Mastodawn

Frédéric Jacobs Apr 5, 2017

Mastodon's federation introduces UX challenges.

One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.

Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).

Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?

Show thread

gagarine

@fj we have the same problem with email... PGP was the answer yet nobody use it. Today most email server use a lot of tricks to guess if the email is real... but still hacky.

Perhaps it's good than mastodon is not that safe, it will keep corporation out of the game ;).