Discussion
Loading...
@maikel I'm unsure what you're asking. Are you asking whether you can fake the joined on date on server you completely control?
Because that is obviously possible, because you control the server. You could even have the instance send different joined on dates to different instance
@webhat I did not know that. I thought the protocol somehow prevented that case from happening the same as changing handles fucks up federation somehow.
Thank you for letting me know. Now I know the joined date is another scam vector.
@maikel everything that is coming from a federated instance can be manipulated by that instance, not just the join date
It's the same for any website, if you control the server you control the communication to the outside world. The only way to mitigate against things like that is to have some kind of web of trust, and even that is no guarantee
I don't see how the protocol would be able defend from a malicious or compromised instance
Here's the code for Mastodon:
https://github.com/mastodon/mastodon