This clearly demonstrates the meaning of real ownership of our accounts and the ...

This clearly demonstrates the meaning of real ownership of our accounts and the difference bewteen #Nostr and #Mastodon.

Do you have a private key for your account? Are you the only one who owns the key? Then the account is yours. Otherwise it can belongs to someone else - this is the case of Mastodon and other social media accounts.

If you have only the username/password, then the service provider is the person who can publish content on behalf of you, or do whatever they want with your account. They are also responsible for protecting your identity. But do they their best for protecting you? Can you trust them?

Similarities with custodial and non-custodial #wallets are not accidental.

#privacy #socialmedia #ownership #crypto #keys

quoting nevent1q…4etn
Critical #vulnerability in #Mastodon. Attackers can impersonate and take over any remote account. Users cannot do anything, this issue mast be solved by admins of Mastodon instances. And they should update their instances as soon as possible, on 2024-02-15 more details about vulnerability will be published.

However, this announcement means that attackers will focus their research to origin validation in Mastodon. So, we can expect exploitation attempts soon. And in two weeks, provided with details from updated announcement, it will be very easy to come up with an exploit, as announcement said.

https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

MalwareLab on Nostr: This clearly demonstrates the meaning of real ownership of our accounts and the ...