Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • rglullis@communick.news
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    11 months ago

    Not the point. The point that instances that are open for everyone will be open for bad actors as well.

    If the mere act of signing up to an instance requires a small payment, you are automatically preventing the absolute majority of spammers, “spray and pray” spammers and channer trolls.