A rogue instance can very easily just hijack all sorts of federated content and force it into a certain state as desired.
I’m really not sure what you mean by this, can you elaborate?
There is not really any mechanism for tracking source authority for federated updates, and there are definitely already signs that this is getting exploited to promote certain content and fuck with vote totals IMO.
I’m not sure what you mean by “not any mechanism for tracking source authority”. Admins on their own instance are in control of what happens to the content and they’ll know if another site edits content or whatever as that is sent as requests in ActivityPub.
Are updates authenticated? Or can I send an update to lemmy.world from 123.123.123.123 (which is not the IP address of feddit.de) that you have edited your comment to say “I don’t like pizza”?
If updates are not authenticated this really could be a big problem.
You cannot do that, no. Edits are authenticated in the sense that the request must come from the instance of the user.
Your admin could in principle send such a request for you. But then you’re talking about a malicious admin and then all bets are off. Obviously admins are in full control of everything on their own instance, including being able to edit their own users stuff. Not that any reasonable admin would do that.
I’m really not sure what you mean by this, can you elaborate?
I’m not sure what you mean by “not any mechanism for tracking source authority”. Admins on their own instance are in control of what happens to the content and they’ll know if another site edits content or whatever as that is sent as requests in ActivityPub.
What are the signs you’re referring to?
Are updates authenticated? Or can I send an update to lemmy.world from 123.123.123.123 (which is not the IP address of feddit.de) that you have edited your comment to say “I don’t like pizza”?
If updates are not authenticated this really could be a big problem.
You cannot do that, no. Edits are authenticated in the sense that the request must come from the instance of the user.
Your admin could in principle send such a request for you. But then you’re talking about a malicious admin and then all bets are off. Obviously admins are in full control of everything on their own instance, including being able to edit their own users stuff. Not that any reasonable admin would do that.