Skip to main content


This entry was edited (5 months ago)

you are not seeing the point. It's designed #4opens this is why it works.

What you wont to do is a different project (#4closes) which is fine. Have you thought about doing a bridged companion project.

Both paths have value, but they are different.

This entry was edited (5 months ago)

@Hamishcampbell At this point the fediverse is about 15 years old, and so political naivety is not something which it can realistically be accused of. The kinds of features it has - peculiar though some may seem to Twitter users - are the outcome of numerous battles, scandals and exoduses.

If I am interpreting your lingo correctly then I agree that the right response to scandal is not to go into locked down fully encrypted p2p mode. Making it all "technically secure" against nation state adversaries means that end users have to manage their keys on their own endpoint devices and practice scrupulous opsec. This is something which the average person is never going to manage, and which even experts often fail at. So if you want a public fediverse there are some tradeoffs which have to be accepted.

@bob @Hamishcampbell Please read the essay. https://newdesigncongress.org/en/pub/this-is-fine

This text reads like a vanguardist path, based on #mainstreaming reading and narrow #geekproblem thinking. It's missing the paths that hold value in #4opens horizontal activist paths we are taking but. But yes, getting lost on in our the growing #fedivers and the wide spread of #openweb diversity projects.

What it does highlight is the need for social and political thinking is needed, the is value there.

Can you see any of this feedback?

This entry was edited (5 months ago)
@Hamishcampbell @bob Frankly, there's nothing "vanguardist" in the text. You can claim that the fediverse is not intended to be private and that users should be aware of that, but at the end of the day what matters is not intent, but outcomes. The reality is that a large percentage of users engage in political organising via ActivityPub. The fediverse is positioned as an activist-driven political tool and is being used as such. That makes it unequivocally dangerous. To argue this -- in a thread about one of the largest instances getting seized by a federal police force no less, -- is to deny what is actually happening.

@bob

For the last 15 years most activists have been organising direct action in the #dotcons so a step to the #openweb is a good step.

I was involved in the setting up of the instance we are talking about, when pushing this I pushed it was #4opens after it was out of the hands of #submedia the talk of "hardening" began, and is still ongoing bad pushing of a foles agenda. It's #openweb not #closedweb

They are different paths with only slight overlap.

vagabond reshared this.

@Hamishcampbell @bob The fediverse has been around for too long to be considered the vanguard of anything now. It's really just a public communication and general socialising and occasional mutual aid system. It has never been a high security organising tool for people at the highest risk of state oppression. If you need that level of security then it is possible to run instances on onion addresses and use overlay pgp encryption where the server never gets the private key. But that's far beyond what most people are familiar with.
@bob
Was talking about the text being vanguardist. Best to in courage people to use encrypted p2p chat or better offline for anything that actually needs security.

@bob @Hamishcampbell
It's hard to stress how "niave" meany devs on the #fedivers are after 15 years is exactly what I have been saying for 20 years.

#openweb #4opens is about building human trust, hard security is a very slightly overlapping but easy to see different path for building non "trust" based connections.

Some surprisingly hard to build bridges might help with this ongoing mess.

This entry was edited (5 months ago)
This entry was edited (5 months ago)
You make so many great points & that article is tremendous! The Fediverse is open source, private (in the sense of not purposed to gather / use our data), decentralized but one of its lackings is security - as recently witnessed by the Kolektiva incident. Without security, some "private" things will never be truly private & there will be vulnerabilities galore. One thing that may be done is enabling this an incremental individual level - instance to instance, platform to platform?
@rm4 I wonder, do you think it would help if Mastodon removed DM functionality until such a time that it is e2e encrypted? It's not like this problem doesn't exist in centralized social media platforms too, so maybe that's a confusing part of the messaging.
This entry was edited (5 months ago)
@edsu That could help for sure - or at least make it very clear these direct messages are not so private / secure.
@rm4 @edsu I am not yet interested in punting about solutions because we haven't even documented the risks, let alone the actual, real-world bad outcomes.
@rm4 understood, I think it would be more of a mitigation than a solution? Pure critique definitely has its place, but it also has its limits.
This entry was edited (5 months ago)
@edsu @rm4 I don't propose sticking to the realm of critique, rather that intervention has to be focused and informed, emboldened by nuance to embrace the complexity inherent to these problems.
@rm4 and you don't see removing DMs as an intervention along those lines?
@edsu @rm4 Oh, I agree entirely, I think DMs should've been jettisoned years ago. I am frustrated because the response to the essay and my arguments about p2p systems overwhelmingly veers into debate and speculation around immediate solutions. The majority of which (such as removing DMs completely, or encrypting everything) will never be implemented.
@rm4 I didn't realize you had explicitly called for that already, apologies! I know it must be frustrating/infuriating, but you & NDC have raised awareness and shared Knowledge which have definitely had real material impacts.
@rm4 this is evergreen I guess https://github.com/mastodon/mastodon/issues/6945

@bob
This mess you talk about is not solved by more tech we already have most of what we need.

* Open media is #4opens based on trust, the current ActivertyPub is a relatively #KISS good example of this.

* Privacy is encrypted p2p chat, which the are meany good #UX mature #FOSS projects you can find

The change we need is social, getting people to use the different approaches for different needs, this is surprisingly difficult.

Bridges while dangerous are needed.

This entry was edited (5 months ago)
@Hamishcampbell @edsu @rm4 @bob Another dimension is that implementing the strongest technical security is hard, and increasing the difficulty of implementation then ensures that implementations can only go ahead with significant resources of expertise/time/money/auditing. So it has been my view since BM (Before Mastodon) that end-to-end secure messaging should be left for other apps which are dedicated for that purpose (eg. Briar). Trying to retrofit that to ActivityPub instances would likely result in tears.

@bob@epicyon.libreserver.org @edsu @rm4 @bob@soc.freedombone.net

Yes at the moment as it's a #OMN based on the #4opens you have very low barrier to running or even developing an instance this is where the value is.

Adding security generally makes a HUGE barriers to Dev and #DIY running an instance.

The #geekproblem has no idea of the damage they do when pushing there "common sense". This creates a signal to noise issue that has been blocking alt for 20 years.

Just stop comes to mind

vagabond reshared this.

Lo, thar be cookies on this site to keep track of your login. By clicking 'okay', you are CONSENTING to this.