With so many variations of Lemmy and fediverse instances, are there any defenses against a malicious server running altered code? Is there a way to prove what code is supposed to be running on each instance?
With so many variations of Lemmy and fediverse instances, are there any defenses against a malicious server running altered code? Is there a way to prove what code is supposed to be running on each instance?
You mean for users of that instance or for other instances?
Either or. Would be more nefarious to have users sign up for a malicious instance unknowingly and then federate with non malicious instances
Something to consider would be to compare this to the walled gardens, say Facebook. Is that a malicious ‘instance’?
And then what is the chance to register on a malicious one in the fediverse?
I think the chances are high since the domains are supposed to be novel, compared to Facebook which is a worldwide known domain and chances of impersonating it are slim or would require a client side hack
I meant do you trust these companies?
That’s a different conversation. I’m talking about an adversary who just creates a Lemmy instance and has malicious code embedded in the images, videos and text
What does that have to do with any corporation? Facebook specifically is already in a lawsuit this last month about installing malicious Root Certificates and performing man in the middle attacks against Amazon and Google, so I’m not sure what you’re asking