Fediverse

27729 readers

280 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago

MODERATORS

ruud@lemmy.world

TragicNotCute@lemmy.world

Xylinna@lemmy.world

MrCenny@lemmy.world

automodbeta@lemmy.world

woelkchen@lemmy.world

Any arguments against separating identity from instance/platform? (single identity across the fediverse) (lemy.lol)

submitted 2 weeks ago by matcha_addict@lemy.lol to c/fediverse@lemmy.world

66 comments fedilink hide all child comments

I am sure it was discussed here before, but I can't find a good way to search this community.

Are there any arguments against having a user's identity federate, and be compatible across platforms?

For example, let us say I sign up with my instance, matcha_addict@lemy.lol

But what if I go on mastodon, and I want to have my own micro blog. Or maybe go to write freely and post some blog posts. I'd have to make a different account on each one.

What if mastodon or write freely could just let me log in with my lemmy account (or lets call it federated account). This has several benefits:

users don't have to scratch their head on if I am the same person or not across these platforms
theoretically, someone following my feed can get updates on what I do on multiple platforms

Now I understand this would be difficult to implement and iron out all the edge cases, but am I missing anything on why it wouldn't be a desirable feature, given it is implemented?

(page 2) 16 comments

sorted by: hot top controversial new old

[–] Rooki@lemmy.world 1 points 2 weeks ago

Yeah sadly

[–] patrick@lemmy.bestiver.se 1 points 2 weeks ago

Your last sentence is unclear, is that actually implemented?

I am trying the approach of just making multiple affiliated services, and forcing people to have consistent account names across each. See https://bestiver.se

[–] intensely_human@lemm.ee -1 points 2 weeks ago (4 children)

My potential argument against it starts with asking where the credentials are stored for authenticating this identity.

Currently the home instance stores the hashed password and performs authentication.

In a way, the identity “belongs to” the place that does authentication, which now happens to be the instance.

If identity is decoupled from an instance, that means authentication decouples from an instance.

If the identity “belongs to” the fediverse as a whole, then that means the fediverse as a whole has an authentication mechanism.

Unless we can come up with a distributed authentication mechanism, that means the fediverse as a whole has some authentication service, as in one, which means centralized.

This therefore breaks decentralization, unless the authentication is somehow handled in a distributed way. Maybe consensus or something on a hashed password? But if those hashed passwords are stored in a distributed manner, then you’d need a super long password to prevent rainbow table attacks on the passwords, given the hashed values would essentially be public information.

Maybe public keys are stored in a blockchain? I don’t know this is beyond me in the details.

But to summarize the problem at a data model level, an identity belongs to an instance, because the instance can authenticate them. If the identity now belongs to the whole fediverse, then the whole fediverse needs to be able to authenticate them, which if not handled correctly could lead to centralized authentication, centralized banning, censorship, reddit, etc.

load more comments (4 replies)

load more comments