Wander@yiffit.net to

Fediverse@lemmy.worldEnglish · 1 year ago

ActivityPub: what stops a malicious actor to post from domains they don't own?

4

1

ActivityPub: what stops a malicious actor to post from domains they don't own?

Wander@yiffit.net to

Fediverse@lemmy.worldEnglish · 1 year ago

4

I’m trying to better understand Activitypub and I understand that there’s a signature to avoid forgeries of known accounts.

However I’m having trouble understanding what prevents a malicious actor from sending a private spam message supposedly from a never before seen account name with valid generated key pair but for a domain they’ve never bought since there is no DNS lookup or test.

Thank you!

Chat

Syboxez@lemmy.world
link
fedilink
English
arrow-up
1·
1 year ago
On the point of 2, it could be made optional, so that the user could choose.

Fediverse@lemmy.world

fediverse@lemmy.world

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !fediverse@lemmy.world

A community to talk about the Fediverse and all it’s related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

Visibility: Local Only

Only users on this instance can interact with this community.

74 users / day
476 users / week
802 users / month
2.36K users / 6 months
NaN local subscribers
1 subscriber
1.9K Posts
54.4K Comments
Modlog