Does anyone running a misskey/mastodon instance know if it would be possible for you to steal someone's profile? May it be by simply deleting and recreating the same username on the same instance but with you in control, or by other means?
I'm asking because I think we could all benefit from a private/public keys system like there is on keybase.io in order to be sure that we are interacting with the right user.
Conversation
Notices
-
Embed this notice
Gaijin (gaijin@den.raccoon.quest)'s status on Thursday, 16-May-2024 01:49:08 JST 
Gaijin
-
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Thursday, 16-May-2024 01:49:03 JST 
Fish of Rage
@dushman @gaijin authorized fetch key in practice is per-server not per-individual.
key management for individuals is a hard problemclacke@libranet.de is my main likes this. -
Embed this notice
Dushman (dushman@den.raccoon.quest)'s status on Thursday, 16-May-2024 01:49:06 JST 
Dushman
@gaijin May it be by simply deleting and recreating the same username on the same instance but with you in controlWhen you delete an account the name will still be reserved unless an admin changes this manually, so no. I assume Mastodon does the same thing, though I never ran it myself. I'm asking because I think we could all benefit from a private/public keys system like there is on keybase.io in order to be sure that we are interacting with the right user.A similar feature already exists, it's called authorized fetch. Most fedivsrse software implements it.
https://www.w3.org/wiki/ActivityPub/Primer/Authentication_Authorization -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Thursday, 16-May-2024 01:49:48 JST
Fish of Rage
@dushman @gaijin the funny part is that every user does have a public and private rsa key on the server itself with mastodon/pleroma lol clacke@libranet.de is my main likes this. -
Embed this notice
Dushman (dushman@den.raccoon.quest)'s status on Thursday, 16-May-2024 01:49:50 JST
Dushman
@sun@shitposter.world @gaijin@den.raccoon.quest
Yeah I should've clarified. Implementing this per user would be a massive headache. -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Thursday, 16-May-2024 01:57:39 JST
Fish of Rage
@gaijin @dushman work is being done to make it possible for a user to have custody of their own private key but this work will go nowhere because mastodon will refuse to support it. -
Embed this notice
Gaijin (gaijin@den.raccoon.quest)'s status on Thursday, 16-May-2024 01:57:40 JST
Gaijin
@sun@shitposter.world @dushman@den.raccoon.quest Why aren't we letting users see the public key of others in order to compare? And the owner download his private key to keep it on a safe storage?
-
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Thursday, 16-May-2024 02:02:11 JST
Fish of Rage
@jeffcliff @dushman @gaijin I'm sorry, I keep forgetting that Mastodon is only the distant second-most adopted activitypub implementation. Doughnut Lollipop 【記録係】:blobfoxgooglymlem: likes this. -
Embed this notice
Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴☠️🦝🐙 🇱🇧🧯 🇨🇦🐧 (jeffcliff@shitposter.world)'s status on Thursday, 16-May-2024 02:02:12 JST
Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🏴☠️🦝🐙 🇱🇧🧯 🇨🇦🐧
@sun @gaijin @dushman
> because threads will refuse to support it
ftfy -
Embed this notice
Dushman (dushman@den.raccoon.quest)'s status on Thursday, 16-May-2024 02:03:12 JST
Dushman
@sun@shitposter.world @jeffcliff@shitposter.world @gaijin@den.raccoon.quest
It's joeverFish of Rage likes this. -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Thursday, 16-May-2024 02:09:52 JST
Fish of Rage
@gaijin @dushman there is some hesitancy here because if you mention crypto wallets (now probably the biggest end-user deployment of public key encryption ever), even though you're not even touching a blockchain or expending carbon to do the key operations, a bunch of people start pissing and shitting themselves uncontrollably with rage at the suggestion. -
Embed this notice
Gaijin (gaijin@den.raccoon.quest)'s status on Thursday, 16-May-2024 02:09:54 JST
Gaijin
@dushman @sun@shitposter.world Could be done by a browser extension like crypto wallets do. Then you could connect to fedi with your private key somehow. I'm not well informed on how it works to be honest.
-
Embed this notice
Dushman (dushman@den.raccoon.quest)'s status on Thursday, 16-May-2024 02:09:56 JST
Dushman
@gaijin @sun@shitposter.world
Well I'm talking about having the authentication be done by the client. Would be too cumbersome for something like fedi. -
Embed this notice
Gaijin (gaijin@den.raccoon.quest)'s status on Thursday, 16-May-2024 02:09:59 JST
Gaijin
@dushman @sun@shitposter.world Wuw, that's probably too technical for me. But I'll give it a try. thx
-
Embed this notice
Dushman (dushman@den.raccoon.quest)'s status on Thursday, 16-May-2024 02:10:02 JST
Dushman
@gaijin @sun@shitposter.world
Yeah that's the problematic part. Look at XMPP omemo encryption if you wanna know what issues that would cause lol. -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Thursday, 16-May-2024 02:22:38 JST
Fish of Rage
@gaijin @dushman I'm familiar (I work in the industry) but the reaction is almost completely emotional not factual. -
Embed this notice
Gaijin (gaijin@den.raccoon.quest)'s status on Thursday, 16-May-2024 02:22:39 JST
Gaijin
@dushman @sun@shitposter.world Depends on the blockchain and the confirmation system they are using. PoW (Proof of Work) is indeed insane but alternatives are being found like the Solana one with their PoH (Proof of History)
https://pbs.twimg.com/media/FuPlY7dWYAEQvm_?format=jpg&name=large -
Embed this notice
Dushman (dushman@den.raccoon.quest)'s status on Thursday, 16-May-2024 02:22:42 JST
Dushman
@sun@shitposter.world @gaijin@den.raccoon.quest
Someone was pissed at that specifically? The actual transactions are very energy intensive which is a valid point. -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Thursday, 16-May-2024 02:25:27 JST
Fish of Rage
@dushman @gaijin I did say that the key operations don't do transactions, they are just normal cryptography on the client machine alone.
eth wallets are what are usually on the table and they switched to a system a couple of years ago that doesn't boil oceans so everybody just switched their argument to "it's still bad because it USED TO do that" -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Thursday, 16-May-2024 02:31:37 JST
Fish of Rage
@dushman @gaijin most people here are extremely anti-crypto no matter what. I'm not talking about you, who has some concerns/objections, but people that have a giant emotional reaction to the idea of using a crypto wallet for any purpose. -
Embed this notice
Dushman (dushman@den.raccoon.quest)'s status on Thursday, 16-May-2024 02:31:39 JST
Dushman
@sun@shitposter.world @gaijin@den.raccoon.quest I did say that the key operations don't do transactions, they are just normal cryptography on the client machine alone.I know. I was asking if someone made a fuss about that for some reason.
-
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Thursday, 16-May-2024 02:53:27 JST
Fish of Rage
@dushman @gaijin that is fair but at the same time consider that all of this applies to anyone in normal finance and these same people still beg using paypal -
Embed this notice
Dushman (dushman@den.raccoon.quest)'s status on Thursday, 16-May-2024 02:53:29 JST
Dushman
@sun@shitposter.world @gaijin@den.raccoon.quest
Yeah I guess a lot of them are here. Overly enthusiastic cryptobros are just as cringe though. Also energy usage aside, seeing more use as a vehicle for speculation than actual currency is another big problem imo. -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Thursday, 16-May-2024 02:55:41 JST
Fish of Rage
@gaijin @dushman @romin I declare this is now a crypto thread. -
Embed this notice
Gaijin (gaijin@den.raccoon.quest)'s status on Thursday, 16-May-2024 02:55:44 JST
Gaijin
@romin@shitposter.world @sun@shitposter.world @dushman@den.raccoon.quest No, there are a lot of scams in crypto. Nuance.
-
Embed this notice
ロミンちゃん (romin@shitposter.world)'s status on Thursday, 16-May-2024 02:55:45 JST
ロミンちゃん
@sun @dushman @gaijin but crypto is a scam (a very profitable one) -
Embed this notice
Fish of Rage (sun@shitposter.world)'s status on Thursday, 16-May-2024 02:57:18 JST
Fish of Rage
@dushman @gaijin I separate you from the lunatics I'm talking about, friend. -
Embed this notice
Dushman (dushman@den.raccoon.quest)'s status on Thursday, 16-May-2024 02:57:21 JST
Dushman
@sun@shitposter.world @gaijin@den.raccoon.quest
Well I'm not too fond of traditional finance or capitalism in the first place. I do consider that. -
Embed this notice
Dushman (dushman@den.raccoon.quest)'s status on Thursday, 16-May-2024 02:58:29 JST
Dushman
@sun@shitposter.world @gaijin@den.raccoon.quest
Oh yeah I'm not implying you aren't. Just saying what I think about this.Fish of Rage likes this.
-
Embed this notice
All GNU social JP content and data are available under the