tweak wording

.config/ci.yml

@@ -201,6 +201,9 @@ proxyRemoteFiles: true
 # Sign outgoing ActivityPub GET request (default: true)
 signToActivityPubGet: true
 # Sign outgoing ActivityPub Activities (default: true)
+# Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity.
+# When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances.
+# This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests.
 attachLdSignatureForRelays: true
 # check that inbound ActivityPub GET requests are signed ("authorized fetch")
 checkActivityPubGetSignature: false

.config/docker_example.yml

@@ -273,6 +273,9 @@ proxyRemoteFiles: true
 # Sign outgoing ActivityPub GET request (default: true)
 signToActivityPubGet: true
 # Sign outgoing ActivityPub Activities (default: true)
+# Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity.
+# When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances.
+# This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests.
 attachLdSignatureForRelays: true
 # check that inbound ActivityPub GET requests are signed ("authorized fetch")
 checkActivityPubGetSignature: false

.config/example.yml

@@ -288,6 +288,9 @@ proxyRemoteFiles: true
 # Sign outgoing ActivityPub GET request (default: true)
 signToActivityPubGet: true
 # Sign outgoing ActivityPub Activities (default: true)
+# Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity.
+# When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances.
+# This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests.
 attachLdSignatureForRelays: true
 # check that inbound ActivityPub GET requests are signed ("authorized fetch")
 checkActivityPubGetSignature: false

chart/files/default.yml

@@ -211,6 +211,9 @@ id: "aidx"
 # Sign outgoing ActivityPub GET request (default: true)
 signToActivityPubGet: true
 # Sign outgoing ActivityPub Activities (default: true)
+# Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity.
+# When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances.
+# This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests.
 attachLdSignatureForRelays: true
 # check that inbound ActivityPub GET requests are signed ("authorized fetch")
 checkActivityPubGetSignature: false

packages/backend/src/core/activitypub/ApRendererService.ts

@@ -793,8 +793,9 @@ export class ApRendererService {
 
 	@bindThis
 	public async attachLdSignature(activity: any, user: { id: MiUser['id']; host: null; }): Promise<IActivity> {
-		// When using authorized fetch, Linked Data signatures are often undesired (as it can allow blocked instances to bypass the check).
-		// We allow admins to disable LD signatures for increased privacy, at the expense of increased incoming fetch (GET) requests.
+		// Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity.
+		// When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances.
+		// This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests.
 		if (!this.config.attachLdSignatureForRelays) {
 			return activity;
 		}