docs: explained security and fetching and privacy
This commit is contained in:
parent
23da5bec62
commit
29f28701fd
GPG key ID:
A4895B84D311642C
1 changed files with 17 additions and 1 deletions
18
README.md
18
README.md
|
|
@ -1,7 +1,7 @@
|
||||||
# μpub
|
# μpub
|
||||||
> micro social network, federated
|
> micro social network, federated
|
||||||
|
|
||||||
μpub aims to be a fast, lightweight and secure [ActivityPub](https://www.w3.org/TR/activitypub/) server
|
μpub aims to be a private, lightweight, modular and **secure** [ActivityPub](https://www.w3.org/TR/activitypub/) server
|
||||||
|
|
||||||
μpub is currently being developed and can do most basic things, like posting notes, liking things, following others, deliveries and browsing
|
μpub is currently being developed and can do most basic things, like posting notes, liking things, following others, deliveries and browsing
|
||||||
|
|
||||||
|
|
@ -11,6 +11,22 @@ a test instance is _usually_ available at [feditest.alemi.dev](https://feditest.
|
||||||
|
|
||||||
upub's stock frontend is also being developed and can be viewed _usually_ at [feditest.alemi.dev/web](https://feditest.alemi.dev/web)
|
upub's stock frontend is also being developed and can be viewed _usually_ at [feditest.alemi.dev/web](https://feditest.alemi.dev/web)
|
||||||
|
|
||||||
|
## about security
|
||||||
|
most activitypub implementations don't really validate fetches: knowing an activity/object id will allow anyone to resolve it on most fedi software. this is of course unacceptable: "security through obscurity" just doesn't work
|
||||||
|
|
||||||
|
μpub correctly and rigorously implements and enforces access control on each object based on its addressing
|
||||||
|
|
||||||
|
most instances will have "authorized fetch" which kind of makes the issue less bad, but anyone can host an actor, have any server download their pubkey and then start fetching
|
||||||
|
|
||||||
|
μpub may be considered to have "authorized fetch" permanently on, except it depends on each post:
|
||||||
|
* all posts marked public (meaning, addressed to "https://www.w3.org/ns/activitystreams#Public"), will be fetchable without any authorization
|
||||||
|
* all posts not public will require explicit addressing and authentication: for example if post A is addressed to example.net/actor
|
||||||
|
* anonymous fetchers will receive 404 on GET /posts/A
|
||||||
|
* local users must authenticate and will be given said post only if it's addressed to them
|
||||||
|
* remote servers will be given access to all posts from any of their users once they have authenticated themselves (with http signing)
|
||||||
|
|
||||||
|
note that followers get expanded: addressing to example.net/actor/followers will address to anyone following actor that the server knows of, at that time
|
||||||
|
|
||||||
## progress
|
## progress
|
||||||
|
|
||||||
- [x] barebone actors
|
- [x] barebone actors
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue