Between #IFTAS and #FSEP and #Fediseer let's also look at another threat model that I think people don't fully appreciate with #blocklists
How much do you trust the blocklist source—not its upstreams, but the actual place you get it from—to do what they are telling you it does?
How much do you trust the maintainer to not perform a MitM attack?
How much do you trust others who have access?
If a MitM attack _were_ performed, how would you know about it? How would you catch it? How quickly?
1/
@hrefna Super interesting thread! I must admit I was surprised when I arrived in the Fediverse how much of the old "shared trust" model was at play.
And my idealistic hippy heart LOVES that, but my inner pragmatist looks at the way the internet, which was designed with shared trust at its base, has evolved, and I think - maybe we can do better? Trust but verify? Something? :)
I'll start a new thread because I lack comment permission on the thread I wanted to reply to. Which is fine incidentally. This is about blocking and webs of trust. If you want to do it right, ActivityStreams (the serialisation format behind ActivityPub) has a Block activity type. This has been...
Hrefna (DHC)
Feoh
Mike Macgirvin 🖥️