Many activitypub servers are starting to enable Mastodon style authorized fetch for security reasons. As plume does not sign the user fetches, this means it is not possible to fetch actor information from these servers
The current solution is rather hacky, but it is the best we can figure out without more input and guidance. The ideal solution is to have a quasi actor that can sign these requests and be transparent to the user. As of now it merely fetches the first local user that comes to hand and signs the request with their information.