diff --git a/app/models/account_deletion.rb b/app/models/account_deletion.rb
index c3ca2e1421fa2a9a6c47393ff53a21477acac125..492929e5ba11386957c62e995f2565a7f4055c06 100644
--- a/app/models/account_deletion.rb
+++ b/app/models/account_deletion.rb
@@ -9,8 +9,6 @@ class AccountDeletion < ActiveRecord::Base
   belongs_to :person
   after_create :queue_delete_account
 
-  attr_accessible :person
-
   xml_name :account_deletion
   xml_attr :diaspora_handle
 
diff --git a/app/models/aspect.rb b/app/models/aspect.rb
index ef7e49ae4fad4cb6f8ef1ad6bfbe5d026609bf90..c3d9de4a11cad8a261f72d670ac967b1ade8b313 100644
--- a/app/models/aspect.rb
+++ b/app/models/aspect.rb
@@ -3,8 +3,6 @@
 #   the COPYRIGHT file.
 
 class Aspect < ActiveRecord::Base
-  include ActiveModel::ForbiddenAttributesProtection
-  
   belongs_to :user
 
   has_many :aspect_memberships, :dependent => :destroy
diff --git a/app/models/block.rb b/app/models/block.rb
index 146227ad4b2e0a494f875ace7e64e41969e99d9d..361e4d934a1ea3b6bc0f8116be546416a9860441 100644
--- a/app/models/block.rb
+++ b/app/models/block.rb
@@ -1,5 +1,4 @@
 class Block < ActiveRecord::Base
-  include ActiveModel::ForbiddenAttributesProtection
   
   belongs_to :person
   belongs_to :user
diff --git a/app/models/conversation.rb b/app/models/conversation.rb
index 531cd0b9fee412840fd8c56d5afaeb10f4d8a9ad..8d2f25c252e22b0b39d13912d4c8ad4c28c75c63 100644
--- a/app/models/conversation.rb
+++ b/app/models/conversation.rb
@@ -1,7 +1,6 @@
 class Conversation < ActiveRecord::Base
   include Diaspora::Federated::Base
   include Diaspora::Guid
-  include ActiveModel::ForbiddenAttributesProtection
 
   xml_attr :subject
   xml_attr :created_at
diff --git a/app/models/invitation.rb b/app/models/invitation.rb
index 1f2aa9cee63383c4791ad9fc8d37e46948367501..40e5037c9fa4584fd918bde483dd6eb8df97c33e 100644
--- a/app/models/invitation.rb
+++ b/app/models/invitation.rb
@@ -9,8 +9,6 @@ class Invitation < ActiveRecord::Base
   belongs_to :recipient, :class_name => 'User'
   belongs_to :aspect
 
-  attr_accessible :sender, :recipient, :aspect, :language, :service, :identifier, :admin, :message
-
   before_validation :set_email_as_default_service
 
  # before_create :share_with_exsisting_user, :if => :recipient_id?
diff --git a/app/models/o_embed_cache.rb b/app/models/o_embed_cache.rb
index 1d0ec6fb9fcc2c71e050490d54525283fb499ce2..9aee6d00b6c67dd42f1ff10a3afba12e37c7c673 100644
--- a/app/models/o_embed_cache.rb
+++ b/app/models/o_embed_cache.rb
@@ -1,6 +1,5 @@
 class OEmbedCache < ActiveRecord::Base
   serialize :data
-  attr_accessible :url
   validates :data, :presence => true
 
   has_many :posts
diff --git a/app/models/photo.rb b/app/models/photo.rb
index 7df5ab9bbeeadacddafaf2bea8b90feded3b64c1..f34d6f3fb02f233902a7f349597bf52bdac7fe20 100644
--- a/app/models/photo.rb
+++ b/app/models/photo.rb
@@ -41,7 +41,6 @@ class Photo < ActiveRecord::Base
   validates_associated :status_message
   delegate :author_name, to: :status_message, prefix: true
 
-  attr_accessible :text, :pending
   validate :ownership_of_status_message
 
   before_destroy :ensure_user_picture
@@ -69,7 +68,7 @@ class Photo < ActiveRecord::Base
   end
 
   def self.diaspora_initialize(params = {})
-    photo = self.new params.to_hash
+    photo = self.new params.to_hash.slice(:text, :pending)
     photo.author = params[:author]
     photo.public = params[:public] if params[:public]
     photo.pending = params[:pending] if params[:pending]
diff --git a/app/models/post.rb b/app/models/post.rb
index d5e466caba4ecf5fdefff3f181d97e671afda95a..59968356f5adf82a05a7c122aa674709e5b2f8b1 100644
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -116,7 +116,7 @@ class Post < ActiveRecord::Base
   #############
 
   def self.diaspora_initialize(params)
-    new_post = self.new params.to_hash
+    new_post = self.new params.to_hash.stringify_keys.slice(*self.column_names)
     new_post.author = params[:author]
     new_post.public = params[:public] if params[:public]
     new_post.pending = params[:pending] if params[:pending]
diff --git a/app/models/profile.rb b/app/models/profile.rb
index 5a8073d3b965f7d4a37b57b3337afbfb62bc6ac2..76a56d73e4c360ea052afcfa3d13b3dcc6540ab4 100644
--- a/app/models/profile.rb
+++ b/app/models/profile.rb
@@ -38,9 +38,6 @@ class Profile < ActiveRecord::Base
   validate :max_tags
   validate :valid_birthday
 
-  attr_accessible :first_name, :last_name, :image_url, :image_url_medium,
-    :image_url_small, :birthday, :gender, :bio, :location, :searchable, :date, :tag_string, :nsfw
-
   belongs_to :person
   before_validation do
     self.tag_string = self.tag_string.split[0..4].join(' ')
@@ -57,7 +54,8 @@ class Profile < ActiveRecord::Base
 
   def receive(user, person)
     Rails.logger.info("event=receive payload_type=profile sender=#{person} to=#{user}")
-    person.profile.update_attributes self.attributes.merge(:tag_string => self.tag_string)
+    profiles_attr = self.attributes.merge('tag_string' => self.tag_string).slice('diaspora_handle', 'first_name', 'last_name', 'image_url', 'image_url_small', 'image_url_medium', 'birthday', 'gender', 'bio', 'location', 'searchable', 'nsfw', 'tag_string')
+    person.profile.update_attributes(profiles_attr) 
 
     person.profile
   end
diff --git a/app/models/reshare.rb b/app/models/reshare.rb
index 5b3c5341bb8cab0d60975f2e7de727cfd6647463..e5728429b11a5d29e77e4c81fab51677410bd3c3 100644
--- a/app/models/reshare.rb
+++ b/app/models/reshare.rb
@@ -6,7 +6,6 @@ class Reshare < Post
 
   belongs_to :root, :class_name => 'Post', :foreign_key => :root_guid, :primary_key => :guid
   validate :root_must_be_public
-  attr_accessible :root_guid, :public
   validates_presence_of :root, :on => :create
   validates_uniqueness_of :root_guid, :scope => :author_id
   delegate :author, to: :root, prefix: true
diff --git a/app/models/status_message.rb b/app/models/status_message.rb
index 13821c4bdbe0261b07f9e10e1ee8cde13fb6f56f..f580be28dbaf9e3aafed772764c174584f9ecd97 100644
--- a/app/models/status_message.rb
+++ b/app/models/status_message.rb
@@ -25,7 +25,6 @@ class StatusMessage < Post
   # therefore, we put the validation in a before_destory callback instead of a validation
   before_destroy :presence_of_content
 
-  attr_accessible :text, :provider_display_name, :frame_name
   attr_accessor :oembed_url
 
   before_create :filter_mentions
diff --git a/app/models/user.rb b/app/models/user.rb
index 1170b008270c76d43e6ba72eed3d6328d80e394f..92d9cb8e86fc89d21e6b170359b87c1d086a536c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -7,7 +7,6 @@ class User < ActiveRecord::Base
   include Connecting
   include Querying
   include SocialActions
-  include ActiveModel::ForbiddenAttributesProtection
 
   scope :logged_in_since, lambda { |time| where('last_sign_in_at > ?', time) }
   scope :monthly_actives, lambda { |time = Time.now| logged_in_since(time - 1.month) }
@@ -327,6 +326,7 @@ class User < ActiveRecord::Base
       params[:image_url_small] = photo.url(:thumb_small)
     end
 
+    params.stringify_keys!.slice!(*(Profile.column_names+['tag_string', 'date']))
     if self.profile.update_attributes(params)
       deliver_profile_update
       true
diff --git a/spec/models/photo_spec.rb b/spec/models/photo_spec.rb
index f9e8d2036a9694ebcf3197cf08e472c2e54d0b0a..3b71e2b6eb5866de061af21ab76bf90004993e5f 100644
--- a/spec/models/photo_spec.rb
+++ b/spec/models/photo_spec.rb
@@ -26,24 +26,6 @@ describe Photo do
     @saved_photo.save
   end
 
-  describe "protected attributes" do
-    it "doesn't allow mass assignment of person" do
-      @photo.save!
-      @photo.update_attributes(:author => FactoryGirl.build(:person))
-      @photo.reload.author.should == @user.person
-    end
-    it "doesn't allow mass assignment of person_id" do
-      @photo.save!
-      @photo.update_attributes(:author_id => FactoryGirl.build(:person).id)
-      @photo.reload.author.should == @user.person
-    end
-    it 'allows assignment of text' do
-      @photo.save!
-      @photo.update_attributes(:text => "this is awesome!!")
-      @photo.reload.text.should == "this is awesome!!"
-    end
-  end
-
   describe 'after_create' do
     it 'calls #queue_processing_job' do
       @photo.should_receive(:queue_processing_job)
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index d0ac01f5a7de9625f5d220a0f0e4e33bab80255e..60c1e157cf60e7e14645b93d60bbb0e7b4546eff 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -466,7 +466,7 @@ describe User do
     end
 
     it 'dispatches the profile when tags are set' do
-      @params = {:tags => '#what #hey'}
+      @params = {:tag_string => '#what #hey'}
       mailman = Postzord::Dispatcher.build(alice, Profile.new)
       Postzord::Dispatcher.should_receive(:build).and_return(mailman)
       alice.update_profile(@params).should be_true