Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
Not the point. The point that instances that are open for everyone will be open for bad actors as well.
If the mere act of signing up to an instance requires a small payment, you are automatically preventing the absolute majority of spammers, “spray and pray” scammers and channer trolls.