Changes to Lemmy/PieFed to adjust to living under fascism
-
[email protected]replied to [email protected] last edited by
thanks for the rec
-
[email protected]replied to [email protected] last edited by
Lemmy is a public forum, if you want to communicate privately exchange matrix handles and communicate there.
-
[email protected]replied to [email protected] last edited by
That is interesting! Thanks for the tip!
Also, it’s their icon a community reference?
-
[email protected]replied to [email protected] last edited by
No idea, never used it, I just happen to know it exists.
-
[email protected]replied to [email protected] last edited by
-
A lock or panick button that immediately wipes everything and makes the logs unusable
-
Easy support for canaries and transparency from the admins, like on Peertube where you're incentivised to write something about your newly installed instance, where it's located etc
-
Maybe take inspiration from European GDPR, assess which information can be used for what, make it transparent to the user what gets stored where and why...
-
-
[email protected]replied to [email protected] last edited by
I know you're a Piefed developer, so you probably know what's possible and what's not better than me. But honestly, the encryption part makes me think you probably want a new protocol designed with that in mind from the start. In my opinion, it's too destructive for compatibility with other ActivityPub software and instances running older versions of them especially.
Combating spam despite the simplified account creation will probably require the implementation of something like Reddit's karma system. Which isn't a very popular idea I think.
Regarding the ephemeral content.... please don't. It might sound cool on paper, but it just adds FOMO. We shouldn't promote doomscrolling and brainrot with the addition of features which require you to quickly scroll through shit to not miss out on posts that disappear after a timer has passed.
-
[email protected]replied to [email protected] last edited by
No. Federation is the wrong decentralization model for anyone worried about malicious state actors. Just like email encryption, it doesn't matter how secure you/your server is, you still need to rely on the weakest link on the chain and that is simply unacceptable.
If you want to have secure social media, we need to move away from Federation and we will have to build a fully distributed network where data only lives at the edge nodes and participants can only communicate after exchanging their own personal keys.
Anything else is just infosec cosplaying.
-
[email protected]replied to [email protected] last edited by
And pretty much dead, I was following this project but they stopped development in 2020.
-
[email protected]replied to [email protected] last edited by
So you're saying we should use Nostr
-
[email protected]replied to [email protected] last edited by
But do users get fed?
-
[email protected]replied to [email protected] last edited by
Reddit blocks VPNs unless you're already logged on
-
[email protected]replied to [email protected] last edited by
No. Nostr is even worse because it ties your identity to your encryption keys.
-
[email protected]replied to [email protected] last edited by
Secure Scuttlebutt is the way
-
[email protected]replied to [email protected] last edited by
So something I want to point out: plain text encryption exists. Cyphers and the like. You could have your instance use all the standard stuff but with a really hard cypher, and it would work everywhere. Then you just need a front end to read it… but then the cops could read it… oh public encryption makes no sense.
-
[email protected]replied to [email protected] last edited by
OUR NEW AUTHORITARIAN OVERLORDS ARE PERFECT IN EVERY WAY
-
[email protected]replied to [email protected] last edited by
Yup. Really don't get the constant drumming of "I want to use someone else's website or server while pretending it's a secure platform". Peer-to-peer coms have been around for literal generations now. If you actually care about privacy, e2ee p2p is what you do.
Security runs opposite to convenience.
-
[email protected]replied to [email protected] last edited by
Wait I thought we all use disposable emails. Is there some rule against it oops
-
[email protected]replied to [email protected] last edited by
I think this is a fallacy, and anyone that is old enough to remember the popular days of Bittorrent will have stories to tell.
Yes, in theory p2p models can be more secure if you really know what you are doing.
But in reality the users' end devices are often the weakest link and most people have bad opsec. A server operator has often a much better idea what they are doing and systems like Tor or xmpp that allow servers to protect their users by not sharing all the metadata with every participant are safer for the majority of users.
-
[email protected]replied to [email protected] last edited by
Glossing over the fact that DOJ can’t subpoena instances like world as they are outside the US (but, like world, may be subject to EU GDPR) having an account without PII if your IP address is all over the servers isn’t going to save you.
-
[email protected]replied to [email protected] last edited by
Ugh, the comments here...
I think these are some good ideas, but e2ee in a browser that depends on server supplied javascript will never be really safe.
I think you would be better off making a nice XMPP integration so that people can use existing native apps with good e2ee for their private messages.
Otherwise the ideas are sensible and worth a shot, looking forward to what you come up with in Piefed
