In-reply-to » Another thing: At the moment, anyone could claim that some feed contained a certain message which was then removed again by just creating the hash over the fake message in said feed and invented timestamp themselves. Nobody can ever verify that this was never the case in the first place and completely made up. So, our twt hashes have to be taken with a grain of salt.

@prologic@twtxt.net I only saw your previous twt right now. You said:

In order for this to be true, yarnd would have to be maliciously fabricating a Twt with the Hash D.

Yep, that’s one way.

Now, I have no idea how any of the gossipping stuff in Yarn works, but maybe a malicious pod could also inject such a fabricated twt into your cache by gossipping it?

Either way, hashes are just integrity checks basically, not proof that a certain feed published a certain twt.

⤋ Read More