We're phasing OStatus out of Mastodon (we've supported it 2 years longer than we've used it) which removes a lot of cognitive load from further development of features and maintenance #mastodev

There is a new optional feature in the master branch called authorized-fetch mode, which requires all fetches of ActivityPub resources to be signed, which in turn allows to reject fetches from domain-blocked servers.

Enabling this right now is not a great idea because current Mastodon versions don't sign all requests, so some functions would be impacted, a slow roll-out is advised #mastodev

Follow

@Gargron Signed can mean many things, so would you mind elaborating on whether you mean HTTP Signatures, Signed JSON-LD, or something else?

I'd like to include any new techniques in my whitepaper on unwanted message on the fediverse (have you read it?)

github.com/emacsen/rwot9-pragu

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!