Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • PeriodicallyPedantic
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I’m familiar with the Swiss cheese model and you make a good point.

    But even still, I think what we have now is insufficient, has other negative side effects too, and I don’t see a good path to make it sufficient.

    I was initially lamenting that social networks currently do a terrible job (dangerously negligent job) setting user expectations wrt privacy (or lack thereof). It’d be nice if social networks were upfront about the lack of privacy, and made the limitations of their tools inherently obvious. Sorry if it seems like I keep shifting goalposts, I keep changing the direction of the conversation as you give me interesting things to think about and discuss.

    I’m not suggesting that we copy Twitter’s model for anti-harassment, especially since The Idiot took it over.

    I’m suggesting that, rather than just double down on what exists now, you do a thought experiment with me where we explore a radical rethink of anti-harassment, and what it might look like if we don’t try to use privacy tools to accomplish it. I’m not convinced that there is no reasonable solution possible. Although the details would probably depend significantly on the type of social network (for example: microblogging vs reddit-like).