- cross-posted to:
- fediverse@lemmy.ml
- cross-posted to:
- fediverse@lemmy.ml
Authorized Fetch (also referred to as Secure Mode in Mastodon) was recently circumvented by a stupidly easy solution: just sign your fetch requests with some other domain name.
You must log in or register to comment.
What I think a lot of conversations about privacy and security on the Fediverse miss is that the Fediverse is radically public.
A protocol that sends everything you share to a long list of servers that haven’t been pre-screened and could be anything from a professionally-managed instance of vanilla Mastodon to an ad hoc, informally-specified, bug-ridden, slow implementation of half of ActivityPub running on a jailbroken smart light bulb can only ever be radically public. It’s possible to block most interactions with someone you don’t want to talk to, but not to reliably prevent them from seeing content you share to anything more than a short list of vetted followers.
There probably isn’t any reasonable way to change that while keeping the open federation model, though it’s possible to build closed networks on top of ActivityPub for those who want the formats it supports for a curated group. This isn’t a problem to be solved in my view, but an inherent reality: the Fediverse is for things you want to make public.
Exactly! The only way that we can make sure that the Internet is not controlled by anyone is to make it available for everyone. If we are fighting for an open internet, we need to understand that this type of thing will be part of the package.
We, by which I mean some loose group of people who want decentralized tools to thrive should also be building things for secure, private communication, and we are. Matrix, for example offers strongly end-to-end encrypted federated chat rooms and private messages. It also has a kind of rough UX and, IIRC resource-intensive server software. We should work toward improving that.
I’m not advocating against privacy at all. I want people to understand as clearly as possible that Mastodon, Lemmy, and anything that works like them isn’t private and can’t be private when part of an open federated network so they can decide whether that’s a good fit for how they’re using it. The block evasion described in the link is just run a server on a domain that isn’t blocked, and I imagine any other mitigations bolted onto Mastodon that don’t break open federation will be little better.
Matrix […] has a kind of rough UX and, IIRC resource-intensive server software. We should work toward improving that.
Except that I get the vibes from the Matrix community that the shit UX is part of the attraction because it does a wonderful job of gatekeeping.
I don’t hold out much hope for Matrix working out ever, but perhaps someday someone will use it as inspiration for making something that doesn’t suck.
Matrix is the protocol. You can have whatever client you like. There are mobile apps that are similar to discord and connect to matrix servers.
I’m kind of tired of social networks offering even the pretense of privacy. Just loudly proclaim that everything is public but clients can filter out shit you don’t wanna see.
That doesn’t work for vulnerable minorities. Manually filtering each shitty person after you step in their shit gets old. Coupled with the fact that not shutting down shitty people just means more shitty people are likely to turn up.
It’s not sustainable
I think in this context it’s meant on a technical level: as far as the fediverse is concerned, there’s not a whole lot instances can do. Anyone can just spin up an instance and bypass blocks unless it works on an allowlist basis, which is kind of incompatible with the fediverse if we really want to achieve a reasonable amount of decentralization.
I agree that we shouldn’t pretend it’s safe for minorities: it’s not. If you’re a minority joining Mastodon or Lemmy or Mbin, you need to be aware that blocking people and instances has limitations. You can’t make your profile entirely private like one would do on Twitter or any of Meta’s products. It’s all public.
You can hide the bad people from the users but you can’t really hide the users from the bad people. You can’t even stop people from replying to you on another instance. You can refuse to accept the message on the user’s instance, but the other instance can still add comments that don’t federate out. Which is kind of worse because it can lead to side discussions you have no way of seeing or participate in to defend yourself and they can be saying a lot of awful things.
You can’t make your profile entirely private like one would do on Twitter or any of Meta’s products.
Even those are not private.
