i say this because at some point i wonder how much it'd be worth it to even report these anymore. i started doing it because i believed i could make other people realise that security can't just be an afterthought, but that people should cooperate and look at each other's mistakes. and what happens? people repeat the same mistakes. Mastodon, Pleroma, Pixelfed, all of those /seperately/ i reported that they trusted object IDs. it just keeps happening. it's like whack-a-mole. fix the bug in one place, it pops up in another place.