- From: Johannes Ernst <johannes.ernst@gmail.com>
- Date: Sat, 18 May 2024 15:22:56 -0700
- To: public-swicg@w3.org
Received on Saturday, 18 May 2024 22:23:13 UTC
Apparently it is common practice for Fediverse nodes to send DELETE Actor to all instances in the Fediverse that they know of, regardless of whether they have any reason to believe that a given instance has any information about that actor. That appears to be a perfect setup for a DDoS attack: 1) create account 2) delete account, and you get a multiplier that's the number of servers in the fediverse. It’s not obvious to me how to solve this. But it appears it's a better time to think about it now'ish than once an actual attack is in progress. Cheers, Johannes. Johannes Ernst Fediforum <https://fediforum.org/> Dazzle Labs <https://dazzlelabs.net/>
Received on Saturday, 18 May 2024 22:23:13 UTC