this post was submitted on 25 Apr 2024
221 points (98.3% liked)

Fediverse

28352 readers
458 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
 

In response to Bray’s toot, Evan Prodromou — one of the creators of ActivityPub, who is currently writing an O’Reilly book about the protocol — noted that this “is also the argument for using the ActivityPub API.” He described the API as “an open, extensible API that can handle any kind of activity type — not just short text.”

This gets to the nub of the issue. The fact that I can’t use my Mastodon identity to, for example, sign up to Pixelfed is not actually an ActivityPub issue — it’s because the two applications, Mastodon and Pixelfed, each require you to create an account on their respective products. What Prodromou is suggesting is that, technically, you can use the ActivityPub API for account access.

you are viewing a single comment's thread
view the rest of the comments
[–] GlitterInfection@lemmy.world 1 points 6 months ago* (last edited 6 months ago) (1 children)

You are describing the current situation in the fediverse, not a problem caused by the idea proposed.

Allowing for federated identity would also imply allowing migration of identity, which wholly prevents what you just described.

The current system is guaranteed to have larger instances where people won't want to leave because doing so abandons your identity.

If I could move around the fediverse freely I would do so, but that is not a feature that is supported so I stick to the largest instance which happens to be the one I chose. I am not unique in this. Obviously, or this instance wouldn't be so large.

Offering federated identity is only a better situation than today.

[–] Rottcodd@kbin.social 0 points 6 months ago

No, it's not the same.

You're only describing what would happen at the instance level, and skipping over the fact that the whole thing hinges on your identity on each and every instance actually being one and only one identity that would reside in one particular place. It would actually exist on, and be federated from, one particular server somewhere.

What that means, and the part you're leaving out, is that whoever controlled that server would control your access to the fediverse as a whole - not just on one particular instance, which is the reality with instance-specific identities, but on all instances of all services.

The only way to avoid putting control over your access to the fediverse as a whole in the hands of one company would be to maintain your server on your own hardware, and as the article itself notes, most people can't or won't do that. So most people will end up with their identity on all instances of all services under the control of one specific company. Which is very much NOT the case now.

Now, if someone wants to somehow use their control over my fediverse access for some self-serving purpose - either maliciously or simply as a goad with which to extract profit from me - they're necessarily limited to one identity on one instance of one service because that's as high as it goes. They might, for instance, hijack or disable or demand a subscription fee for access to my .world identity, which resides on .world's server. All that would mean to me though is that that one particular identity on that one particular instance would be compromised. I could still access the fediverse, and even access .world, just by coming in through my kbin identity or my lemm.ee identity or my .ml identity or whatever, since all of those are out of their control.

With this scheme, if someone wants to use their control over my fediverse access for some self-serving purpose, they have one specific place to do it - at the one specific server on which my identity is hosted and from which my identity is federated. With one move, they could hijack or disable or restrict extort payment for my access to ALL instances of ALL services, all at once.

Again, that is very much NOT the case today.