@Andres Yes, Aral famously is one such big user able...

@Andres Yes, Aral famously is one such big user able to melt other people's instances. ;) https://ar.al/2022/11/09/is-the-fediverse-about-to-get-fryed-or-why-every-toot-is-also-a-potential-denial-of-service-attack/

However I think the far worse problem is that by default Mastodon doesn't control at all whether ActivityPub requests are coming from a "real" ActivityPub server/user, so I believe it's still easy to produce a spam wave like https://github.com/mastodon/mastodon/issues/21977 .

Like 9 Jul 2023 at 21:19 | Open on mamot.fr

2 comments

Andres Jalinton

@nemobis
Thanks for the link to Aral's article!
Yes I have been thinking about exactly that an how a potential millions-of-followers user back in Threads would kill any instance.

9 Jul 2023 at 21:25 | Open on mastodon.hardcoredevs.com

Andres Jalinton

@nemobis
I have found the original post:
https://ar.al/2022/11/09/is-the-fediverse-about-to-get-fryed-or-why-every-toot-is-also-a-potential-denial-of-service-attack/
There is a lot of nice graphs there!

9 Jul 2023 at 21:35 | Open on mastodon.hardcoredevs.com