Arthur Besse
cultural reviewer and dabbler in stylistic premonitions
- 19 Posts
- 26 Comments
The lack of details in the advisory is only a minor impediment for a malicious person who wants to figure out how to implement their own exploit for this vulnerability. Anyone can read the patch that fixes it and figure it out.
TLDR: if you run your own instance, update it ASAP. If an instance you rely on hasn’t updated yet, consider asking its admins to do so. And if they don’t update it soon, you might want to reconsider your choice of instance.
I get your point. But it’s a huge risk.
Using a separate account doesn’t substantially mitigate the risk. It might reduce the chances of getting randomly exploited, but it’s easy to post things admins need to see to do their job so any attacker wanting to target admins would still be able to even if we used separate accounts.
Systemically fixing the XSS problems is necessary either way :)
edit: actually I guess most common admin activities could be separated from the rarely used ones, at least… or the infrequent actions could simply require re-authenticating. That wouldn’t be a bad idea.
I still wouldn’t use the admin account as my daily driver. Leave it open in another browser/private tab specifically to perform admin actions
i’ve thought about switching to a different account for non-admin tasks but I was a normal user here first and I want to keep using this account for normal posting too. I think using a different account is kind of pointless from a security standpoint, because performing mod and admin actions requires looking at user-generated content anyway and there is no way around that (except for maybe moving to a very clipboard-heavy workflow which would make everything take much longer).
There is work underway to fix these XSS bugs in a more comprehensive way (better CSP, and HttpOnly cookies…) which will hopefully land soon.
(i am not a lemmy developer but i’m reading the github and matrix chat…)
indeed, they have a public firehose, as of this PR: https://github.com/bluesky-social/atproto/pull/205
and this site’s code which consumes it is very short and conveniently not minified: https://whenitrains.glitch.me/script.mjs
for one thing, a lot of “non-tech” people do manage to buy their own domain names somehow.
but, also: domains-as-handles doesn’t actually mean everyone needs to get their own domain. For instance, if/when feddit.de adopts ATP, you can be @sexy-peach.feddit.de on bluesky (and everywhere else that uses ATP).
it’s DIDs in DNS. you can read more here: https://atproto.com/guides/identity
so, your DID (which includes a pubkey) is actually your identity, and you can change your handle without changing your DID.
It doesn’t exactly say it on the page i linked, but iiuc their plan is also that while today handles are all names ending with ICANN TLDs in the future they could also be under alternative TLDs defined by ✨blockchains✨.
We’re not intruding on this space. We’ve been in the fediverse for just as long or longer; the fediverse has been scrapable since 2008.
Totally. And while it was scrapable, and scraped a lot, I wish there had been a lot more systematic public scraping of the “federated social web” (as it was called before the terrible name “fediverse” was adopted) back then - I had a lot of public conversations on identi.ca and StatusNet which I wish I could still see, but they now exist only in a bunch of private databases I don’t have access to. 😢
What about public parks? Is it okay to walk around you while you’re having a conversation and record you, and then post that conversation on-line?
No, that would certainly not be okay. When I’m walking in a public park I have some expectation of privacy. If you’re walking close to me when I’m having what is intended to be a private conversation, I might notice and pause.
You are conflating private and public conversations. When we’re having a conversation in a public forum like this online, we are both posting it on-line already.
I hope archive.org posts another copy on-line so that if I want to refer to this later, after lemmy and the whole cargo-cult-deadend activitypub architecture has gone the way of the dodo, I will still be able to. And I hope they make it searchable!
Is it okay to use directional microphones to record you in such a setting?
Of course not. It’s also not possible to be sure it isn’t happening, but, if/when that is happening it is an unambiguous violation of social norms (and the law, in most places).
Doesn’t the whole recording-in-the-park thing from the Conversation give you the creeps?
Absolutely. (And now I’m wondering if you’ve noticed the reference to this film in my profile here or are bringing it up independently… 😀)
Are you saying that the fact that something is difficult to enforce against makes it okay to do, even if the person you do this to does not want it done?
Not at all. I think publicly archiving public web content is okay because I think it has a net public benefit. Better than okay, I think it is a good thing to do.
It is not because it is difficult to enforce against that I think it is okay. The fact that it is difficult to enforce against is why I think that it is not okay to give people who don’t know any better the false impression that it is not difficult to enforce against.
I could be wrong, but I interpret this post as being about Mastodon’s culture of being against search technology, which I find depressing and irritating for reasons I explained in that other thread as well as this one.
However, I just noticed a place where there is some lack of informed consent here on Lemmy: in the Lemmy UI, it appears that upvotes and downvotes are anonymous. I checked a long time ago, and realized that they weren’t really; the identity of the up or down voter is federated, but it is simply not shown by the UI.
I would assume that many (probably most) lemmy users do not realize this.
It just now came to my attention that Friendica actually is showing this information, in the form of “$username does not like this” for a downvote! https://rytter.me/display/4c906314-4763-d3aa-4584-11a516756414 🤣
(hey @OptimusPrime@lemmy.ml … why did you downvote that? I myself am also listed there as not liking it; I downvoted it as a test to confirm my assumption that it would show up as “does not like”, and then when I undownvoted it that event apparently didn’t get federated.)
imo these are the kind of “informed consent” issues that fediverse developers should be thinking about, rather than “how can we increase the power imbalance by making it so that only the elite are allowed to have fulltext search… in the name of justice” as so many seem to be hell-bent on doing.
i clicked a button that most lemmy users would assume is an anonymous up/down vote and now my name is listed on a 3rd party website saying i “don’t like” something (even though I tried to undo it). #thisisfine ?
are cafés public or private spaces?
They’re fundamentally private spaces, even if open to the public. Under certain zoning ordinances they may be considered a “public place” for some purposes if they are above a certain size, but this does not negate their ability to set their own rules and deny access to members of the public who violate them.
If a cafe wants to enforce a “no phones” rule, they can do so relatively effectively. If a website wants to enforce a “no robots” rule (especially if they also want to not require any login to view the content on the site) they can ultimately only pretend to be able to do that effectively.
Can I just sit at the table next to yours and stream and record your conversation with your friends?
You technically can, and if you get caught the cafe can (and should, imo) kick you out for doing so. Pretending that a provider of an electronic publishing system can enforce the same kind of social norms as are possible in physical spaces is silly at best and actually harmful at worst.
Some of my favorite bars and cafes outright prohibit the use of phones and also don’t operate CCTV, but in many places you are in fact frequently nonconsenually recorded by other people, sometimes streamed onto something like facebook live, as well as constantly by 4K CCTV with audio (in violation of the law in many localities, yet still common).
When you’re having a conversation in a physical space and you notice someone eavesdropping, you sometimes might speak less freely as a result, especially if they appear to be filming. In a public conversation online, especially one readable without even logging in, you can’t tell when someone is “eavesdropping” because you are publishing.
I’m a big proponent of enforcing privacy in online and offline spaces with technology, policy, and social norms. I’m also opposed to magical thinking. Telling people that they can semi-publish, to have some of the benefits of publishing without some of the consequences, is misleading to the point of being dishonest.
I blame facebook for conditioning people to believe that such a thing is possible, through their years of blurring the lines between public and private.
I agree with a lot of the spirit of what they’re saying, but I’m pretty sure I wouldn’t agree with their concrete applications of it (although they are unclear in the thread).
I think blurring the lines between public and private spaces is the opposite of informing consent. Cultivating unrealistic expectations of “privacy” and control in what are ultimately public spaces is actually bad, imo.
Informed consent in the fediverse should look something like a message on the signup page that says: This is a publishing system. Be aware that everything you publish here will be distributed to a bunch of other servers which are not under the control of us, the operators of your server. When you edit or delete something you’ve published, we will honor it and relay the message, but other servers may or may not honor it. There are many other tools for private (encrypted) group communication, but that is not what this is. ActivityPub is for publishing.
ps: I, for one, am glad that the Internet Archive exists!
No, this is a server-side vulnerability. Clients do not need to update, instances do.