AndrewMar 5, 2025

So it turns out the geniuses over at Bluesky trust the client app to fetch, and honestly report, webpage metadata for preview cards, so with a little tinkering in the debug tools you can post whatever news stories you like and they look exactly the same as real ones.

https://bsky.app/profile/andrewt.net/post/3ljo2dja62224

Andrew (@andrewt.net)

Let's see what happens if I spoof the article metadata from the backend... https://www.bbc.co.uk/news/articles/69420

Bluesky Social
Show threadTrolli Schmittlauch 🦥
@andrewt And this is why Fediverse servers continue to fetch article previews on their own, even though this induces a bit of load on the linked-to servers.
Mar 6, 2025 at 11:53amWeb
Show threadJoshixMar 6, 2025
@schmittlauch @andrewt on fedi the linked pages can serve different content based on the user agent. Which could lead to fake previews being displayed
Show threadKonstantin WeddigeMar 6, 2025

@joshix @schmittlauch @andrewt but that's up to the linked resource. If the linked resource is not trustworthy, then it's just good old misinformation on the internet. Not great, but nothing new. That's where the reader has to decide, if they trust the author of the toot or the resource.

But if the link goes to a trustworthy source (like the BBC), I should be able to trust the preview, regardless of who posted it. Who posted a link shouldn't have to be part of my threat model.

Show threadJoshixMar 6, 2025

@weddige @schmittlauch @andrewt yeah and mastodon does that better than twitter

https://fosspri.de/@joshix/112138621667249440

Joshix (@[email protected])

test https://test.archuser.de

FossPrideâ„¢
Show threadJeff GriggMar 6, 2025

@joshix @weddige @schmittlauch @andrewt

Well, eX-Twitter has been hosting *advertising* that links to malware. And does not seem to have any interest in removing or avoiding such. So there's that (too). 🙄