Frédéric JacobsApr 5, 2017

Mastodon's federation introduces UX challenges.

One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.

Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).

Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?

Show threadthats allApr 5, 2017

@fj would like to see some sort of signing for messages. Any encryption is better than none IMHO

I can see this platform being used by some state level players attempting to control.

@trwnh Blocking entire federated instances that are up to no good is definitely a plus. Is this already implemented? and who would do the blocking?

Show threadinfinite love ⴳ
@fj @just_a_warning Yeah, admins can blacklist instances or users from appearing in the federated timeline.
Apr 5, 2017 at 10:54pmWeb