From 29f28701fdd54cc6c73725a116ad33e7eb615efa Mon Sep 17 00:00:00 2001 From: alemi Date: Tue, 16 Apr 2024 18:05:15 +0200 Subject: [PATCH] docs: explained security and fetching and privacy --- README.md | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 29cf838f..69da3f8a 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # μpub > micro social network, federated -μpub aims to be a fast, lightweight and secure [ActivityPub](https://www.w3.org/TR/activitypub/) server +μpub aims to be a private, lightweight, modular and **secure** [ActivityPub](https://www.w3.org/TR/activitypub/) server μpub is currently being developed and can do most basic things, like posting notes, liking things, following others, deliveries and browsing @@ -11,6 +11,22 @@ a test instance is _usually_ available at [feditest.alemi.dev](https://feditest. upub's stock frontend is also being developed and can be viewed _usually_ at [feditest.alemi.dev/web](https://feditest.alemi.dev/web) +## about security +most activitypub implementations don't really validate fetches: knowing an activity/object id will allow anyone to resolve it on most fedi software. this is of course unacceptable: "security through obscurity" just doesn't work + +μpub correctly and rigorously implements and enforces access control on each object based on its addressing + +most instances will have "authorized fetch" which kind of makes the issue less bad, but anyone can host an actor, have any server download their pubkey and then start fetching + +μpub may be considered to have "authorized fetch" permanently on, except it depends on each post: + * all posts marked public (meaning, addressed to "https://www.w3.org/ns/activitystreams#Public"), will be fetchable without any authorization + * all posts not public will require explicit addressing and authentication: for example if post A is addressed to example.net/actor + * anonymous fetchers will receive 404 on GET /posts/A + * local users must authenticate and will be given said post only if it's addressed to them + * remote servers will be given access to all posts from any of their users once they have authenticated themselves (with http signing) + +note that followers get expanded: addressing to example.net/actor/followers will address to anyone following actor that the server knows of, at that time + ## progress - [x] barebone actors