Comment on One Login: Towards a Single Fediverse Identity on ActivityPub
Rottcodd@kbin.social 6 months agoWhat you seem to be against is forcing you to have only one login. That does go against the model we are talking about.
And it isn’t what’s being suggested.
Yes - that isn't what's being suggested. And that's entirely irrelevant.
The correct way to measure the threat a proposal poses isn't by what's specifically being proposed, but by what the proposal, if enacted, carries with it - what it necessitates, implies or even just allows.
As I mentioned before, and this seems to me to be the biggest threat, unless people host their identities on their own hardware, that information is going to be on someone else's hardware. And that's not going to be a charity - it's going to be a business, that's going to profit off of it somehow. If this proposal goes through and is relatively widely adopted, there will one day be an industry leader in the identity-hosting business, and that company will have leverage over the fediverse as a whole. And at that point it would be easy enough for them to, for instance, strike a deal with the biggest instances so that the instances, in the name of security or convenience or whatever might suffice, only accept registrations through that particular service.
I'm not saying that that will happen - only that it could. And that's enough, in my estimation, to make it a bad idea, because if the history of the internet has shown us anything, it's that if there's a way for someone to control something and profit off of it, someone will control it and profit off of it, and the original proposal that made that possible doesn't mean a damned thing.
GlitterInfection@lemmy.world 6 months ago
You are describing the current situation in the fediverse.
Rottcodd@kbin.social 6 months ago
No, it's not the same.
You're only describing what would happen at the instance level, and skipping over the fact that the whole thing hinges on your identity on each and every instance actually being one and only one identity that would reside in one particular place. It would actually exist on, and be federated from, one particular server somewhere.
What that means, and the part you're leaving out, is that whoever controlled that server would control your access to the fediverse as a whole - not just on one particular instance, which is the reality with instance-specific identities, but on all instances of all services.
The only way to avoid putting control over your access to the fediverse as a whole in the hands of one company would be to maintain your server on your own hardware, and as the article itself notes, most people can't or won't do that. So most people will end up with their identity on all instances of all services under the control of one specific company. Which is very much NOT the case now.
Now, if someone wants to somehow use their control over my fediverse access for some self-serving purpose - either maliciously or simply as a goad with which to extract profit from me - they're necessarily limited to one identity on one instance of one service because that's as high as it goes. They might, for instance, hijack or disable or demand a subscription fee for access to my .world identity, which resides on .world's server. All that would mean to me though is that that one particular identity on that one particular instance would be compromised. I could still access the fediverse, and even access .world, just by coming in through my kbin identity or my lemm.ee identity or my .ml identity or whatever, since all of those are out of their control.
With this scheme, if someone wants to use their control over my fediverse access for some self-serving purpose, they have one specific place to do it - at the one specific server on which my identity is hosted and from which my identity is federated. With one move, they could hijack or disable or restrict extort payment for my access to ALL instances of ALL services, all at once.
Again, that is very much NOT the case today.