AndrewMar 5

So it turns out the geniuses over at Bluesky trust the client app to fetch, and honestly report, webpage metadata for preview cards, so with a little tinkering in the debug tools you can post whatever news stories you like and they look exactly the same as real ones.

https://bsky.app/profile/andrewt.net/post/3ljo2dja62224

Andrew (@andrewt.net)

Let's see what happens if I spoof the article metadata from the backend... https://www.bbc.co.uk/news/articles/69420

Bluesky Social
Show threadAndrewApr 23
anyway so bluesky continue not to fix this nonsense so i am going to keep abusing it until someone does something about it
Show threadLes OrchardApr 23
@andrewt This is why Mastodon has the collective DDoS orbital death laser, because every instance does this individually on the server when a link rolls in. Would be nice if there were a happy medium for this
Show threadAndrewApr 23
@lmorchard I mean there is, though, if you're BlueSky, because BlueSky is not in fact decentralised, so they could just fetch the image themselves instead of letting me do it
Show threadLes OrchardApr 23
@andrewt Yeah, that's true, they can avoid being a thundering herd if they're just one critter
Show threadmccApr 23
@lmorchard @andrewt Mastodon could also do better than this, since Mastodon is not a zero trust environment. Mastodon is a system which is largely *made of* mechanisms for rating actors according to levels of trust! Servers could easily configure "well, mastodon.social, THEM I trust to generate accurate preview cards, but racistfurries.club we don't trust so I'll generate my own"
Show threadPurple 
@mcc @lmorchard @andrewt Mastodon is actually zero trust as far as I'm aware, unless there are things I don't know about?
Apr 24 at 9:09amWeb