repost
· · to read

I strongly encourage you to demand your Mastodon instance use AUTHORIZED_FETCH.

The basic story is this:
If you block someone, you can’t see them & their posts, etc. BUT without AF, they can still see you & your posts.

What does AUTHORIZED_FETCH actually do?
https://hub.sunny.garden/2023/06/28/what-does-authorized_fetch-actually-do/

Why AUTHORIZED_FETCH isn’t defaulted on… Knowing what I now know, I would move to a new instance if my admin would not turn AF on. It’s a huge security issue.

It’s a stalkers field day without AUTHORIZED_FETCH.

@Yehuda

Leave a comment
Categories

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)