Commit bf50a52a authored by kaniini's avatar kaniini

add note about activitypub object fetching being unauthenticated

parent 6c5c90a9
......@@ -147,3 +147,14 @@ with the software for both networks is available in the [Pleroma wiki][dark-web]
### An instance I blocked is still getting messages from my instance!
Unfortunately, this is due to a failing in ActivityPub's design from a security
perspective. Presently, ActivityPub object fetching is unauthenticated, so blocks
cannot be enforced when fetching objects, as your instance has no idea who is
fetching the object.
Various solutions have been suggested for adding an authentication requirement,
though, so stay tuned. This might be one of the *many* ActivityPub leaks that
actually gets plugged.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment