@Andres Interesting. I don't know how heavy these actions are in practice. I also filed a report about a specific case of inefficient federation, it's about user deletions: https://github.com/mastodon/mastodon/issues/21674
Top-level
@Andres Interesting. I don't know how heavy these actions are in practice. I also filed a report about a specific case of inefficient federation, it's about user deletions: https://github.com/mastodon/mastodon/issues/21674 4 comments
@Andres Yes, Aral famously is one such big user able to melt other people's instances. ;) https://ar.al/2022/11/09/is-the-fediverse-about-to-get-fryed-or-why-every-toot-is-also-a-potential-denial-of-service-attack/ However I think the far worse problem is that by default Mastodon doesn't control at all whether ActivityPub requests are coming from a "real" ActivityPub server/user, so I believe it's still easy to produce a spam wave like https://github.com/mastodon/mastodon/issues/21977 . @nemobis @nemobis |
@nemobis
Nice!
The interactions are not heavy at all, but those can be unlimited in amount, due to the lack of any rate-limit.
I imagine a 1 person DDoS is possible from a big instance to a smaller one.