Comment on Pixelfed leaks private posts from other Fediverse instances - fiona fokus

<- View Parent
PhilipTheBucket@ponder.cat ⁨1⁩ ⁨week⁩ ago

I would consider it similar to email, should we abandon it (yes, but not because of this) just because a malicious email server started publishing all the emails it recieved? AP is just email but social media.

Yes, and people implemented PGP for encrypted email, and also made SMTP over TLS the standard, so that they wouldn’t have to demand that every router and every SMTP server everywhere on the internet agree not to republish or store secret information that was passing through it, because it started to become understood that email was in no way private.

A proper standard for private posts would be similar. You could have all private posts be encrypted with a rotating key, for example, and have them decrypted by anyone who had the key, on the client side, and stored and transmitted in encrypted form. Being approved to follow the private posts would involve your user being given a copy of the key through some kind of private key exchange. It sounds complex (and it would be, a little), and it would involve moving to the client some of the key management that currently happens on the instance server (and thus undoes some of the actually good design of ActivityPub, by just putting the instance software back in the position of keeping every actor’s keys for them and doing all the crypto work on behalf of the users). Anyway, it would be work and involve some redesign. I’m not saying that’s what they should have done. I’m saying that’s what having private posts as a feature would mean. Anything else is non-private posts that are pretending to be private posts.

source
Sort:hotnewtop