ActivityPub Viewer

A small tool to view real-world ActivityPub objects as JSON! Enter a URL or username from Mastodon or a similar service below, and we'll send a request with the right Accept header to the server to view the underlying object.

Open in browser →
{ "@context": [ "https://www.w3.org/ns/activitystreams", { "ostatus": "http://ostatus.org#", "atomUri": "ostatus:atomUri", "inReplyToAtomUri": "ostatus:inReplyToAtomUri", "conversation": "ostatus:conversation", "sensitive": "as:sensitive", "toot": "http://joinmastodon.org/ns#", "votersCount": "toot:votersCount", "blurhash": "toot:blurhash", "focalPoint": { "@container": "@list", "@id": "toot:focalPoint" }, "Hashtag": "as:Hashtag" } ], "id": "https://mastodon.bsd.cafe/users/Dendrobatus_Azureus/statuses/114479419352623538", "type": "Note", "summary": null, "inReplyTo": null, "published": "2025-05-09T19:01:51Z", "url": "https://mastodon.bsd.cafe/@Dendrobatus_Azureus/114479419352623538", "attributedTo": "https://mastodon.bsd.cafe/users/Dendrobatus_Azureus", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://mastodon.bsd.cafe/users/Dendrobatus_Azureus/followers" ], "sensitive": false, "atomUri": "https://mastodon.bsd.cafe/users/Dendrobatus_Azureus/statuses/114479419352623538", "inReplyToAtomUri": null, "conversation": "tag:bsd.cafe,2025-05-09:objectId=16775166:objectType=Conversation", "content": "<p>The Deepin frightmare </p><p>Excerpt from linked site<br />&gt;&gt;<br />After reviewing the main D-Bus service, we could not help ourselves but call it a security nightmare. The service methods were not only unauthenticated and thus accessible to all users in the system, but the D-Bus configuration file also allowed anybody to own the D-Bus service path on the system bus, which could lead to impersonation of the daemon. Among other issues, the D-Bus service allowed anybody in the system to create arbitrary new UNIX groups, add arbitrary users to arbitrary groups, set arbitrary users’ Samba passwords or overwrite almost any file on the system by invoking mkfs on them as root, leading to data loss and denial-of-service. The daemon did contain some Polkit authentication code, but it was all found in unused code paths; to top it all off, this code used the deprecated UnixProcess Polkit subject in an unsafe way, which would make it vulnerable to race conditions allowing authentication bypass, if it had been used.<br />&lt;&lt;</p><p>¿WTF?</p><p><a href=\"https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">security.opensuse.org/2025/05/</span><span class=\"invisible\">07/deepin-desktop-removal.html</span></a></p><p><a href=\"https://mastodon.bsd.cafe/tags/openSUSE\" class=\"mention hashtag\" rel=\"tag\">#<span>openSUSE</span></a> <a href=\"https://mastodon.bsd.cafe/tags/Linux\" class=\"mention hashtag\" rel=\"tag\">#<span>Linux</span></a> <a href=\"https://mastodon.bsd.cafe/tags/POSIX\" class=\"mention hashtag\" rel=\"tag\">#<span>POSIX</span></a> <a href=\"https://mastodon.bsd.cafe/tags/OpenSource\" class=\"mention hashtag\" rel=\"tag\">#<span>OpenSource</span></a> <a href=\"https://mastodon.bsd.cafe/tags/programming\" class=\"mention hashtag\" rel=\"tag\">#<span>programming</span></a> <br /><a href=\"https://mastodon.bsd.cafe/tags/Deepin\" class=\"mention hashtag\" rel=\"tag\">#<span>Deepin</span></a> <a href=\"https://mastodon.bsd.cafe/tags/WTF\" class=\"mention hashtag\" rel=\"tag\">#<span>WTF</span></a> <a href=\"https://mastodon.bsd.cafe/tags/frightmare\" class=\"mention hashtag\" rel=\"tag\">#<span>frightmare</span></a> <a href=\"https://mastodon.bsd.cafe/tags/Infosec\" class=\"mention hashtag\" rel=\"tag\">#<span>Infosec</span></a> <a href=\"https://mastodon.bsd.cafe/tags/nightmare\" class=\"mention hashtag\" rel=\"tag\">#<span>nightmare</span></a> <a href=\"https://mastodon.bsd.cafe/tags/elmStreet\" class=\"mention hashtag\" rel=\"tag\">#<span>elmStreet</span></a></p>", "contentMap": { "en": "<p>The Deepin frightmare </p><p>Excerpt from linked site<br />&gt;&gt;<br />After reviewing the main D-Bus service, we could not help ourselves but call it a security nightmare. The service methods were not only unauthenticated and thus accessible to all users in the system, but the D-Bus configuration file also allowed anybody to own the D-Bus service path on the system bus, which could lead to impersonation of the daemon. Among other issues, the D-Bus service allowed anybody in the system to create arbitrary new UNIX groups, add arbitrary users to arbitrary groups, set arbitrary users’ Samba passwords or overwrite almost any file on the system by invoking mkfs on them as root, leading to data loss and denial-of-service. The daemon did contain some Polkit authentication code, but it was all found in unused code paths; to top it all off, this code used the deprecated UnixProcess Polkit subject in an unsafe way, which would make it vulnerable to race conditions allowing authentication bypass, if it had been used.<br />&lt;&lt;</p><p>¿WTF?</p><p><a href=\"https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">security.opensuse.org/2025/05/</span><span class=\"invisible\">07/deepin-desktop-removal.html</span></a></p><p><a href=\"https://mastodon.bsd.cafe/tags/openSUSE\" class=\"mention hashtag\" rel=\"tag\">#<span>openSUSE</span></a> <a href=\"https://mastodon.bsd.cafe/tags/Linux\" class=\"mention hashtag\" rel=\"tag\">#<span>Linux</span></a> <a href=\"https://mastodon.bsd.cafe/tags/POSIX\" class=\"mention hashtag\" rel=\"tag\">#<span>POSIX</span></a> <a href=\"https://mastodon.bsd.cafe/tags/OpenSource\" class=\"mention hashtag\" rel=\"tag\">#<span>OpenSource</span></a> <a href=\"https://mastodon.bsd.cafe/tags/programming\" class=\"mention hashtag\" rel=\"tag\">#<span>programming</span></a> <br /><a href=\"https://mastodon.bsd.cafe/tags/Deepin\" class=\"mention hashtag\" rel=\"tag\">#<span>Deepin</span></a> <a href=\"https://mastodon.bsd.cafe/tags/WTF\" class=\"mention hashtag\" rel=\"tag\">#<span>WTF</span></a> <a href=\"https://mastodon.bsd.cafe/tags/frightmare\" class=\"mention hashtag\" rel=\"tag\">#<span>frightmare</span></a> <a href=\"https://mastodon.bsd.cafe/tags/Infosec\" class=\"mention hashtag\" rel=\"tag\">#<span>Infosec</span></a> <a href=\"https://mastodon.bsd.cafe/tags/nightmare\" class=\"mention hashtag\" rel=\"tag\">#<span>nightmare</span></a> <a href=\"https://mastodon.bsd.cafe/tags/elmStreet\" class=\"mention hashtag\" rel=\"tag\">#<span>elmStreet</span></a></p>" }, "updated": "2025-05-09T19:26:12Z", "attachment": [ { "type": "Document", "mediaType": "image/jpeg", "url": "https://media.bsd.cafe/bsdmmedia01/media_attachments/files/114/479/451/841/100/618/original/89f24b88fc5815c5.jpg", "name": " The screencap shows a screenshot of a mobile device displaying a blog post from the SUSE Security Team. The post is titled \"Removal of Deepin Desktop from openSUSE due to Packaging Policy Violation\" and is authored by Matthias Gerstner, dated May 7, 2025. The post is categorized under the tags #POLKIT, #D-BUS, and #DEEPIN. The table of contents includes sections titled \"Introduction\" and \"Bypass of the openSUSE.\" The background of the blog post is dark, with white and green text. The device's status bar at the top shows the time as 16:09, the weather as cloudy with a temperature of 29°, and a battery level of 84%. The URL in the browser's address bar is \"security.opensuse.org.\"\n\n Ovis2-8B\n\n🌱 Energy used: 0.212 Wh", "blurhash": "U36uFd?uIAfk%MaLbuoy01IUx[j[5$XQsqRj", "width": 1080, "height": 2400 } ], "tag": [ { "type": "Hashtag", "href": "https://mastodon.bsd.cafe/tags/opensuse", "name": "#opensuse" }, { "type": "Hashtag", "href": "https://mastodon.bsd.cafe/tags/linux", "name": "#linux" }, { "type": "Hashtag", "href": "https://mastodon.bsd.cafe/tags/posix", "name": "#posix" }, { "type": "Hashtag", "href": "https://mastodon.bsd.cafe/tags/opensource", "name": "#opensource" }, { "type": "Hashtag", "href": "https://mastodon.bsd.cafe/tags/deepin", "name": "#deepin" }, { "type": "Hashtag", "href": "https://mastodon.bsd.cafe/tags/frightmare", "name": "#frightmare" }, { "type": "Hashtag", "href": "https://mastodon.bsd.cafe/tags/infosec", "name": "#infosec" }, { "type": "Hashtag", "href": "https://mastodon.bsd.cafe/tags/nightmare", "name": "#nightmare" }, { "type": "Hashtag", "href": "https://mastodon.bsd.cafe/tags/elmstreet", "name": "#elmstreet" }, { "type": "Hashtag", "href": "https://mastodon.bsd.cafe/tags/programming", "name": "#programming" }, { "type": "Hashtag", "href": "https://mastodon.bsd.cafe/tags/wtf", "name": "#wtf" } ], "replies": { "id": "https://mastodon.bsd.cafe/users/Dendrobatus_Azureus/statuses/114479419352623538/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://mastodon.bsd.cafe/users/Dendrobatus_Azureus/statuses/114479419352623538/replies?min_id=114479453002627386&page=true", "partOf": "https://mastodon.bsd.cafe/users/Dendrobatus_Azureus/statuses/114479419352623538/replies", "items": [ "https://mastodon.bsd.cafe/users/Dendrobatus_Azureus/statuses/114479431282241381", "https://mastodon.bsd.cafe/users/Dendrobatus_Azureus/statuses/114479453002627386" ] } }, "likes": { "id": "https://mastodon.bsd.cafe/users/Dendrobatus_Azureus/statuses/114479419352623538/likes", "type": "Collection", "totalItems": 4 }, "shares": { "id": "https://mastodon.bsd.cafe/users/Dendrobatus_Azureus/statuses/114479419352623538/shares", "type": "Collection", "totalItems": 6 } }