Hot take: It is bad that #ActivityPub software implements #AUTHORIZED_FETCH, also known as secure mode, because, contrary to its name, it does not actually contribute to security and instead gives a false sense of security.
https://swicg.github.io/activitypub-http-signature/#authorized-fetch
所信發言: #ActivityPub 소프트웨어들이 #AUTHORIZED_FETCH, 이른바 시큐어 모드(secure mode)를 갖추는 것은 이름과 달리 정말로 시큐리티가 나아지게 하지 않으며, 오히려 安全하다는 錯覺(false sense of security)을 주기 때문에 나쁘다고 생각한다.
https://swicg.github.io/activitypub-http-signature/#authorized-fetch
フォロー
所信発言:ActivityPubのソフトウェアがAUTHORIZED_FETCH、通称セキュアモード(secure mode)を実装するのは、名前と違って実際にセキュリティに貢献しないし、むしろ安全だという錯覚(false sense of security)を与えるので悪いと思う。
https://swicg.github.io/activitypub-http-signature/#authorized-fetch
その証拠に、AUTHORIZED_FETCHを要求するActivityPubオブジェクトは単純に`fedify lookup -a`コマンドで簡単に照会する事が出来る。
https://fedify.dev/cli#a-authorized-fetch-authorized-fetch