@olamundo @freemo

There is a lot of back history involved. Some admins don't like the terms of service used at Qoto -- **specifically some quite Libertarian statements** on it which I personally have made motions to change.

In some other cases it's because this instance did not block some other instance which they found deplorable and a nest of iniquity, etc.

I have been out in Diplomatic missions in the past, but not much resulted -- other than me sending detailed correspondence and sometimes being :

* told to not contact them again.
* or losing my local account at that instance for the attempt.
* or simply getting a polite rebuff on the attempt, which appears the most positive result.

is **perceived negatively in some quarters** - and that has implications on **who sees your posts here as well**.

See these two blog posts for detailed info on some of my past attempts :

write.tedomum.net/rgx/when-you

write.tedomum.net/rgx/todon-nl

@design_RG @olamundo @freemo

>todon dot nl

Wait a minute! Why are you communicating with that user on gameliberty? It’s clearly a rightwinger or even alt-right.

>2 days later

Your account has been suspended and all of your toots and your uploaded media files have been irreversibly removed from this server and servers where you had followers.

They… that… they didn’t just delete his account. They impersonated him, spamming other instances with fake Delete messages, to trick them into helping retroactively censor him, regardless of their ToSes. Because he may have spoken with someone who was likely to be a wingnut.

THIS IS WHY WE SHOULD BE USING PUBLIC KEYS JESUS CHRIST

@cy @design_RG @freemo @olamundo
> we should be using public keys

Already the case, but stored and controlled by the server of course :P

@461

That question sounds like it implies it would take effort. Presumably if the client were written correctly it would just need to be be configured once and then every post would get signed automatically.

@lanodan @thatbrickster @cy

@freemo it implies something more fundamental:
ActivityPub would need to be reworked as a client-server model allowing self signed keys at registration and not whatever encryption the server & protocol decides.
@lanodan @thatbrickster @cy
@461 Using OpenKeyChain as the key provider, clients would have it easy in comparison.

@freemo @cy @lanodan
@thatbrickster You'd need to rework ActivityPub to accept that exchange then.
I don't think Eugene/James wants PKI.
@cy @freemo @lanodan

@thatbrickster

Mastodon is already keybase compatible (I suspect you may know that).. I use it myself. It has some limited use here in the sense that if your account is compromised you can revoke the verification of it. The problem is people cant retroactively figure out when that revocation took place so it can be hard to do forensics to figure out the point where messages were no longer officially associated with the person.

@cy @461 @lanodan

@freemo because you need to sign a post to send the notice to another server.
It's not your key validating your post, it's accepting the post signed by your key and server to pass on on the server that has to agree with that signature, not recognizing your key.
Eugene/James is responsible for his implementation of Mastodon, of which he refuses to completely verbatim the specs.
@moth I'm talking about federation.
@thatbrickster @cy @lanodan

@461

Yea but a key signing something doesnt require manual user intervention if the client is written such as not to need it. So I'm not sure why thats a burden.

@lanodan @thatbrickster @moth @cy

@freemo I'm not talking about the client, I'm talking about activitypub.
How do you send post A(x,y) to server B(x,?) if B(x) doesn't recognize your y key, but does validation A(x)'s key.
I'm not saying it's impossible, I'm just saying there's a lot of uplifting to do.
@lanodan @thatbrickster @moth @cy
Follow

@461

In this example is A and B servers and x is the source users public key and y is the destination users public key?

@lanodan @thatbrickster @moth @cy

@freemo @461 @thatbrickster @moth @cy Aka: Consider putting better names on your variables you fucking mathematicians.
@lanodan I'm sorry junior, I'm really creatively thinking how to exploit this vector more than solving ActivityShit.
@freemo @cy @moth @thatbrickster
@freemo 'x' is the public keychain servers know and exchange with other, if not ActivityPub breaks. 'y' is your personal key you client side signed your post with. B(x) doesn't have your key, it never should, but server A(x) has to validate as it's own for B(x) to accept it, to federate it.
@lanodan @thatbrickster @moth @cy

@461

Im not even sure why the servers would even need to know about it at all to be honest.. let alone be a part of activity pub.. for example it could just call GPG whenever I try to make a post from my computer and ask it to sign the content of the post. The signature would just be attached as metadata. the usual server approach to signing would remain intact and uneffected.. When a client sees and gets your post if they too have the relevant feature then it would see the signature and verify it.

All this would manifest as some osrt of a check mark or other marking indicating when a post is signed and verified vs not. The signing process could therefore be completely automated.

@lanodan @thatbrickster @moth @cy

@freemo The raw part you're still not understanding:
There's nothing preventing external server C(x,B(x,g(y)) from deleting posts from B(x) and as it stands right now A(x). You need to rework ActivityPub to accept third party client side key signing so D(x,A(x)) can refuse C(x,B(x,g(y)) [false] deletion notices.
The case here is that A(x) exposed 'y' key compromising the chain world wide. You want to be able to register an account in server D(x) with your intact 'y' key so B(x) still accepts your new posts on the new server, after C(x) keeps trying force delete your posts forever.
@lanodan @thatbrickster @moth @cy

@461

I'm not sure having a server delete your post is particularly an issue. Servers are not obligated to let your posts go through at all, a server might block you and could (and its perfectly acceptable to) drop your post. So posts just not getting dropped isnt an issue we are trying to solve here (unless im missing something).

the issue attempting to be solved is if a server spoofs another user. Kicked them off their account then uses their account to spoof messages as if from them. Thats what we are trying to address and the scenario i proposed I believe would accomplish just that.

@lanodan @thatbrickster @moth @cy

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.