Solid server will fetch any thing on the web: is it even legal to run it?

vkraus · September 27, 2021, 8:08pm

Solid servers may fetch the user’s webid document to confirm the identity provider if it is not the same host name, and will fetch the public keys for all identity providers (to check the access token). Identity providers will also fetch client registration documents.

Any user can in fact make the Solid server connect to any other server. What if a malicious user makes my server connect to a website that is illegal to even visit (for instance, one hosting child pornography or terrorist propaganda)? Has anyone ever been in this situation? Are there recommendations for self-hosting a Solid server in this regard?

Vincent · September 28, 2021, 6:25am

I’m not a lawyer, but given that I can just insert an image tag here that will make your browser go fetch whatever website, I don’t think that that’s actually a problem anywhere.

vkraus · September 28, 2021, 8:15am

I can just insert an image tag here that will make your browser go fetch whatever website

I see your point. This forum would also share a big chunk of the responsibility because it publishes this link, but noone would know that and I would be in the same situation.

Topic		Replies	Views
One-time / Short-span remote authenticated fetch? Build a Solid App	7	220	June 25, 2024
Web error: 401 (Unauthorized) on GET Self Host a Solid Pod	11	3219	December 25, 2018
So close but... any help is appreciated	3	622	November 11, 2022
Using alternative WebID with SOLID	0	385	February 24, 2021
User Experience with Solid: remembering the Idp	2	365	October 30, 2023

Solid server will fetch any thing on the web: is it even legal to run it?

Related topics