katanova , 4 months ago @hrefna In my perspective, this problem really gets at a core design assumption of activitypub. allowlist is effective security "these behaviors from the software are allowed, anything outside of this is not" What it seems you're saying is that AP seems to be designed to assume permissive calls to the server This seems to mirror how mastodon and most activitypub servers are designed around denylist, aka assume every connection is allowed Running a masto server on allowlist sucks by design
@hrefna In my perspective, this problem really gets at a core design assumption of activitypub.
allowlist is effective security
"these behaviors from the software are allowed, anything outside of this is not"
What it seems you're saying is that AP seems to be designed to assume permissive calls to the server
This seems to mirror how mastodon and most activitypub servers are designed around denylist, aka assume every connection is allowed
Running a masto server on allowlist sucks by design