Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.

  • froggers@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    50
    ·
    edit-2
    10 months ago

    anything I write on the internet should be treated as my private information. If I want to keep any conversation private, I will still post it in a public website.

    EDIT: I’m so sorry that my stupid comment offended some people. Always forget how special some people can be on this website. Once again I’m sorry for my lack of better judgement.

      • stoy@lemmy.zip
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        1
        ·
        10 months ago

        He thought he was funny, he repeated what the above poster said to repeat.

    • solrize@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      10 months ago

      I don’t think your comment was offensive per se. It was just ridiculously naive. If we are trying to build practical tools, they have to fit how things work in the real world, not how they work in anybody’s dreams. If you want to have private conversations on a public website, use encryption.