Plebbit is a selfhosted, opensource, nonprofit social media protocol, this project was created due to wanting to give control of communication and data back to the people.
Plebbit only hosts text. Images from google and other sites can be linked/embedded in posts. This fixes the issue of hosting any nefarious content.
it has no central server, database, HTTP endpoint or DNS - it is pure peer to peer. Unlike federated instances, which are regular websites that can get deplatformed at any time,
ENS domain are used to name communities.
Plebbit currently offers different UIs. Old reddit and new reddit, 4chan, and have a Blog. Plebbit intend to have an app, internet archive, wiki and twitter and Lemmy. Choice is important. The backend/communities are shared across clients.
The code is fully open source on
Assuming you’re talking about authentication:
I’m deciding if the first is sufficient or if I actually need some form of blockchain to prevent tampering.
Thanks for your thoughts on this.
I am not sure how Matrix handles keys but it is a real headache for end users. For me at least
With openid, etc, it’s decentralized compared with centralized and distributed, so you wouldn’t get stuck with one openid provider.
I don’t know much about any of these so thanks for developing for the rest of us.
Yeah, I’m thinking of having a separate key per device, and there would be a registry that ties them together. Usernames would not be unique, so to tell two users with the same name apart, the app would check the post signature against the keys in the registry.
This should prevent name squatting, but it would enable pretending to be another user. As long as user names aren’t very important (i.e. it’s closer to Reddit than Twitter/Facebook), this is probably fine and similar to what we have on Lemmy (only unique to your instance).
If we want to guarantee unique usernames, we would probably need to use a consensus system like blockchain. But blockchain has other drawbacks and I’d really rather not go that route.
Which one we go with doesn’t really impact my moderation plans, so I’m going with pub keys for now because they’re dead simple. It’s also nice that it’ll keep working if your country disconnects you from the internet, and someone could smuggle in data from outside if you really wanted to.
The first is sufficient. You only need to see someone’s public key once, then you cache it and can authenticate all future signed messages.
I just need to think about potential attack vectors. I think issues can be worked around, but I’ve spent most of my time thinking about how to create something and less about how to protect it from attack.
But yeah, public key crypto w/o a central database is my first choice, blockchain is my second.