We're phasing OStatus out of Mastodon (we've supported it 2 years longer than we've used it) which removes a lot of cognitive load from further development of features and maintenance #mastodev

There is a new optional feature in the master branch called authorized-fetch mode, which requires all fetches of ActivityPub resources to be signed, which in turn allows to reject fetches from domain-blocked servers.

Enabling this right now is not a great idea because current Mastodon versions don't sign all requests, so some functions would be impacted, a slow roll-out is advised #mastodev


@Gargron Signed can mean many things, so would you mind elaborating on whether you mean HTTP Signatures, Signed JSON-LD, or something else?

I'd like to include any new techniques in my whitepaper on unwanted message on the fediverse (have you read it?)


Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!