I just saw this on Reddit yesterday and now I'm here again.
Using phtn.app and Voyager.
this post was submitted on 08 Mar 2025
681 points (97.8% liked)
Technology
64657 readers
4306 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
I love Lemmy and Voyager and the Fediverse. That said, if it were to become mainstream I forsee some problems. The fact that the login relies on only passwords is pretty terrible. Also, this makes the service vulnerable to bots, sock puppet accounts, brigading, etc.
Lemmy supports 2FA lol.
(At least on the web UI it does)
What would you propose replace passwords to not be susceptible to those things?
I personally like how secure and non intrusive passwords are, especially when using a self hosted password manager synced with git.
Passkeys are much better. Unlike what FAANG companies want you to believe, they do not have to be tied to a device. Use a password manager that supports them (BitWarden) and pretty much never get hacked again because of a password. Website doesn’t need to store anything that an attacker can use. No downside.
Any recommended reading for pass keys to get me up to speed? I use Bitwarden and have been happy enough with just passwords via that for a long time now. Only time I've seen pass keys mentioned really was Google trying to push it on me but I don't use their password manager.
A passkey is a public/private key pair used instead of a password. You store the private key, and the website stores the public key. Data encrypted with the public key can only be decrypted by the private key, and vice-versa.
This means you can share the public key freely with the website, and even if they get hacked and the public keys are stolen, they’re useless.
When you log in, they send you a challenge encrypted with the public key, and since you hold the private key, you can decrypt it, create a response to it, re-encrypt it with the private key, and send the response to the website; which then decrypts it with the public key to verify it.
The initial spec was that each device would have its own passkey and store it in a TPM (that thing Microsoft requires your computer to have for Windows 11), which is a secure memory storage location that only the kernel can access.
However BitWarden is also able to store them and make them portable. (I think the standard was loosened to allow for this? But don’t quote me on that.) So, now you can have one passkey for the site and it works anywhere you can use BitWarden’a browser extension.
TLDR: more secure than a password, nothing to forget, stops passwords being stolen.
2FA support would be better
Lemmy does support 2fa
oh. Nevermind then. I think this should be enough. maybe OpenID Connect support would be nice
It is hard to do well which is why I worry. Google probably has the best overall account security, you could fo worse than modeling after them.
The short answer to your question is Passkeys. But you need a whole system of account recovery around them.
load more comments
(6 replies)
The problem is that it’s “too complicated“ by presenting choices before knowing what they mean. It’s a decision tree without knowing the outcomes.
I’m new to Lemmy and it wasn’t as easy to sign up and use as Reddit or other social networks.
First I had to choose a server. To do that I had learn the consequences of choosing a server. Once I decided .ml had a sign up process where I had to be approved.
Then I wanted to choose a community, I think it’s called, and found there were multiple communities with the same name. Once again I had to make a choose without knowing the difference.
It all reminded me of the Paradox of Choice TED talk, https://www.ted.com/talks/barry_schwartz_the_paradox_of_choice .
Finally I had to choose an app, as there is no official one. Now I’m in Mlem, but I don’t know if it’s better or worse than the others.
Choice is great but for easier onboarding a first stop for server and app would be great. Like browser, you’re given one when you start and if you want better, and you’re ready too look for one, you can go looking.
If you choose the app first, and you choose Voyager, everything else - browsing, creating an account - is intuitive and just works.
Even though it's first on the list when searching on the iOS Appstore I didn't choose it because the icon looks... well stupid.
Yeh don't choose that one, just sign up on desktop and use Jerboa ngl the reason techbros win is most normies do not want agency, they want to turn their brain off and scroll whatever the algorithm serves up as they do.
Technology Connections made a good video on this recently but I fear his plea will fall on deaf ears.
Just like this article, no one's actually denying anyone the fediverse, we are literally right here.
For the uninitiated it’s basically a 1:1 clone of Apollo for Reddit. Hell, even the app’s name is derivative!
That said it’s still one of the best Lemmy apps for iOS and is a testament to Christian Selig’s original vision.
There is an issue open on Lemmy's github about merging communities of the same name together in the ui by an "all" button, but sadly it's been inactive for a year: #1113
I wonder how moderating would work in a merged community, would mods not from instance X only be able to hide a post from that instance from the merged community, or would they have power to remove a post from another instance? I’d imagine that is one of the hiccups of a feature like this, it is a shame it has been collecting dust though
Edit: re-read the issue, now I understand it would be more of a multi Reddit than a merged community, so mods would only have the power for their own instance/community it sounds like
That’s more a feature for a client app.
I mean, people do use the Web UI.
There’s more than one web UI.
load more comments
(3 replies)
Finally I had to choose an app, as there is no official one
It's called Jerboa and it's one of the worse ones, but it does exist
Jerboa
What makes it official, I didn't come across it when I was searching for an app. I finally see why all the other apps use a rat as their logo.
Jerboa has the same lead developers and is part of the same GitHub organization as the Lemmy server and web UI.
The logo for Lemmy itself is the head of a rodent, supposedly a lemming. Most instances use that logo or a variation of it in their web UI. Jerboa and other apps in turn tend to use a rodent in the logo.
What's the issue with Jerboa? It's like Relay it's probably the best one out there.
Anyone want to clue him in on who runs .ml? I feel like it's going to break his heart. But also, I kinda feel like he should know...
load more comments
(11 replies)
Finally I had to choose an app, as there is no official one. Now I’m in Mlem, but I don’t know if it’s better or worse than the others.
I'm just here from Reddit after the Boost app finally stopped working. So now I'm running "Boost for Lemmy", would definitely recommend it. It was one of the best 3rd party Reddit clients.
load more comments
(17 replies)
view more: next ›