Mastodawn

cheesefox Mar 6, 2025

So it turns out the geniuses over at Bluesky trust the client app to fetch, and honestly report, webpage metadata for preview cards, so with a little tinkering in the debug tools you can post whatever news stories you like and they look exactly the same as real ones.

https://bsky.app/profile/andrewt.net/post/3ljo2dja62224

Andrew (@andrewt.net)

Let's see what happens if I spoof the article metadata from the backend... https://www.bbc.co.uk/news/articles/69420

Bluesky Social

johnaldis Mar 5, 2025

@andrewt I see what you’re saying but couldn’t you do the same thing with an image editor or the web inspector?

Andrew Mar 5, 2025

@johnaldis sure, but only I would see that. this is what *everyone* sees

johnaldis Mar 5, 2025

@andrewt Oh, the *posting* client? Now I actually see what you mean—that does sound a bit more “genius”.

Andrew Mar 5, 2025

@johnaldis Yeah. When you paste a URL into the web UI, it asks the Bluesky API for the title, description and thumbnail image URL, then sends that same data (hopefully) back to the server when you hit "post" for use in the preview card.

johnaldis Mar 6, 2025

@andrewt Oh, worse again! It’s actually asking their *own* API for it and round tripping? I had assumed this was because they didn’t want to fetch the page and do the work to summarise on their server, but they’re doing all that anyway? 🤦

Andrew Mar 6, 2025

@johnaldis I guess it's set up this way so that (a) the card appears as a preview while you're writing, and (b) it works even when the target page has CORS protection headers set up. I see how they'd arrive at this design but it's not good

johnaldis Mar 6, 2025

@andrewt I see how you might end up here by mistake. OTOH I don’t understand the CORS point. If the Bluesky server can fetch the page to generate a preview to send to the composing client, surely the same mechanism can generate a preview to save into the completed message?

Andrew Mar 6, 2025

@johnaldis Oh, I just mean they couldn't fetch the data from the posting client, so even if "they didn’t want to fetch the page and do the work to summarise on their server", they'd have to anyway.

It's all a bit moot though because they just shouldn't be doing any of this

Felix Eckhardt Mar 6, 2025

@andrewt @johnaldis I guess this is not a big deal to fetch something in the backend. But if you trust some information you have sent to the frontend you better sign it and check the signature afterwards. This way the content cannot be altered.

Alexander The 1st Mar 7, 2025

@andrewt @johnaldis How much harder would it be for them to just...validate the metadata on their server software?

always tired Apr 23, 2025

@andrewt @johnaldis

They could just add a MAC to this preview data so if the client changes it the server would reject the upload.

Andrew Apr 23, 2025

@project1enigma @johnaldis apparently they don't want to, the theory goes that the PDS is meant to be "yours", like you could skip bluesky's server and run your own and upload anything you want to that, so there's no point in *their* server policing anything at all, since you could just work around it if you really wanted. this seems obviously silly to me, but what do i know, i'm a tech guy, not a whatever the fuck bluesky is guy

guenther Mar 6, 2025

@johnaldis @andrewt

Doing it in the viewing client is also bad, because then this would be a "read receipts" feature. This is why good email clients stopped rendering remote images in HTML emails.

Colin D Mar 6, 2025

@andrewt these are excellent

Aaron Williamson Mar 6, 2025

@andrewt lololol thank you for this

Daniel Neuman Mar 6, 2025

@andrewt Wow! Luckily bsky is not actually decentralized so they should be able to quite easily fix this shortcoming.

Kirrepic Mar 6, 2025

@andrewt Finally a good reason to create an account on bluesky

camwilson Mar 6, 2025

cheetah_spottycat Mar 6, 2025

@andrewt That's not good design and should be fixed, but to be honest, you also could just have posted a fake screen shot.

Andrew Mar 6, 2025

@cheetah_spottycat You didn't click through to the Bluesky post, did you? (which is, of course, why this is such a big problem)

Ciourte Piaille Mar 6, 2025

@andrewt @mmu_man
Well, at least you got 5 millions out of it. 😏

Cegorach Mar 6, 2025

@andrewt tbf that's somewhat minor?

I mean that client is just sending arbitrary posts as well and you could just send wrong URLs that don't fit the text.

idk why you would ever do it that way, but i've seen worse.

Andrew Mar 6, 2025

@dat I mean it's minor inasmuch as like it only lets you include arbitrary content in *your own* posts. But given how much power social media has to shape things like elections, and how often people read thumbnails and never click through, the potential effects of this kind of thing are pretty serious.

That fake BBC link points to a 404 page, for example — if I post some fake news this way, all I need to do is reply with "oh my god they deleted it" and that's pretty convincing.

Or find a real story and edit something incriminating into it — if I link to a report of some horrific crime and edit into it that the criminal is in some minority group I don't like, even if anyone clicks through, there's a pretty good chance they'll reply "the cowards edited it to not say they're [whatever]" because "journalists censor news to suit woke agenda" is part of the average right-winger's mental model of the world and "website has exploit that lets you fake news thumbnails" is not

ikeacurtains Mar 6, 2025

@dat @andrewt couldn't this be fixed by the server digitally signing the card metadata so that it can't be modified? If the card metadata is sent back modified, the sighash breaks and the server should reject the post.

Andrew Mar 6, 2025

@ikeacurtains @dat it could, but it sounds like bluesky don't want to do that kind of solution because "the server" could be anyone. you know, because bluesky is """decentralised"""

ikeacurtains Mar 6, 2025

@andrewt @dat no solution is perfect but something is better than nothing. *gestures at DKIM*

lnl Mar 6, 2025

@andrewt oh it's been known for a while

Andrew Mar 6, 2025

@lnl I assumed someone must have found it before, not lease because the UI pops up a loading spinner when you post a link saying "uploading link thumbnail". Hard not to find an exploit when there's a little alert telling you it's there

ochtendgrijs Mar 6, 2025

@andrewt Ah, so _that’s_ why Mastodon ‘launches a DDoS attack’ on every linked web page

Trolli Schmittlauch 🦥Mar 6, 2025

@andrewt And this is why Fediverse servers continue to fetch article previews on their own, even though this induces a bit of load on the linked-to servers.

Joshix Mar 6, 2025

@schmittlauch @andrewt on fedi the linked pages can serve different content based on the user agent. Which could lead to fake previews being displayed

Konstantin Weddige Mar 6, 2025

@joshix @schmittlauch @andrewt but that's up to the linked resource. If the linked resource is not trustworthy, then it's just good old misinformation on the internet. Not great, but nothing new. That's where the reader has to decide, if they trust the author of the toot or the resource.

But if the link goes to a trustworthy source (like the BBC), I should be able to trust the preview, regardless of who posted it. Who posted a link shouldn't have to be part of my threat model.

Joshix Mar 6, 2025

@weddige @schmittlauch @andrewt yeah and mastodon does that better than twitter

https://fosspri.de/@joshix/112138621667249440

Joshix (@[email protected])

test https://test.archuser.de

FossPride™

Jeff Grigg Mar 6, 2025

@joshix @weddige @schmittlauch @andrewt

Well, eX-Twitter has been hosting *advertising* that links to malware. And does not seem to have any interest in removing or avoiding such. So there's that (too). 🙄

samiamsam Mar 6, 2025

LOL

hrbrmstr 🇺🇦 🇬🇱 🇨🇦Mar 6, 2025

@andrewt I guess Mastodon runners are also 'geniuses'.

Antonius Marie ⚧Mar 6, 2025

@hrbrmstr @andrewt Sure. But can you make *me* see it? This is what I see when I check the link in the original post

hrbrmstr 🇺🇦 🇬🇱 🇨🇦Mar 6, 2025

@melindrea @andrewt clever, but since none of the links work and someone could just make an image to fake a card, i'm not really sure what the point is b/c anyone daft enough to fall for it will fall for it either way (image or record render). misinfo is def a problem—not saying it isn't. This just goes into the "read beyond the quick dopamine hit" bucket.

Andrew Mar 6, 2025

@hrbrmstr @melindrea Sure but the fact is that people do *not* read beyond the quick dopamine hit. If your solution to misinformation is that eight billion people should simply change their behaviour then I don't think it's workable

hrbrmstr 🇺🇦 🇬🇱 🇨🇦Mar 6, 2025

@andrewt @melindrea um…they'll believe an image that looks like the "hack" you did, so…?

Andrew Mar 6, 2025

@hrbrmstr @melindrea To be clear, is your case that it's fine for large platforms to let people trivially create convincing fake news items, because anyone with paper and crayons can make an *unconvincing* fake newspaper and what's the difference really?

hrbrmstr 🇺🇦 🇬🇱 🇨🇦Mar 6, 2025

@andrewt @melindrea no, but you've proven you just want accolades for a middling "hack" so there's no point in engaging further.

Andrew Mar 6, 2025

@hrbrmstr @melindrea agreed *blocks*

@andrewt I'm just curious what a good way to do this is.

It seems like from a security point of view, the only good way to do this is never display link cards at all, and make everyone go to the article page itself if they want content.

mjec Mar 6, 2025

@andrewt I think this is a design decision and honestly not unreasonable (cf complaints about fediverse posts DDOSing links to fetch previews during federation)

Andrew Mar 6, 2025

@mjec I think it is a design decision, and while I agree it's not unreasonable in the context of Bluesky's wider deisgn philosophy, I fundamentally disagree with Bluesky's wider deisgn philosophy

mjec Mar 6, 2025

@andrewt that's quite a different attitude than I think your original post suggests

Andrew Mar 6, 2025

@mjec I see what you're getting at but idunno, I think they've built a thing that's clearly bad and they've done it on purpose in service of an idea that's also clearly bad, it all feels pretty consistent front this side

mjec Mar 6, 2025

@andrewt so I disagree with you about bsky being bad or in service of a bad idea; but regardless, that doesn't make this decision stupid or a mistake. Like we can have a conversation about whether the link card UI element should be "trustworthy" and what that security boundary might mean. But factually, this isn't bluesky blindly and unintentionally trusting client data, as you imply

Andrew Mar 6, 2025

@mjec no, but it is bluesky blindly and *intentionally* trusting client data, and i don't think that's better

mjec Mar 6, 2025

@andrewt do you think html is bad because it lets you create phishing pages?

Andrew Mar 7, 2025

@mjec I'm not engaging with this nonsense

Jenniferplusplus Mar 6, 2025

@andrewt oh my God, is it baked into the PDS? I can't think of another reason they would just take the clients word for it, except that they have to because the client's whole payload is getting written to their PDS and it's cryptographically impossible to modify

Felix Eckhardt Mar 6, 2025

@andrewt Bummer. This really is a rookie mistake. Do not trust any input in the backend. Thats not complicated 🤦‍♂️

Rusty Corgi Mar 6, 2025

@andrewt I don't follow what you mean though ??? What spoof? Elon is definitely in Gitmo, I saw him there yesterday.

Tisha Tiger / Neliger Mar 6, 2025

Felix Eckhardt Mar 6, 2025

@andrewt Did you do a responsible disclosure or is the vulnerability still active?

Felix Eckhardt Mar 6, 2025

@andrewt Oh, nevermind. The problem is known at least since 2023 🤦‍♂️

https://www.bentasker.co.uk/posts/blog/security/bluesky-posting-enables-misinformation-and-phishing-campaigns.html

Using BlueSky Features As Disinformation Tools

Whilst working on automating posting into Bluesky I ran into an issue around link embed cards. BlueSky require that you manually define them, which means they're under the full control of the develope

www.bentasker.co.uk

enthraxxx Mar 6, 2025

@andrewt Finally a use case for Blueski!
@gPiak , j'arrive*

* ou pas.