📡 Daan BergJan 5, 2023
Ben Tasker

New #blog: Tightening #security control over #mastodon public #api endpoints

The concern in fediblock around @cloy's #fedisearch plans earlier in the week prompted me to put my #infosec hat on and look into ways to make it harder for external #scrapers to hit Mastodon's API feeds.

This post suggests a possible solution for concerned instance admins as well as details of some #crawlers I spotted.

https://www.bentasker.co.uk/posts/blog/security/restricting-unauthenticated-access-to-mastodons-public-feeds.html

Tightening Controls over Public Activity Feeds on Mastodon

There have been big discussions on Mastodon (and in the wider fediverse) this week about privacy and safety as it pertains to the aggregation and indexing of public activity. The discussion started wi

www.bentasker.co.uk
Jan 4, 2023 at 10:21pmWeb
Show threadDavidJan 5, 2023
@ben For those who do run a fork of Mastodon, this is my patch adding a setting to disable unauthenticated access to trends: https://github.com/Snailed-It/mastodon/commit/347f13999d0ac348278a9c8b6f64c426da83f2a7
Support disabling public listing of trends · Snailed-It/mastodon@347f139

Your self-hosted, globally interconnected microblogging community - Support disabling public listing of trends · Snailed-It/mastodon@347f139

GitHub