diff --git a/src/activitypub/notes.js b/src/activitypub/notes.js
index b083811644..8e1d6232ef 100644
--- a/src/activitypub/notes.js
+++ b/src/activitypub/notes.js
@@ -74,8 +74,8 @@ Notes.assert = async (uid, input, options = { skipChecks: false }) => {
 	mainPid = utils.isNumber(mainPid) ? parseInt(mainPid, 10) : mainPid;
 
 	// Relation & privilege check for local categories
-	const privilege = `topics:${tid ? 'reply' : 'create'}`;
 	const hasRelation = options.skipChecks || hasTid || await assertRelation(chain[0]);
+	const privilege = `topics:${tid ? 'reply' : 'create'}`;
 	const allowed = await privileges.categories.can(privilege, cid, activitypub._constants.uid);
 	if (!hasRelation || !allowed) {
 		if (!hasRelation) {
diff --git a/src/posts/index.js b/src/posts/index.js
index 00b82922b1..59c61381b9 100644
--- a/src/posts/index.js
+++ b/src/posts/index.js
@@ -47,9 +47,6 @@ Posts.getPostsByPids = async function (pids, uid) {
 		return [];
 	}
 
-	// todo: remove if not needed (and if this is still commented out after March 2024, then it wasn't needed)
-	// const remotePids = pids.filter(pid => !utils.isNumber(pid));
-	// await activitypub.notes.assert(uid, remotePids);
 	let posts = await Posts.getPostsData(pids);
 	posts = await Promise.all(posts.map(Posts.parsePost));
 	const data = await plugins.hooks.fire('filter:post.getPosts', { posts: posts, uid: uid });