4
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 19 Jun 2023
4 points (100.0% liked)
Technology
60074 readers
2927 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
This sounds like it's unreasonably hard to implement for only marginal gain.
There is no good way you could safely handle the certificate key in your browser, as it executes JavaScript code from the instance. If you're giving your certificate key to that code to sign the message, you have to trust that code, or review it, every time you browser downloads it.
It would work with apps, as you only have to trust the app distributor, but the number of certificates and app users is even smaller.
If you're worried about malicious admins, then you should leave the instance too, and it'll most likely also get defederated by most instances very quickly. If you think your instance admins are planning on becoming malicious in the future, you should switch instances asap.
If you want to protect against third parties gaining access to your account, two factor authentication is a much cleaner way to prevent unauthorized users from abusing your account, by preventing them from gaining access.
If you're worried about an instance going down and people not recognizing you, you can create an additional account on a different instance in advance, or, since only a handful of people will care that you're still the same person, you can give them some other way of communicating.
And, if you think about it, most of the Reddit refugees lost their accounts in the migration too, so even if Lemmy was a single large instance/company, your account is always at risk.
Most likely, instances won't shut down immediately, but have some date set, during which you can migrate/download what you need to.
That's a good point, about browsers. I still think it's a worthwhile feature to think about.
I guess what it boils down to is that I think server admins should be able to control how users access their server but that each user should in some way own their account.