Re: Threat models and data portability and ActivityPub

> On Mar 12, 2024, at 16:03, Lisa Dusseault <lisa@dtinit.org> wrote:
> 
> Elevation of privilege Servers accepting new data in bulk transfer must do the same checks for buffer overflow or similar attacks that they would for any new data. This doesn’t need protocol work, just a note.

We have multiple levels here. On a “system level”, yes.

On an “application level”, there are additional considerations related to who gets to see what.

Examples:
* I sent you a direct message. My expectation is that it is between you and me only. Once you have moved your data, is it still only you who can see that message, or has it suddenly become public or available to a third party?
* I blocked you. After you have moved, are you still blocked or can you harass me again? (For a value of “you” != “Lisa” obviously …)

I recognize that there some challenges, but IMHO that’s what a user would like to see.

My 0.02.

Cheers,




Johannes.


Johannes Ernst

Fediforum <https://fediforum.org/>
Dazzle Labs <https://dazzlelabs.net/> 

Received on Tuesday, 12 March 2024 23:24:59 UTC