Dave Troy Nov 19, 2022

For those wondering, Mastodon contains no “web3” or crypto technology, and significantly predates any of that. The technology deployed here is primarily ActivityPub, which has roots in tech like RSS and PubSubHubbub.

It is noteworthy that “web3” designs are absent from the Twitter emigration discussion; that’s because it’s a scam and not fit for purpose.

The minute people start talking about adding crypto to the fediverse, run. That’s not what this is about and violates its spirit and design.

Show threadDave Troy Nov 19, 2022
And to be clear, for anyone to whom it is not patently obvious, I’m talking about “crypto” as in cryptocurrency, not standard cryptological encryption which is widely used to secure HTTPs connections. That’s standard web technology, and best practice.
Show threadC-richNov 19, 2022
@davetroy
So encrypted in transit but..... not at rest on instances, correct?
Show threadDave Troy 
@crichardson I haven’t given a full review of it but yes I believe that’s correct. Simply not a design goal.
Nov 19, 2022 at 11:11amWeb
Show threadmhoNov 19, 2022
@davetroy @crichardson encrypting at rest isn't any more "web3 crypto" than https is - they're both sensible security defaults
Show threadNatanael ⚠️Nov 22, 2022
@mho @davetroy @crichardson enabling disk encryption on the servers would solve half that problem (adding database level encryption is possible too but slightly harder). But in either case the admin will have access to the keys.