Live testing of remote categories
-
Bit of a thought experiment here as to how to handle these duplicate accounts.
(tl;dr two federated accounts with different IDs report the same webfinger handle, what do?)
Let's say @[email protected] posts an English article under his account (and then is federated), and posts a translated Japanese one that is also federated, but under the Japanese ID.
What should NodeBB do when encountering the latter? Currently, it will try to assert the actor, fail the webfinger backreference check, and probably drop the post. Not so good.
One could adjust the actor to the former (canonical ID), but that's not technically right either.
That also opens up potential account impersonation possibilities, so that is something that would need addressing as well.
-
@[email protected] just wanted to poke you about this issue again.
The latest updates to NodeBB now do a webfinger backcheck to ensure that the actor has a valid webfinger entry for their purported handle. If it does not, then the user is not properly created. Mastodon also does this. This check is probably for security as well as for preventing handle collisions.
The multilingual plugin in conjunction with the ActivityPub plugin creates users that share the same handle, and that causes issues with federated content.
For example, this article by @[email protected] will load up just fine in Mastodon, but this japanese article by @[email protected] will not, because that second article's
attributedToishttps://vivaldi.com/ja/?author=176, which fails that check (the author's ID is actually https://vivaldi.com?author=176 as per the handle backcheck)cc @AltCode
