sh.itjust.works Main Community

7649 readers

24 users here now

Home of the sh.itjust.works instance.

founded 1 year ago

MODERATORS

TheDude@sh.itjust.works

manifex@sh.itjust.works

biela@sh.itjust.works

imaqtpie@sh.itjust.works

349

Beehaw* defederated us? (sh.itjust.works)

submitted 1 year ago* (last edited 1 year ago) by can@sh.itjust.works to c/main@sh.itjust.works

411 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] taladar@sh.itjust.works 2 points 1 year ago (1 children)

Lemmy does not seem to include any kind of authentication on the user level (such as a user keypair and signatures using that on their posts and comments client-side) so allowing one user from a remote instance would at least trust the owner of that instance to not impersonate the user who is allowed to post.

In fact, how does ActivityPub in the threadiverse even ensure that the instance is who they say they are? The W3C document on it seems to indicate that there is no standardized way to authenticate servers to other servers yet.

[–] RedHat@sh.itjust.works 1 points 1 year ago

That's a good point about the user authentication, but I'm not quite sure we'd need it quite yet to reduce spam in this way. It is absolutely something to keep in mind though.

I think the other instances allowing federation in the first place grants "I trust the owner to not impersonate users" part of the chain. In Reddit there's that trust too, the whole "I trust the admins to NOT edit my comments silently at the database level"...