#snarfedaaronpk: bridgy is sending w7apk wms to aaronparecki.com because https://twitter.com/w7apk has aaronparecki.com in its profile, so bridgy searches for and sends links to it
#snarfedas you saw, all the source mf2 properties are the same regardless of source twitter account, and target url is the same
#snarfedyou can make bridgy serve a source page with your own twitter username, yes, but mf2 u-url overrides that. (and even if not, seems pretty harmless)
#snarfedheh the security implications of these protocols can be tricky and non-obvious to think through sometimes
#snarfedlike when bridgy publish was totally open, and you still could only publish things that person had already published on their site...but you could syndicate something to a silo they hadn't intended
#aaronpkso the only threat really is a DoS attack where someone could get bridgy to use the attacker's twitter credentials which they could somehow manipulate into hitting twitter's rate limit
#snarfedeh yeah but you can do that now by just DoSing someone's bridgy source urls, without messing with profile URLs
#aaronpkyeah that seemed like a stretch while i was typing it :)