One of the things I’m cautious about when it comes to lemmy (and mastodon) is how easy it can be to lose control of your account.

For example, a server could shut down unexpectedly making hundreds of people lose their accounts. Or, a malicious administrator could take over a popular account to post scams or propaganda. I am not aware of these things having happened, but I don’t think they’re too far fetched.

Self-hosting a lemmy server solves some of these problems, but that takes a bit of time, effort and money.

I was thinking about email encryption, specifically the digital signature part. Could something like that be used in lemmy? So that if someone decides to “trust” me, they will be able to trust that it’s me no matter which account I post from. They would be able to spot an impostor who had gained access to my account.

What do you think?

  • @[email protected]
    link
    fedilink
    English
    81 year ago

    then we still would need a place to host verified user keys - like we currently need for GPG/PGP
    or am I missing something?

    but I still kinda like the idea to further secure my account and maybe have the ability to authenticate over instances

    • @Impronoucabl
      link
      English
      01 year ago

      If your lemmy server itself acted as a host for all the keys, I think it could work. As long as you’re not worried about the NSA/Well-eqipped-company slipping in to steal your online persona.

      I.e you never mention anything personal about yourself, etc.

  • @[email protected]
    link
    fedilink
    English
    71 year ago

    This sounds like it’s unreasonably hard to implement for only marginal gain.

    There is no good way you could safely handle the certificate key in your browser, as it executes JavaScript code from the instance. If you’re giving your certificate key to that code to sign the message, you have to trust that code, or review it, every time you browser downloads it.

    It would work with apps, as you only have to trust the app distributor, but the number of certificates and app users is even smaller.

    If you’re worried about malicious admins, then you should leave the instance too, and it’ll most likely also get defederated by most instances very quickly. If you think your instance admins are planning on becoming malicious in the future, you should switch instances asap.

    If you want to protect against third parties gaining access to your account, two factor authentication is a much cleaner way to prevent unauthorized users from abusing your account, by preventing them from gaining access.

    If you’re worried about an instance going down and people not recognizing you, you can create an additional account on a different instance in advance, or, since only a handful of people will care that you’re still the same person, you can give them some other way of communicating.

    And, if you think about it, most of the Reddit refugees lost their accounts in the migration too, so even if Lemmy was a single large instance/company, your account is always at risk.

    Most likely, instances won’t shut down immediately, but have some date set, during which you can migrate/download what you need to.

    • @Chobbes
      link
      English
      2
      edit-2
      1 year ago

      I think it’s technically possible to do it in a sane way. I don’t know if it currently exists in any form (I guess it kind of does for U2F keys / client side certificates?) but your browser itself could manage encryption keys, or could interface with hardware keys to sign messages. Then the JavaScript never gets to see the keys and could just request that you sign something (and presumably you need UI to know what you’re agreeing to sign in the browser so you don’t have to trust the random JS about what it wants to sign). It sounds like a perfectly reasonable browser feature to me, especially in an era of passkeys and stuff.

      Of course it wouldn’t be worth implementing in the browser just for Lemmy, and there’s other problems like syncing keys (maybe you’d just sign your other keys to establish trust)… But such an API would be useful for other situations too (e.g., signing commits on github). Cryptographic signatures seem really niche, but people use them all the time behind the scenes, and I think it’s something that would actually be really useful to inform the general public of more… They kind of solve problems that I think most people would think are impossible to solve. I mean, obviously we’re not going to throw normal people at GnuPG and call it a day, but with some communication and UI effort I think they could be a valuable asset for society.

    • riskable
      link
      fedilink
      11 year ago

      So… it would have the same level of security as browser-based password managers 😁

    • @[email protected]OP
      link
      fedilink
      English
      01 year ago

      That’s a good point, about browsers. I still think it’s a worthwhile feature to think about.

      I guess what it boils down to is that I think server admins should be able to control how users access their server but that each user should in some way own their account.

      • @[email protected]
        link
        fedilink
        English
        11 year ago

        I agree that everyone should own their account, but I don’t think there is a feasible way of defending against server admins.

        This would be like trying to defend against your hardware manufacturer or against Microsoft on a Windows PC.

        And even if the signing is somehow safely implemented, you run into an entirely different set of problems.

        Who checks the certificate? All federated instance servers? Then how do they verify that they can trust that certificate? You can’t set a certificate in the user profile, since this can be overwritten by admins.

        You could have an external service that links certificates and user accounts, but now you need to trust those admins, too.

        Should users check it themselves? Do you really care, if this comment and the previous one were both written by the same person? Of course, if you and I both know each other, we could exchange certificates and verify them manually. But at that point I might as well give you my E-Mail, Discord, different instance Username, Facebook profile, whatever and I can simply tell you that the admins of my instance started acting malicious.

        Think about it this way: If you don’t trust you E-Mail Provider, why would you sign up on that server? You’re trusting the admins there too, and E-Mail content is a lot more sensitive than a few public messages.

  • meli nasa
    link
    fedilink
    English
    4
    edit-2
    1 year ago

    For the “server shutting down” part, what you want is nomadic identity. There have already been a few discussions around this stuff, here’s a good summary (scroll down to the bottom): https://blog.erlend.sh/fragmentations-in-the-fediverse

    Most fediverse platforms don’t seem to see this as a priority at all right now, for what it’s worth.

    • @[email protected]OP
      link
      fedilink
      English
      11 year ago

      Yes, thank you! Even if it’s not a priority right now, it’s at least good to know the idea exists.

  • @StarManta
    link
    English
    21 year ago

    Mastadon has a little verified checkmark thing, Lemmy could definitely incorporate it. I believe it requires putting a small file on a server, so it basically verifies “yes, the guy with the account JoeSchmo is in control of joeschmo.com”.

    • @pandarisu
      link
      English
      11 year ago

      The Mastodon one just requires you to add a HTML tag to the page you are linking to on your profile. Technically it’s a link to your Mastodon profile with a rel attribute, but you can leave the text blank if you don’t want a link on the page