{ "id": "feb969fe8d8262215ef1363233818f6657704175c757e234d87e4579a6a603dd", "pubkey": "3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d", "created_at": 1743295056, "kind": 9802, "tags": [ [ "r", "https://fokus.cool/2025/03/25/pixelfed-vulnerability.html" ], [ "textquoteselector", "When following someone on a different server on the Fediverse, the remote server decides whether you are allowed to do so. This enables features like private accounts. Due to an implementation mistake, Pixelfed ignores this and allows anyone to follow even private accounts on other servers. When a legitimate user from a Pixelfed instance follows you on your locked fediverse account, anyone on that Pixelfed instance can read your private posts. You don’t need to be a Pixelfed user to be affected.", "erse instances March 25, 2025 ", " Pixelfed admins should update t" ], [ "textpositionselector", "109", "609" ], [ "rangeselector", "/main[1]/section[1]/p[1]", "/main[1]/section[1]/p[1]/strong[1]", "0", "52" ] ], "content": "When following someone on a different server on the Fediverse, the remote server decides whether you are allowed to do so. This enables features like private accounts. Due to an implementation mistake, Pixelfed ignores this and allows anyone to follow even private accounts on other servers. When a legitimate user from a Pixelfed instance follows you on your locked fediverse account, anyone on that Pixelfed instance can read your private posts. You don’t need to be a Pixelfed user to be affected.", "sig": "66a78d6a767c47e0f077e11379beae431ff51d6658af59b6dace6171bf7e3bb35d60377de35a435b510942229ecfe115e43981c066b3f92feab6f7130312325b" }