• grrgyle@slrpnk.netEnglish
    9·
    4 days ago

    We might eventually have to get more exclusive, or have separate “public” and “private” modes/communities, maybe like how masto handles post visibility…

    I’m not sure if the open internet can ever be fully trusted, especially now with roving packs of predatory crawlers scraping for genuine human OC for their plagiarism machines.

    • Nutomic@lemmy.mlEnglish
      3·
      3 days ago

      Private communities will be in 1.0, along with some other visibility modes.

    • irelephant [he/him]@lemmy.dbzer0.comEnglish
      3·
      3 days ago

      I doubt they’re crawling stuff over AP, you usually need a HTTP signature for that, and no bot is going to bother with those.

      Most crawling would just be spamming the web interface.

      • Jerkface (any/all)@lemmy.caEnglish
        1·
        3 days ago

        If by HTTP signature you mean an SSL certificate signed by an authority, those do not present a burden for bots to obtain any longer.

        • irelephant [he/him]@lemmy.dbzer0.comEnglish
          3·
          3 days ago

          I do not, ActivityPub uses HTTP signatures to make sure messages and requests from other servers are legit,

          Essentially, it adds a “signature” header which contains a link to a users public key, a list of headers in the message and a signed hash of all the headers and the request.

          There’s a better explaination here: https://docs.joinmastodon.org/spec/security/

          A delicated bot to scrape ActivityPub posts is possible, but generic bots shouldn’t work. If a delicated bot is made, people can block its keys or server anyway.