With so many variations of Lemmy and fediverse instances, are there any defenses against a malicious server running altered code? Is there a way to prove what code is supposed to be running on each instance?

    • dislocate_expansion@reddthat.comOPB
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago

      Either or. Would be more nefarious to have users sign up for a malicious instance unknowingly and then federate with non malicious instances

      • Elise@beehaw.org
        link
        fedilink
        arrow-up
        1
        ·
        7 months ago

        Something to consider would be to compare this to the walled gardens, say Facebook. Is that a malicious ‘instance’?

        And then what is the chance to register on a malicious one in the fediverse?

        • dislocate_expansion@reddthat.comOPB
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          I think the chances are high since the domains are supposed to be novel, compared to Facebook which is a worldwide known domain and chances of impersonating it are slim or would require a client side hack

            • dislocate_expansion@reddthat.comOPB
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              6 months ago

              That’s a different conversation. I’m talking about an adversary who just creates a Lemmy instance and has malicious code embedded in the images, videos and text

              What does that have to do with any corporation? Facebook specifically is already in a lawsuit this last month about installing malicious Root Certificates and performing man in the middle attacks against Amazon and Google, so I’m not sure what you’re asking