• SorteKaninA
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    edit-2
    10 months ago

    A rogue instance can very easily just hijack all sorts of federated content and force it into a certain state as desired.

    I’m really not sure what you mean by this, can you elaborate?

    There is not really any mechanism for tracking source authority for federated updates, and there are definitely already signs that this is getting exploited to promote certain content and fuck with vote totals IMO.

    I’m not sure what you mean by “not any mechanism for tracking source authority”. Admins on their own instance are in control of what happens to the content and they’ll know if another site edits content or whatever as that is sent as requests in ActivityPub.

    What are the signs you’re referring to?

    • Turun@feddit.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      Are updates authenticated? Or can I send an update to lemmy.world from 123.123.123.123 (which is not the IP address of feddit.de) that you have edited your comment to say “I don’t like pizza”?

      If updates are not authenticated this really could be a big problem.

      • SorteKaninA
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        10 months ago

        You cannot do that, no. Edits are authenticated in the sense that the request must come from the instance of the user.

        Your admin could in principle send such a request for you. But then you’re talking about a malicious admin and then all bets are off. Obviously admins are in full control of everything on their own instance, including being able to edit their own users stuff. Not that any reasonable admin would do that.