- From: Jon Pincus <jon@achangeiscoming.net>
- Date: Sat, 12 Apr 2025 22:35:35 -0700
- To: public-swicg@w3.org
- Message-ID: <1b494ee5-47bf-4a6d-8619-994905c70ed4@achangeiscoming.net>
On 4/12/25 10:10 AM, Sean O'Brien wrote: > > I can tell you from plenty of experience that there is a false sense > of safety permeating the fediverse about so-called "private" > conversations (direct mentions etc.) Whenever I talk about any social networks in general are not good for secure communications, and make it a point to put "private" or "private-ish" in quotes, and tell people to use Signal or some other encrypted messenger instead -- the slides in https://privacy.thenexus.today/more-notes-on-organizing/ are an example. I see this as an education problem more than a protocol problem. People on this list with big megaphones could certainly help here by highlighting this more. As everybody knows I'm often critical of Meta but credit where credit due: they do a much better job of giving people considering federating "here there be dragons" information, and also make federation opt-in. Of course that's a lot easier on a huge instance like Threads but even so I wish more implementations would model that. > > I would give an overview of what is happening in my country and > academia to drive the point home, but there is too strong a chilling > effect, esp. over email on a public mailing list - is this the same > chilling effect we want in the fediverse for all categories of messages? The chilling effect is going to be there for public posts no matter what. For local-only posts (or followers-only posts and/or DMs only involving people on that instance), the chilling effect's the same as it's going to be for any non-federated system -- you're trusting the admin of that instance (including their ability to keep the systems from being hacked and uencrypted data from being seized by the government), the software they run, any service providers involved, and any message recipients (and potentially software they run). Beyond that, you're also trusting admins, software, and service providers of other instances; there might be some scenarios where that can work with a relatively > > Well-known threats can be mitigated with a variety of methods of > generating and managing keys, regardless of the trust being placed > ultimately with the specific instance (and the operator of that > instance) utilizing AP for federation. I agree very much with taking a threat modeling approach -- Erin Kissane also touched on this in general in her People in Platforms talk at the ATmosphereConference <https://www.youtube.com/watch?v=mMIhkA8QEKc> -- and it's certainly worth looking ways to mitigate well-known threats! jon
Received on Sunday, 13 April 2025 05:35:41 UTC