It is proven! I am kjwon15 on Keybase: https://keybase.io/kjwon15/sigchain#fe30925db469a1c697451c13fa1745eec1e7cfb513b99c72869b6ea9e0dad14c0f
"What makes an image NSFW, according to Yahoo[/Tumblr]?"
(CW: synthetic pseudo-nudity)
I found a mastodon security bug(XSS, But not that serious)
@Gargron is streaming API dead now?
it returns 502.
And they said "You can search the latest toots for 30 days, and those older than 30 days will be automatically deleted from the server."
Then why this toot published on Jan 1 is still searchable??
@tootdon Did you worked correctly?
#tootdon said "we excluded your instance.", But existing toots are still searchable on tootdon.
@tinker basically, it communicates with a server hosted in the US, where it sends at least:
- every public toot seen by the app
- every OAuth token of its users
This server is hosted in the USA(!!!)
There are several endpoints: /api/v1/instances gives a paginated list of instances, and seems to be the *only* one that doesn't require authentication.
There's also /api/v1/statuses and /api/v1/users. Not sure how authentication to this API works yet...
By the way, it also appears to be tied with this company: http://mobirocket.com/
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!