Frédéric JacobsApr 5, 2017

Mastodon's federation introduces UX challenges.

One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.

Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).

Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?

Show threadCypherpunk
@fj You can use ECC key for in browser message signing (with the help of WebPG browser plugin), which woul leave you with a less than 500 chars:https://mastodon.social/web/statuses/1676261
Apr 5, 2017 at 9:25pmWeb