Frédéric JacobsApr 5, 2017

Mastodon's federation introduces UX challenges.

One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.

Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).

Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?

Show threadLeon Bentrup

@fj you could use pgp-like signing on messages and then have other people trust your key (again, like pgp) thereby building a web of trust.

Additionally, if you see a toot which is signed by a key that more than 50% of people you trust also trust, a checkmark (like twitters verified icon) could be displayed

Apr 5, 2017 at 7:44pmWeb