mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

354K
active users

There's a "Signal deanonymized" thing going around:
gist.github.com/hackermondev/4

Stay calm. Deep breaths.

👉 while this is a real consideration, the only thing the attacker gets from this is a very rough (kilometers or tens of kilometers radius) location

👉 other communication platforms that use any kind of caching CDN to deliver attachments are just as affected

👉 you almost certainly should continue to use Signal, unless you specifically know that this is a big problem for you.

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research.md
GistUnique 0-click deanonymization attack targeting Signal, Discord and hundreds of platformUnique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research.md
phryk 🏴

@rysiek I think there's two points here:

1) If this is a security consideration for you, take note that much more granular location tracking is commonplace in mobile apps and prioritize mitigating that over the much more coarse location you can get by querying CDNs.

2) Using third-party services *always* introduces security considerations. If you're a programmer, think about what this means for your software before you integrate them.