@djsundog @t54r4n1 wait so you had AUTHORIZED FETCH...

wakest's posts Post Back to profile

Top-level

wakest ⁂

@djsundog @t54r4n1 wait so you had AUTHORIZED FETCH turned on that they still got all your shit?

Like 12 June at 14:04 | Open on social.wake.st

9 comments

pine "two cats" trees

@liaizon @djsundog a couple, yes

12 June at 14:06 | Open on mspsocial.net

wakest ⁂

@t54r4n1 @djsundog that means they were doing something explicitly fishy right? like that means you can't just hit the API like a normal client and ask for some posts

12 June at 14:16 | Open on social.wake.st

pine "two cats" trees

@liaizon @djsundog yep!

12 June at 14:21 | Open on mspsocial.net

DELETED

@liaizon fwiw, authorized fetch is only going to stop another signed activitypub request if you have the domain suspended or operate on an allow list. Any legitimate AP request that is signed will go through otherwise.

I feel like they are pulling from mastodon.social's API streaming endpoint. So posts that end up on m.s' federated timeline are going to end up on there

@djsundog @t54r4n1

12 June at 14:33 | Open on h-i.social

wakest ⁂

@witchy @djsundog @t54r4n1 ah yeah that makes sense, thanks

12 June at 14:45 | Open on social.wake.st

DJ Sundog - from the toot-lab

@witchy @liaizon @t54r4n1

so now that Jimmy jumped in thread and I had a quick look at his masto.soc profile, it looks like they are indeed implementing activitypub - https://mastodon.social/@jsecretan/with_replies - so, defederating from maven.ly should help; looks like they're currently using staging.maven.ly (see test account https://staging.maven.ly/mastodon/actor/1 )but blocking the TLD is deffo the move imho

#fediblock

12 June at 15:20 | Open on toot-lab.reclaim.technology

james

@djsundog @witchy @liaizon @t54r4n1

jesus fuck, thanks for this.

https://app.heymaven.com/profile/55909 found myself and other strangeobject users. will chat with Esther in a bit and move to suspend the entire domain, and tell our users how to opt out individually.

fucks sake

12 June at 15:22 | Open on strangeobject.space

DJ Sundog - from the toot-lab replied to james

@james @witchy @liaizon @t54r4n1

always happy to spend a few minutes trying to keep the commons clean of the trash that invariably blows in haha ❤️

12 June at 15:23 | Open on toot-lab.reclaim.technology

Jérôme

@liaizon @djsundog @t54r4n1 authorized fetch isn't meant to block a fedi server from federating. It's only when you blocked a server that authorized fetch comes into action.

Some details here: https://hub.sunny.garden/2023/06/28/what-does-authorized_fetch-actually-do/

12 June at 14:58 | Open on jasette.facil.services