Attached: 1 image
Queer.af mastodon instance has been shut down by the Taliban (not a joke, they seized the domain name).
https://akko.erincandescent.net/notice/AenoDMPN0SdVXSq9ZY
Unfortunately, I think due to the way ActivityPub works, the domain name is inexorably tied to the instance. Trying to migrate to a new domain name would break a lot of federation to my understanding.
Yep, the other workaround that’s elsewhere in this thread is to set up an entry with a different authoritative DNS in the hosts file, allowing a single machine to resolve the old domain manually.
This could be part of a greater effort, basically asking other instances to help the users evacuate the instance and transfer their accounts, before running tootctl self-destruct
Does federation involve some sort of key exchange? If not, would that mean that if one loses control of a domain somebody could spin up a new Lemmy instance to spoof the old one and potentially harvest data?
The main privacy/security issue is mostly mitigated by the fact that there’s a sync behavior for accounts and follows and distribution of content where the host can push revocation messages, triggering other servers to delete follows and wipe cached account data originating from that hosting server, which means that somebody who takes over a domain after a wipe can’t imitate the exact same accounts. But old links can still be redirected because there’s no way to verify what they were supposed to point to, so some degree of impersonation remains possible unless other servers agree to preemptively defederate…
Unfortunately, I think due to the way ActivityPub works, the domain name is inexorably tied to the instance. Trying to migrate to a new domain name would break a lot of federation to my understanding.
It looks like someone posted an attempt at a workaround here (latest reply): https://github.com/mastodon/mastodon/issues/5774
But it does require the
self-destruct
button because the old domain name has to be erased from other servers.Yep, the other workaround that’s elsewhere in this thread is to set up an entry with a different authoritative DNS in the hosts file, allowing a single machine to resolve the old domain manually.
This could be part of a greater effort, basically asking other instances to help the users evacuate the instance and transfer their accounts, before running
tootctl self-destruct
Does federation involve some sort of key exchange? If not, would that mean that if one loses control of a domain somebody could spin up a new Lemmy instance to spoof the old one and potentially harvest data?
Not in ActivityPub no.
The main privacy/security issue is mostly mitigated by the fact that there’s a sync behavior for accounts and follows and distribution of content where the host can push revocation messages, triggering other servers to delete follows and wipe cached account data originating from that hosting server, which means that somebody who takes over a domain after a wipe can’t imitate the exact same accounts. But old links can still be redirected because there’s no way to verify what they were supposed to point to, so some degree of impersonation remains possible unless other servers agree to preemptively defederate…