zedage
@zedage@lemm.ee
- Comment on How does lemmy implement Auth? 3 weeks ago:
Currently you need to trust the app and your instance. Most instances are implementing off-the-shelf lemmy but there is no way to confirm that.
Yes that is what I wanted to know. My question was more directed towards other fedi software where you might want to secure/recover your account instead of using completely disposable accounts. So providing an e-mail address to an instance manager is what I was worried about, in case the instance manager decides to doxx their user. It’s just a possibility that needs to be taken into account when signing up on the fediverse, which is not what most people are used to.
Honestly didn’t think about relay addresses which is a handy tip. But I asked because I wanted to use the alexandrite front end on my desktop browser and was wondering how safe it is to hand over my login credentials to lemmy skins. Since those are hosted on closed source servers, you can’t really verify what’s happening on the server side and how safe it is to hand over your login credentials to them if you’re not using a disposable account and a unique password.
- Comment on How does lemmy implement Auth? 3 weeks ago:
There’s a whole multitude of resons that could be argued for both approaches. I prefer this option because:
- Most people don’t follow cyber security best practices and reuse the same password on multiple platforms. Currently, you have to trust the instance managers are competent enough to secure their databases properly from unauthorized access.
- Again, your average netizen does not have relay addresses for every service they sign up to. If my instance manager does not like what I say, they can publish my sign up information and dox me. I don’t want instance managers to have this power.
- If I want to use somebody else’s front end to browse on a browser, I have to pass my credentials to them to validate authentication details. Again a huge security risk if the hosting service for the front end is malicious. Why leave this vulnerability when there is a better alternative.
Why would you not want to trust the developers of each fedi software to hold this information, instead of trusting every instance manager to hold this instead? IMO that is a more vulnerable design choice instead of having a central authority managing user authentication, unless I am missing something?
- Submitted 3 weeks ago to meta@lemm.ee | 6 comments
- Comment on The fediverse has a bullying problem 4 weeks ago:
I think the confusion from fediverse’s claims of privacy stem from poor enunciation from its proponents. It is definitely more private in the amount of passive data mining for ad tracking purposes compared to for profit social media. The architecture is designed to discourage instance managers from implementing ad-tech from building sophisticated user profiles of your behaviour in order to serve you more targeted ads from the people that manage the infrastructure. There’s no monitoring of clicks, click through rates, time spent on the platform, the type of content you like, etc. And the price for that mechanism is, making public, data that cannot be monetised on a large scale, which for profit social media guaranteed “privacy” to(in quotes because it was private from prying eyes through E2EE but not your keys not your data.)
I can see where the confusion might arise for nontechnical people who aren’t familiar with the technical aspects of ActivityPub implementations. I don’t think there should be any confusion for technical people in understanding the architecture clearly guarantees a total lack of private data, seeing as how decentralisation works.
- Comment on 'An Insult To Life Itself': Hayao Miyazaki’s AI Criticism Resurfaces As OpenAI’s Ghibli-Style Image Trend Takes Over Social Media 4 weeks ago:
You’re still missing the point Miyazaki is making. His point is that such a crude depiction of an organism with thoughts and feelings is an insult to actual living thinking beings. The animation might not be alive or sentient, but it still represents a life form that is sentient, and creating such animations that depict sentient beings as incapable as the animation might evoke undesirable feelings in somebody watching that animation, even if they know that it is merely a 2D digital animation composed of bits and pixels that does not have any psychological traits.
- Comment on Discord going public. Plz help a future refugee. 5 weeks ago:
I’ve found SimpleX a much better solution than matrix for a discord alternative.