

This is a major blind spot to the fediverse and it was easily exploited several years ago, when a disgruntled hacker made a bunch of accounts on unsecured misskey instances and used them to spam the whole network via federation. People tried to defederate from the instances, but the attacker eventually started spinning up his own. All he needed was to ensure at least one user on another instance would see his new instances.
Russia and other NSA’s could easily use the same strategy: no effective countermeasure was developed, the attacker simply got bored and stopped.


Indeed.