I get the concern but I don’t think you need to be as concerned as with email. Email is a lot simpler without a lot of validation. On the fediverse, HTTP Signatures are used to verify requests, so you can’t spoof stuff as easily.
That said, spam mitigation will probably still be an issue that continuously needs to be dealt with.
Kind of a strange blog post. Clearly it requires a lot of technical knowledge, yet it explains basic TypeScript syntax and variables and how to use an editor. While simultaneously showing SQL code. There doesn’t seem to be a clear target audience to this.
Almost every community in the fediverse is full of this crap. Things aren’t removed because they’re harmful, they’re removed because some mod disagrees.
You should start your own instance it sounds like :P
“Tech” journalists spend way too much time in the headlines of other outlets, getting a much too shallow idea of the actual tech that they’re supposed to cover. It’s quite sad that this is the state of so-called tech journalism.
I’m actually most concerned with the IP leaking
I’m curious, what is it about IP leaking that concerns you? I’ve been thinking about it lately but I have a hard time seeing why it’s a problem.
Why is this posted in the fediverse community? I get that you think this is important, but this is an international community and many here have no way to influence American politics. It’s also just off topic.
[PieFed] seems to be strongly opinionated about how people should behave and it kinda gives me an icky feeling about its culture
Yea, I get this same feeling. It’s not that I mind that culture or being mindful of how people behave and such - I just don’t think that is the domain of the software to decide. Individual instances can decide that for themselves, but the software shouldn’t influence that kind of thing, I feel.
It’s not meant to be a messenger, it’s not meant for privacy. Everything being public and transparent is part of the core design of the Fediverse. The idea of private groups/posts on the Fediverse seems counterintuitive to me.
Just want to counter this: Privacy is in fact a part of ActivityPub. Stuff is only meant to be public if it is sent to the Public collection, otherwise it should only be delivered to the intended recipients, much like email. This is part of the core protocol, not any extension.
I wouldn’t consider it rude in the Danish communities we have in Feddit.dk, but that’s also cause basically all danes are fluent in English, so it shouldn’t be an issue.
Thanks anyway. Personally I haven’t been impressed either by the stability and performance of Lemmy. It is what it is I guess.
Since email is no less secure than snail mail
I would disagree with that. The attack surface on snail mail is much, much smaller (only whoever can get in physical contact with my mail) and any attack scales incredibly badly. It is also often hard to read snail mail without making it obvious that it has been tampered with (i.e. opening the envelope).
Meanwhile the attack surface of email is huge (basically the entire internet), any attack can scale wildly and it is impossible to tell if anyone else read an email.
By and large, physical stuff is much more secure than digital stuff, just less convenient.
It rather abruptly stops at a few thousand users and after that it becomes much harder and more expensive to scale further.
As a fellow Lemmy admin of a smaller instance, do you have any advice? Any resources that might be worth checking out?
I think every government should be providing email service the same way they provide physical mail service
The problem with that is that email is not really secure enough for sensitive stuff like your bank account statements or your health/medicine journals from your doctor.
That is why in Denmark we don’t have the government provide actual email, but there is rather a digital mailing system where you authenticate with your digital ID and can receive secured mail from banks, municipalities, health authorities, tax authorities and others.
Would be cool if they also participated on Lemmy instances sometimes, it is written in Rust after all :)
Hmm I guess some people might like this but I’d be a bit afraid of mixing different communities just because the same link is posted in them. Different communities might have different rules and different expectations for participation and such. This kind of mixes the different communities together.
Like imagine someone posts a link to an article to [email protected] (Feddit.dk news community), which is already posted in [email protected]. If I understand correctly, I’d then see comments from both communities on the same page? But the comments on Feddit.dk will be in Danish and will probably largely be about how the news story affects Denmark, while the comments on lemmy.world will be in English and from a more international perspective. But muddling these things together takes away the “identity” of the community and suddenly you’ll be seeing stuff you maybe won’t want to see (i.e. danish comments for instance if you are not danish).
I think there at least should be a user preference to disable this, and an option for moderators to opt out of this, to avoid the above situation.
Måske det hjælper hvis man skifter til dansk, så vi ikke bliver forvirret af sprogbrugen :)
Som @[email protected] siger så er fediverset decentraliseret - det vil sige at i stedet for at der kun er en udbyder (fx Reddit), så er der mange udbydere af sociale medier som hænger sammen. Man plejer at kalde hver udbyder en “instans”, altså Feddit.dk er en instans, lemmy.world er en anden instans. Så man vælger en udbyder/instans, ligesom man vælger om man går i Netto eller Rema (selvom de jo tit har de samme ting).
Mastodon fungerer på samme måde, dvs. der er mange instanser der kører Mastodon-softwaren som alle hænger sammen. Faktisk hænger Mastodon og Lemmy også sammen, da de bruger samme underliggende protokol. Det er der hvor det bliver rigtig fedt for så kan man begynde at skrive fra Mastodon til Lemmy eller den anden vej. Det ville svare til at skrive fra Twitter til Reddit eller den anden vej, noget man aldrig kunne forestille sig i de traditionelle kommercielle sociale medier.
Jeg forstår godt at meget af det her er anderledes end hvordan de traditionelle centraliserede sociale medier virker, og jeg er sikker på du ikke er den eneste der er forvirret. Jeg tror faktisk det ville være rigtig fint hvis du stillede dine spørgsmål og forundringer som et indlæg i [email protected], så kunne andre på Feddit.dk også måske få glæde af forklaringerne :)
Very nice thoughts! I think you’re right that organically convincing people IRL is most effective, but getting people over online from Reddit and Facebook is also a part of the solution I think. But definitely not the whole solution.
Wouldn’t it just take one bad actor to start spamming all the other instances with nonsence?
In principle yes, one bad actor could start spamming a lot. But they usually get banned pretty quickly.
If you deferate with the instance the bots are coming from they can just open another, right? Like a DDOS attack
Well, you’d need a new domain so at least you’re forcing the spammer to spend money on a new domain, which probably breaks most of these attempts. Also if the spammers are really bad or posting illegal stuff and they’re registering domains, you could maybe report them to their domain registrar and possibly get them to shut them out or maybe even get law enforcement involved to figure out who registered the domains.
As a last resort, you could go to allowlist federation, where you are by default not federated with an unknown domain.
Tuta takes like 48 hours to respons, slower than Proton who takes about 12-24 hours, but as long as the response is under 1 week, its fine by me.
Are you talking about support request response time here? Or what response time?
I mean… This isn’t inspiring great confidence. Fediverse platforms are by no means simple and neither are all the features you mention. I think you have good ideas, but as a professional software engineer with a masters in computer science who is also working on a fediverse platform… It’s not easy and learning everything from the bottom might be a big bite.