- cross-posted to:
- fediverse@lemmy.world
- cross-posted to:
- fediverse@lemmy.world
The admin stated they won’t be renewing the domain because .af is now controlled by the Taliban.
The admin stated they won’t be renewing the domain because .af is now controlled by the Taliban.
Just because they can take control of the domain doesn’t mean they somehow have access to the data any servers that used the domain have. Those servers were, i feel confident, not in Afghanistan. Domains are just redirects, so the Taliban have nothing on any of the users.
If you have control of the domain, you can also get an X.509 certificate from any CA (e.g. for free from LetsEncrypt). Then you can put up a new server on that domain with a valid cert. If that server supports ActivityPub, it can provide new public keys for private keys you control for all users on the server, and can use the corresponding private keys to sign messages from any user on that server to any community those users are still subscribed to. In addition, any users on other servers still posting to / interacting with communities on that server would cause their server to send that to the inbox on the new server.
This means any usernames or communities on queer.af should no longer be trusted.
They can’t access old account data, but they can impersonate the accounts.
The ActivityPub spec does not tell you how to deal with “domain changes owner” situations. I believe Mastodon caches an actor’s key in perpetuity (and thus only allow the very first owner of a domain to set up an ActivityPub service), but there’s no guarantee other servers do the same.
If the new owners set up a server, complete with valid TLS certificate, they can host their own Mastodon with a list of account names that they can scrape from cached toots elsewhere, and start using those for propaganda. Some services will refuse the new messages because of theily cached the old keys, but undoubtably others will accept them. Things become extra fun when those servers start boosting/replying to the toots with embedded content.
The users aren’t in danger, but there’s a risk other servers will be spammed in the their old names.
What doesn’t help is that Mastodon’s migration feature only implements a redirect, so if they take over the domain before the server has updated all the other servers (i.e. due to high load or downtime on another server), the account ends up unredirectable.
This doesn’t need to be malicious, either; admin@example.com can simply let their domain expire, and if the new owner decides to also create an admin@example.com then all kinds of ActivityPub hell will break loose.
We need better standards for this, so domain takeovers can’t result in account impersonation, but domains can also be transferred to someone else without locking them out of ActivityPub forever.