We're phasing OStatus out of Mastodon (we've supported it 2 years longer than we've used it) which removes a lot of cognitive load from further development of features and maintenance

There is a new optional feature in the master branch called authorized-fetch mode, which requires all fetches of ActivityPub resources to be signed, which in turn allows to reject fetches from domain-blocked servers.

Enabling this right now is not a great idea because current Mastodon versions don't sign all requests, so some functions would be impacted, a slow roll-out is advised

Show thread

@Gargron Signed can mean many things, so would you mind elaborating on whether you mean HTTP Signatures, Signed JSON-LD, or something else?

I'd like to include any new techniques in my whitepaper on unwanted message on the fediverse (have you read it?)


Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!