- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Imagine a world without platform lock-in, where no ban or billionaire could take down your social network. That’s what ActivityPub has planned.
Imagine a world without platform lock-in, where no ban or billionaire could take down your social network. That’s what ActivityPub has planned.
That’s why we need to decentralize. If there’s 100 communities over 50 servers, then it doesn’t matter which website goes down or defederates. It’s only if everyone stays on one or two instances that the fediverse breaks.
Over on mastodon, big instances have gone down, people notice but it isnt the end of the world.
I mean I can’t be the only one who doesn’t enjoy the idea of setting up a new account if the ship you picked in the beginning sinks a few years later. You make it sound so simple but at least to me it would be a huge drag.
This is why having frictionless one-button migration seems really important to me. Imagine that your Lemmy client keeps a constant backup of your profile so that if and when your instance go down, you can set up shop somewhere else super easily. Or when an instance get too big, or when you feel like it, you can instance-hop super simply. This is the future I’d want. You control your profile, noone else.
I remember having read that it’s on the dev’s roadmap but they’re obviously swamped right now.
Honestly, this isn’t even necessary. The only thing that needs to be implemented is federated authentication, because then you could log in to any instance with one set of credentials. Since the content you post/comment is already replicated locally on other instances, you wouldn’t even need to import/export anything, it would already exist on the other instances.
Implement federated user authentication and you’re golden.
How would federated authentication help with an instance sinking and having to port/rebuild a profile?
Maybe I’m misunderstanding (and that’s certainly a possibility because I’ve been on Lemmy for barely a week), but wouldn’t the profile be rebuildable since the content generated by the user has been replicated to other instances?
If that is the case, the only thing that’s missing is federated authentication so the user can log in to any instance with a single set of credentials.
From what I understand of federated authentication, your instance needs to be up to authenticate against. This doesn’t help if your instance goes down. Did you have some other mechanism in mind?
That’s correct. The solution would be either:
#1 would absolutely be the most preferable. There are two possible snags with option #1: sdfsdf
Cost wouldn’t really be a factor for this solution and could easily be sustained from donations, you’re not going to be getting a huge amount of traffic from authentication requests.
I included option #2 for the sake of completeness. This would work, but it isn’t the best idea from a security standpoint. The risk can be greatly mitigated with good password requirements and the use of a strong password hashing algorithm like Argon2/bcrypt/PBKDF2/etc in combination with salting the hash. A quick look at Lemmy’s code shows that they’re already hashing passwords with bcrypt, so that requirement is met, but it doesn’t look like they’re explicitly salting it. That doesn’t really matter too much in this scenario with that algorithm though, since it’s going to be salted automatically anyway. Lemmy’s code also shows that it’s using bcrypt’s default cost value (10 rounds), so it would take thousands (to millions) of years to crack the hash if you have even the most basic password requirements in place. If you add the option to put MFA in front of that, you’ve almost removed the risk entirely, as it won’t matter in the very unlikely event that the password actually is cracked, because it’s useless without access to the second authentication factor.
So yeah, there are a couple of ways to do it, and each have their downsides/tradeoffs, but the level of difficulty/effort to do it is not very high in either case.
My POV is a bit different than most people, because I built my own ship, and I reach out to other instances using it.
Because I agree, I don’t want to be relying on someone else to maybe grace me with a fediverse account.
I have a vision of what’s to come so I’ll throw it out here.
When things truly take off there’ll likely be companies selling cloud hosted instances, the server requirements aren’t massive for a small group so it’ll be cheap.
That’d solve the issue of losing accounts or small communities, but huge communities would have to be hosted on huge servers just to handle the amount of content coming in.
Which means money will play a role somehow, imagine a community with millions of visitors every day. Could a server relying on donations sustain that? Or better question is could they sustain that better than a huge tech conglomerate?
I hope I’m wrong, but… I think network effects could lead to a single instance becoming dominant and therefore vulnerable to such a takeover/sellout. I’m less sure about this, but perhaps non-technical users don’t understand the concept of federated instances and flock to a single one. Perhaps there are other tangible benefits of everyone being on a single instance. Just because the protocol allows for decentralization, doesn’t mean it will naturally happen. E.g. How many email users are on Microsoft exchange/outlook, Gmail, and Yahoo?
I love the concept of your own data being portable, but am afraid there might be other factors that somehow naturally lead to centralization. Please change my mind!
I think you are right for the most part. I assume that some big servers will take most of the users and that the cost of maintaining the fediverse will become quite high in one way or the other as the network grows and the malicious actors gain incentives to interact with the network.
I think the fediverse is more like the old web. I don’t really consider my data very portable, but my ways of consuming and interacting with the content is. I for one don’t really care if my posts go with me if i move somewhere else. If my home server defederates, then I can move to another kbin instance and my experience remains much the same. The monolithic singular identity that I can take with me wherever I go isn’t something the fediverse delivers on right now, but that is fine.
The biggest risk is if all the most active communities end up centralized on a handful of the biggest instances like they seem to be right now, that means a bad actor would only have to buy up those instances to control almost all discussion on lemmy / kbin.
However, it would much easier for mods to migrate their community to an uncompromised instance than it would be to migrate to a new site completely. Jumping from reddit to lemmy / kbin, users have to abandon their old reddit accounts, move to a completely new website with a completely new interface, and start over from scratch. Jumping from one lemmy / kbin instance to another, users would just have to unsubscribe from the old community and resubscribe to the new one.
I think without account karma the loyalty to the account would be less for the average person. The more annoying part is the communities you’ve subscribed to and finding them again. I think a simple download of a list that automates resubscribing on a new account would ease that issue for most people.
For an active user would be that you lose access to communities you created. That is a real logistical problem. I started on lemmy.ml and crelated a community then realized that lemmy.world ran a lot smoother (at the time) and moved. I luckily still have access to my original account so I was able to appoint my new account as a mod. So problem solved. If your instance splodes you lose that ability. But likely your sub went with it too anyway.
I guess the real problem I am identifying here is while the fediverse itself is decentralized, your account isn’t. It is locked onto one instance and the fediverse is volatile.
Maybe add an ability to attach your account on 2 or 3 instances and keep them synced? If one goes rogue then you have a backup that’s still on the fediverse? You can then defederate yourself from one if needed.
Idk.
I guess running a small private instance just for yourself is the best answer.
Thank you for your responses. It really makes me think about the meaning of portability:
Are you moving your identity? (e.g. implementing something like instance-agnostic user PGP keys)
Your data? The posts and comments you’ve contributed, which would only make sense with the context of the entire thread.
How would the contents of entire communities be migrated? I presume that’s where the valuable content is for potential buyers either to drive ad traffic or train models.
Mastodon’s export portability mostly focuses on the local social-graph aspects(follows, blocks, etc.) and while it has an archive function, people frequently lament losing their old posts and that graph relationship when they move.
Identity attestment is solvable in a legible fashion with any external mechanism that links back to report “yes, account at xyz.social is real”, and this is already being done by some Mastodon users - it could be through a corporate web site, a self-hosted server or something going across a distributed system(IPFS, Tor, blockchains…) There are many ways to describe identity beyond that, though, and for example, provide a kind of landing page service like linktree to ease browsing different facets of identity or describe “following” in more than local terms.
I would consider these all high-effort problems to work on since a lot of it has to do with interfaces, UX and privacy tradeoffs. If we aim to archive everything then we have to make an omniscient distributed system, which besides presenting a scaling issue, conflicts with privacy and control over one’s data - so that is probably not the goal. But asking everyone to just make a lot of backups, republish stuff by hand, and set up their own identity service is not right either.