- cross-posted to:
- fediverse@lemmy.world
- cross-posted to:
- fediverse@lemmy.world
The admin stated they won’t be renewing the domain because .af is now controlled by the Taliban.
Link to post: https://queer.af/@postmaster/111733741786950083
Rare taliban w
rip to a real one. this is our 9/11
I know we’re talking about a time before a lot of young adults were born, but comparing the closure of a federated instance to what happened to a lot of people and families on 9/11 is actually pretty fucked up.
Americans have no sense of perspective. I have friends who were affected by the tower collapse in NY. We sent more service members to die looking for Bin Laden than were killed that day. And more than 10 times a many people die from gun violence in the US every God damned year than died in all four plane strikes. And every one of those other tragedies destroys families and communities.
It’s so overblown it’s practically a meme to everyone but the boomers and Christian “patriots” who need a way to make people angry about foreigners so they can ignore our home grown violent tendencies.
What’s the difference between 9/11 and a cow?
You stop milking the cow after a decade.
I did not think I needed an /s but I guess I did
There’s also the fact the event reference happened in 'murica. People don’t really take 'murica seriously.
During the COVID pandemic we decided a 9/11 every day was fine, that has consequences.
9/11 has been so overblown. Literally, with the bombing of middle eastern people when the US government used it as an excuse to attack an uninvolved country… such that most people think of it as a joke now.
Also with what the other person said regarding COVID. I personally cannot take that event seriously anymore. In fact, I see anyone who complains about it having to be taken seriously as overprivelaged… Yes, really.
I am even surprised that the Taliban let someone buy the queer.af domain.
But it’s also a cool feature of the federation, an instance is closed by an authoritarian government, tons of others are still there, and migration is easy, so you don’t loose you whole network. Still an annoyance for the user, but not as much an annoyance as when a centralized social media closes.
On the other hand, there’s very little to prevent the Taliban from re-registering queer.af and reusing old account names to spam their shitty opinions on this stuff.
Luckily they’re probably not smart enough to figure out they can, but this is one of the many reasons to be careful about the TLD you pick.
Just because they can take control of the domain doesn’t mean they somehow have access to the data any servers that used the domain have. Those servers were, i feel confident, not in Afghanistan. Domains are just redirects, so the Taliban have nothing on any of the users.
They can’t access old account data, but they can impersonate the accounts.
The ActivityPub spec does not tell you how to deal with “domain changes owner” situations. I believe Mastodon caches an actor’s key in perpetuity (and thus only allow the very first owner of a domain to set up an ActivityPub service), but there’s no guarantee other servers do the same.
If the new owners set up a server, complete with valid TLS certificate, they can host their own Mastodon with a list of account names that they can scrape from cached toots elsewhere, and start using those for propaganda. Some services will refuse the new messages because of theily cached the old keys, but undoubtably others will accept them. Things become extra fun when those servers start boosting/replying to the toots with embedded content.
The users aren’t in danger, but there’s a risk other servers will be spammed in the their old names.
What doesn’t help is that Mastodon’s migration feature only implements a redirect, so if they take over the domain before the server has updated all the other servers (i.e. due to high load or downtime on another server), the account ends up unredirectable.
This doesn’t need to be malicious, either; admin@example.com can simply let their domain expire, and if the new owner decides to also create an admin@example.com then all kinds of ActivityPub hell will break loose.
We need better standards for this, so domain takeovers can’t result in account impersonation, but domains can also be transferred to someone else without locking them out of ActivityPub forever.
If you have control of the domain, you can also get an X.509 certificate from any CA (e.g. for free from LetsEncrypt). Then you can put up a new server on that domain with a valid cert. If that server supports ActivityPub, it can provide new public keys for private keys you control for all users on the server, and can use the corresponding private keys to sign messages from any user on that server to any community those users are still subscribed to. In addition, any users on other servers still posting to / interacting with communities on that server would cause their server to send that to the inbox on the new server.
This means any usernames or communities on queer.af should no longer be trusted.
Just as an aside: unfortunately some of the Taliban are actually very smart - in an academic sense. Some of them have gone to the best schools and universities our world has to offer… and then decided the dark ages are where we should be. Go figure. But, to clarify, they aren’t all backwards goat herders from the middle of nowhere.
Maybe, just maybe, we shouldn’t be picking domains based on stuff like “hehe it says queer as fuck lul”? What did they expect to happen picking Afghanistan of all places for the domain of an LGBT instance?
funny as shit
they could become queer ‘for real’ unless macron gets a tumor
Removed by mod