agree, like you said in an earlier comment, they should be encrypted.