this post was submitted on 08 Jul 2023
241 points (93.2% liked)
Fediverse
28219 readers
903 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
For identity verification, you can just do a simple key signing, just like how Nostr does it.
Each user will generate a public-private key pair on their own device and has all their posts (and edit/delete requests) signed using their key.
If someone wants to delete or edit their post, the site can just verify that the request is signed with the same key.
There's still issue of who's going to store the user's follows, etc. but I think we can find a way to workaround it.
That then introduces ease of use problems. You won't be able to log in to another device without copying your key over from an already logged in device for example.
Web browsers don't usually allow access to local files made outside the browser, so even logging in between browsers would require having your key on hand.
Not to mention if you lose the file containing your key (hard drive craps out, etc), you'll lose access to your account entirely. So users would be forced to backup their keys.
Not issues that would make the product unusable, but enough of a hindrence that 90% of users would just go find something else (like threads) to use instead.
I can't use my account on another device until I input my password, so either way I need to use a password manager. If you reuse the same password (so you can remember it for hundreds of sites instead of using a password manager), being forced into using a key instead would actually be an improvement for your security.