Techly NewsGet the app

Get the latest tech news

Pixelfed leaks private posts from other Fediverse instances


When following someone on a different server on the Fediverse, the remote server decides whether you are allowed to do so. This enables features like private accounts.

Importantly, your Mastodon or GoToSocial instance isn’t handing your private posts to any random server, just because it asks. With commit messages like “Update ActivityPub helpers, improve private account handling” it is a dead giveaway when one knows what they’re looking for. A similar situation unfolded a few months ago, when a bug left hundreds of instances vulnerable which apparently resulted in stolen S3 API keys.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of fediverse

fediverse

Photo of private posts

private posts

Photo of Fediverse instances

Fediverse instances

Related news:

News photo

Substack rival Ghost is now connected to the fediverse

News photo

The fediverse promises social media without Big Tech – if it can avoid familiar pitfalls

News photo

The Fediverse Isn’t the Future. It’s the Present We’ve Been Denied.

« Introduction to System Programming in Linux (Early Access)
Galaxy S25 caught testing Samsung’s upcoming One UI 8 (Android 16) update »