this post was submitted on 11 Jun 2025
659 points (96.2% liked)
Fediverse memes
1483 readers
239 users here now
Memes about the Fediverse.
Rules
General
- Be respectful
- Post on topic
- No bigotry or hate speech
Specific
- We are not YPTB. If you have a problem with the way an instance or community is run, then take it up over at !yepowertrippinbastards@lemmy.dbzer0.com.
- Addendum: Yes we know that you think ml/hexbear/grad are tankies and or .world are a bunch of liberals but it gets old quickly. Try and come up with new material.
Elsewhere in the Fediverse
Other relevant communities:
- !fediverse@lemmy.world
- !yepowertrippinbastards@lemmy.dbzer0.com
- !lemmydrama@lemmy.world
- !fediverselore@lemmy.ca
- !bestofthefediverse@lemmy.ca
- !fedigrow@lemmy.zip
founded 8 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If by HTTP signature you mean an SSL certificate signed by an authority, those do not present a burden for bots to obtain any longer.
I do not, ActivityPub uses HTTP signatures to make sure messages and requests from other servers are legit,
Essentially, it adds a "signature" header which contains a link to a users public key, a list of headers in the message and a signed hash of all the headers and the request.
There's a better explaination here: https://docs.joinmastodon.org/spec/security/
A delicated bot to scrape ActivityPub posts is possible, but generic bots shouldn't work. If a delicated bot is made, people can block its keys or server anyway.
Signatures are only used to deliver activities to inboxes. The Activitypub json data of posts is usually available without any auth.
A lot of servers require signatures on GET requests as well, for private posts and to block specific people/servers.
Sorry, forgot to whom I was speaking.