Father; husband; mechanical engineer. Posting from my self-hosted Lemmy instance here in beautiful New Jersey. I also post from my Pixelfed instance.

  • 1 Post
  • 3 Comments
Joined 2Y ago
cake
Cake day: Jul 29, 2023
help-circle
rss
CrimeDadtoFediLore + [email protected]Antinatalism mod allegedly bombs fertility clinic
link
fedilink
121M

We’ve got to do something about these mods, folks.

link
fedilink
CrimeDad
creator
toFediLore + [email protected]Recent "vulnerability": Pixelfed leaks private posts from other Fediverse instances
link
fedilink
English
13M

I didn’t even consider that, but yes if votes can’t be private then it’s bad to pretend that they are. It looks like there’s been some debate on the topic, but the decision was apparently to keep pretending.

link
fedilink
CrimeDad
creator
toFediLore + [email protected]Recent "vulnerability": Pixelfed leaks private posts from other Fediverse instances
link
fedilink
English
73M

Maybe I misunderstood, but I thought the issue was with the follower approval feature. Apparently on Mastodon, users have the option to review all prospective followers. With this setting enabled, no one is supposed to be able to just follow your account with a click. You have to approve each one. Pixelfed wasn’t honoring this setting. I think it’s a bad feature that gives anyone who uses it a false sense of security.

link
fedilink
Recent “vulnerability”: Pixelfed leaks private posts from other Fediverse instances
Another dust-up with Dansup lol... cross-posted from: https://lemmy.crimedad.work/post/903768 > The author of the article characterizes their findings as a vulnerability in Pixelfed, that it was treating all follow requests as approved. An update has already been released to make Pixelfed honor that setting, but the vulnerability still exists with ActivityPub in the feature itself. It gives users a false expectation of privacy, which is not safe.
fedilink
30
Recent “vulnerability”: Pixelfed leaks private posts from other Fediverse instances
fedilink