"This raises a lot of uncomfortable questions about how Maven pulled in Fediverse content, and whether Mastodon has some kind of undocumented vulnerability that can leak private messages. At the very least, Maven’s developers should have accounted for posts with a Public scope only, and linked back to the original posts."
https://wedistribute.org/2024/06/maven-mastodon-posts/
It's worth a reminder to a lot of folks here, that Mastodon DMs are not end to end encrypted. You should never assume privacy.
Dave 🚀 /
npub1u5…kgz5d
2024-06-13 05:53:45
Author Public Key
npub1u5dtyjz5en3d60wlqy4hkwyp6vqr6m443hmzuccszz27hxk4aqyqykgz5dPublished at
2024-06-13 05:53:45Event JSON
{
"id": "b23e215f0e3d123ffd31558e31ba2f68d014c63aa86af0c1c174571a376fc646",
"pubkey": "e51ab24854cce2dd3ddf012b7b3881d3003d6eb58df62e63101095eb9ad5e808",
"created_at": 1718258025,
"kind": 1,
"tags": [
[
"proxy",
"https://social.lightbeamapps.com/users/dave/statuses/112607757968373710",
"activitypub"
]
],
"content": "\"This raises a lot of uncomfortable questions about how Maven pulled in Fediverse content, and whether Mastodon has some kind of undocumented vulnerability that can leak private messages. At the very least, Maven’s developers should have accounted for posts with a Public scope only, and linked back to the original posts.\"\n\nhttps://wedistribute.org/2024/06/maven-mastodon-posts/\n\nIt's worth a reminder to a lot of folks here, that Mastodon DMs are not end to end encrypted. You should never assume privacy.",
"sig": "10cba333669de145f5ff5faa8d4c4d521ae74d2f9528c7e4f68881d0cae5af9453df256450d24b3a28cb221239289f29143867382bccb4a4bb50e3e861f35ac6"
}