Back

Update:

172 Pixelfed servers with an active user count of 1,025 remain unpatched after a critical update was made available a week ago, and may be leaking posts you intend for your followers only.

If you have a locked account (follow approvals required) AND you post to followers only, we are providing an import file you can use to personally block these domains.

Instructions will follow in reply to this post.

Download the domain list: https://drive.google.com/uc?export=download&id=13iMH5BuXeQCpUWHHeNVfj3Vyz5aM1kxf

Importing this list will sever any existing connections you have from these servers, including approved AND unapproved followers.

To import the domain list:

Visit https://toot.wales/settings/imports
Select "Domain Blocking List"
Click "Choose File" and select the CSV file you downloaded in the previous step
Select "Merge"
Click "Upload"

The domain blocks will then be queued for action, and will update shortly thereafter.

If you have any questions about this update please email help@toot.wales

All Pixelfed servers on version 0.12.3 or earlier have already been suspended for all toot.wales members - and we have re-connected to a small number that have updated in the past week.

We will review the unpatched servers after 28 days of the updated version being available, and will likely suspend any remaining unpatched servers for all members at that time.

The above guidance is for private accounts that need to take precautions before we enact service-wide suspensions.

98 Pixelfed service providers hosting 547 active accounts have still not updated to reflect a critical privacy update that was released over 30 days ago.

We have suspended communication with 92 of these providers. 6 of these providers have existing follow relationships on Tŵt and remain connected.

These 6 providers will be monitored over the next 30 days, and if they are still not updated we may take further action.