Email or username:

Password:

Forgot your password?
Top-level
DJ Sundog - from the toot-lab

@liaizon

hate it.

for the record, I emailed jimmy@heymaven.com when I saw your post and checked out their T&Cs. I informed him that he was violating my content licensing by scraping the toot-lab and gave him a reference link to my shadow profile on their service, and that if they persisted in misusing my posts I'd have to look at legal remedies, and he just replied and said he has "removed the data and will work this week to prevent future ingestion. Thanks and sorry for the inconvenience."

so, super annoying and mega-manual opt-out process, but the profile page pretending to be me is indeed now removed.

23 comments
DJ Sundog - from the toot-lab

@t54r4n1 I searched for "toot-lab" on their web client and it came up

pine "two cats" trees

@djsundog what the FUCK they scraped from inside the fedi with a login? we don't expose posts anywhere but they got ours

pine "two cats" trees

@djsundog ohohoho time to have a go at enforcing my bio

DJ Sundog - from the toot-lab

@t54r4n1 I'd laugh so hard as you took your fedi followers out to the nicest dinner the twin cities have to offer after the settlement check came through hahaha

DELETED

@t54r4n1 Do it! You specified the licensing terms and they accepted. Send them the bill.

@djsundog

DJ Sundog - from the toot-lab

@t54r4n1 I have a feeling they set up a fedi server specifically to get around authorized fetch issues

wakest ⁂

@djsundog @t54r4n1 wait so you had AUTHORIZED FETCH turned on that they still got all your shit?

wakest ⁂

@t54r4n1 @djsundog that means they were doing something explicitly fishy right? like that means you can't just hit the API like a normal client and ask for some posts

DELETED

@liaizon fwiw, authorized fetch is only going to stop another signed activitypub request if you have the domain suspended or operate on an allow list. Any legitimate AP request that is signed will go through otherwise.

I feel like they are pulling from mastodon.social's API streaming endpoint. So posts that end up on m.s' federated timeline are going to end up on there

@djsundog @t54r4n1

DJ Sundog - from the toot-lab

@witchy @liaizon @t54r4n1

so now that Jimmy jumped in thread and I had a quick look at his masto.soc profile, it looks like they are indeed implementing activitypub - mastodon.social/@jsecretan/wit - so, defederating from maven.ly should help; looks like they're currently using staging.maven.ly (see test account staging.maven.ly/mastodon/acto )but blocking the TLD is deffo the move imho

#fediblock

james

@djsundog @witchy @liaizon @t54r4n1

jesus fuck, thanks for this.

app.heymaven.com/profile/55909 found myself and other strangeobject users. will chat with Esther in a bit and move to suspend the entire domain, and tell our users how to opt out individually.

fucks sake

DJ Sundog - from the toot-lab replied to james

@james @witchy @liaizon @t54r4n1

always happy to spend a few minutes trying to keep the commons clean of the trash that invariably blows in haha ❤️

Jérôme

@liaizon @djsundog @t54r4n1 authorized fetch isn't meant to block a fedi server from federating. It's only when you blocked a server that authorized fetch comes into action.

Some details here: hub.sunny.garden/2023/06/28/wh

Esther Payne :bisexual_flag:

@djsundog @t54r4n1 I just searched for my name. It's there.

😒

@nexusofprivacy had you heard of maven?

Brian Hawthorne

@djsundog @t54r4n1 I don’t see a “search” feature on their UI. Nearly everything I click asks me to login.

[ Update: I found the search box finally. Looks like there are only posts from one infosec.exchange account. ]

DJ Sundog - from the toot-lab

@bhawthorne you have to click the "try web app" button next to the play store app buttons to get sent to app.heymaven.com/discover which then has a search box at the top

Brian Hawthorne

@djsundog @t54r4n1 Thanks. Apparently I AM there. Search didn’t find bhawthorne, but did find Brian Hawthorne.

Go Up