Lemmy in general is filled with potential security and privacy holes. The threat surface is just too massive.
Not to mention it has a bunch of vulnerabilities in terms of just basic forum functionality. A rogue instance can very easily just hijack all sorts of federated content and force it into a certain state as desired. Especially if that content is old. There is not really any mechanism for tracking source authority for federated updates, and there are definitely already signs that this is getting exploited to promote certain content and fuck with vote totals IMO.
None of this really matters at this point because Lemmy is insignificant, but it kind of places a limit on how much Lemmy can be scaled before it just becomes even more of a cringe propaganda wasteland than it already is.
A rogue instance can very easily just hijack all sorts of federated content and force it into a certain state as desired.
I’m really not sure what you mean by this, can you elaborate?
There is not really any mechanism for tracking source authority for federated updates, and there are definitely already signs that this is getting exploited to promote certain content and fuck with vote totals IMO.
I’m not sure what you mean by “not any mechanism for tracking source authority”. Admins on their own instance are in control of what happens to the content and they’ll know if another site edits content or whatever as that is sent as requests in ActivityPub.
What are the signs you’re referring to?
