Tim McLeanMastodon desperately needs end-to-end encryption for DMs. It's going to be ugly when Mastodon servers start getting hacked
I haven't read too much about Mastodon/ActivityPub yet, but I'm guessing server admins can impersonate anybody on their server and change the text of anyone's posts (toots?). That could also be fixed once the key distribution infrastructure is in place for e2e encryption.
If the community wants it, we could probably do a lot to improve the current state of Mastodon servers and trust (where the server owner is effectively God of all users on their server). E.g. enforce cryptographic transparency for moderation actions.
If the fediverse succeeds, then its users will be fractured across many smaller servers instead of clustered in 1 large server. This makes security much harder.
A large server (like Twitter!) can be defended by large security teams, perform internal audits, and be held accountable by regulatory bodies. Their executives can be hauled before Congress or thrown in jail for failing to report a breach.
Small servers will mostly lack the resources to fund a security person, let alone a security team. They may not even have access logs. And small server admins are unlikely to face the same level of scrutiny from regulators. This makes cryptographic assurances like E2E encryption that much more important for federated platforms like Mastodon.
willc@timmclean There's a thread on Reddit asking a lot of these same questions. https://www.reddit.com/r/Mastodon/comments/yp4bk4/new_user_question_how_can_i_trust_any_given_server/
@willc Oof. Frustrating to see so many answers there that I disagree with. E.g. "Mastodon Admin here. We can't see or leak your password." is clearly wrong or at least misleading. Hopefully that will shift now that infosec folks are here :)
@timmclean How can Mastodon admins see your password?
@willc they can log it when you sign in or register
@timmclean I’d love to see a proof of concept for that.
@willc Log out. Go to the Sign In page. Open the Network tab of dev tools. Sign in. Look at the HTTPS request sent to the server. It contains your password. The server is controlled by the server admin on a domain owned by the server admin using a TLS cert set up by the server admin, so it can log any request it receives. That's just how the web works!
@timmclean “That’s just how the web works.”
👀