That’s reassuring to know. What I don’t understand is why you have the /api/v3/post/like/list
route. You say you don’t want votes to be snooped on, but then you add an endpoint that makes it very easy for instance admins to do exactly that if they choose to? Also worth pointing out that the tool linked here wouldn’t work in its current form if this route didn’t exist.
JRaccoon
Just a lvl 28 guy from Finland. Full-stack web developer and Scrum Master by trade, but more into server-side programming, networking, and sysadmin stuff.
During the summer, I love trekking, camping, and going on long hiking adventures. Also somewhat of an avgeek and a huge Lego fanatic.
- 0 Posts
- 4 Comments
Compare your actions to releasing a 0-day exploit for a security vulnerability instead of responsibly disclosing. It doesn’t help, it just causes chaos until the people who do the actual work can figure out a solution.
This comparison is not fair at all. It’s not like the devs are unaware of this. They could start by removing the API endpoint that lists a post’s votes, but they haven’t, which means they seem to think it’s okay for the instance admins to snoop on votes if they so wish.
JRaccoon@discuss.tchncs.deto Crazy Fucking Videos@lemmy.world•South Korea plane crash, Boeing 737-800 from Jeju airEnglish0·6 months agoIs it just me or does it feel that 2024 has not been a very good year in aviation safety? It seems that almost every month there’s news about some major crash or incident and then of course there was the whole fiasco with Boeing
He would be the perfect host for the show