@torresjrjr

To what end? our local timeline seems rather manageable. At some point it may get crowded and worth considering. Right now the pass seems workable, do you disagree?

@users

@freemo @users
I find the local timeline great as it is. Not to sparse or dense.

It was more of just a thought of whether you had a particular max number in mind, or if you had any commitments against small scale centralisation.

I'd imagine 13000 accounts (granted, some bots) is maybe a lot to handle. Doesn't seem like it though.

People also naturally inclined to take what they can instead of conserve, and grow as much as they can. What are your thoughts?

@torresjrjr

Its ahrd to judge based on numbers, as you suggest it has more to do with activity. I dont have a number in mind but mostly look to our local timeline and the interactions of the community to get a sense for if we are in the sweet spot. For now its good, if things start feeling crowded we will adjust accordingly.

I am a big fan of trying to feel your way through the rules and development of QOTO as hard numbers can be very misleading.

@users

@freemo
How many of that 13,000 are dormant accounts?
@torresjrjr
@users

@mur2501

Depends how you measure it. I see users go dormant for months sometimes and then come back and be active for months. But in any one month about 1000 are active.

@torresjrjr @users

@mur2501

Active being that they logged int, not necessarily posted.

@torresjrjr @users

@freemo
That's good
1000 is a good big number
I think I should go to the instance timeline and federated timeline
Will make new frens
@torresjrjr @users

@mur2501

Federated timeline can be a bit much, you do make friends taht way but its mostly garbage to sift through. Local instance timeline is a nice place though.

By the way in terms of users who post, its probably closer to half to 75% of that, just guessing though based on graphs and rough guestimates.

@torresjrjr @users

@freemo
Nice insight. Keep it up 👍🏼
@mur2501 @users

@mur2501 My account here was dormant for like 2 years. ;)

@freemo @torresjrjr @users

@trinsec

What were you doing the two years
@freemo @torresjrjr @users

@mur2501 I was entertaining the Fediverse via mastodon.host. Obviously that's a bit difficult to do now. ;)

@freemo @torresjrjr @users

@trinsec
Bit difficult??
@freemo @torresjrjr @users

@mur2501 Try visiting mastodon.host to see why? ;)

@freemo @torresjrjr @users

@trinsec

Suprisingly you arent the only one. I see people like that every week. I usually am made aware of it because they come begging me to get them into their account as they lost their email or two factor or whatever.

@mur2501 @torresjrjr @users

@freemo
What's the procedure for getting into my account if I forget my email or stuffs?
@trinsec @torresjrjr @users

@mur2501

Ask me and sufficiently prove your identity. I sometimes need to deny users access. If you can show you own the email address and your account has been inactive then I will usually disable 2fa for you. If the user has been active though I give the user a chance to speak to see if its them or whats going on.

If you lost your 2fa and your email address entierly then I will usually verify that the email address is truly deleted by emailing it and seeing if I get a mail domain error saying the account is deleted. If i do not get that error then I wait some time to see if i get a response from the old email address to see if it is the user there or not.

So, dont delete your email address basically or else it might take a week or more for me to verify you.

@trinsec @torresjrjr @users

@freemo
Rather then deleted email I think forgetting the password of email would be more dangerous
@trinsec @torresjrjr @users

@mur2501 I think if you forgot the password of your email, you got bigger issues than a lost Mastodon account. :P

@freemo @torresjrjr @users

Deleted email i can get you in much faster as i can detect the email was deleted.

@trinsec @mur2501 @torresjrjr @users

By the way if you want extra security in this scenario and protection against malicious users pretending to be you to get into your account then post your GPG key in your bio or verify with keybase. This will allow me an addition vector to verify you should you get locked out that wont rely on email.

@trinsec @mur2501 @torresjrjr @users

@freemo
How can I verify with Keybase?
I am dumb 😅
@trinsec @torresjrjr @users

@mur2501

https://keybase.io/blog/keybase-proofs-for-mastodon-and-everyone

@trinsec @torresjrjr @users

@freemo @mur2501 @trinsec @users

Preferably use @keyoxide
https://keyoxide.org/
https://keyoxide.org/guides/mastodon

Zoom aquired Keybase, so do with that knowledge what you will.

@torresjrjr

that is true, though the owners of keybase would not be able to present any security concerns, presuming you dont hand them your private key (most users dont).

Keyooxide is a great choice too. Any mechanism for proving to me you own the key associated with your account is good by me.

@mur2501 @trinsec @users @keyoxide

@freemo @mur2501
I'd argue that Keyoxide is better because:

- It doesn't encourage you to download needless software.
- It encourages you to handle your PGP keys individually, and not depend on some external acount on some platform.

But I can see reasons for the alternative. I haven't used Keybase.

@torresjrjr @freemo @mur2501 Good point on the PGP key thing To me giving control over to others of that, almost defeats the point,

If the web of trust is about you trusting me, how do you trust me when I am not in control of my keys and the security of those keys.

For reference I think this is the keyoxide website

https://keyoxide.org/

#privacy #online #security #identity

@torresjrjr @freemo @mur2501

This could also be useful for @flockingbird too perhaps.

@torresjrjr

• It doesn’t encourage you to download needless software.

I dont think encouraging you to download needless software is a bad thing, so long as it is encouragement and not a requirement. In fact I’d say writing a custom app that is essentially a wrapper to other tools but makes using the service easier is a good thing. This is doubly so when you consider that every action you want to do in keybase gives you the exact commands to run both with their software and using plain linux commands. So they really make it so there is no pressure of any kind to use their software.

• It encourages you to handle your PGP keys individually, and not depend on some external acount on some platform.

While I do agree that in terms of “encouragement” it should warn and discourage you giving it your pgp key, as that is just bad practice in my eyes if your particularly security aware. But it is still only encouragement and is entierly optional. So to me having provided the option, particularly when there is no disadvantage to not following it, is perfectly acceptable. More options means more power for the user to choose, power often means you have the option to choose things that may not be what others recommend or even choices that may be less secure. But that is, ultimately, your choice and I am pro-choice :)

@mur2501

@freemo
Which one is more easier to setup?
also I am not linux.
@torresjrjr

@freemo @torresjrjr @mur2501 I think as long as we are given the facts, and information to make informed choices, if this means running webinars where we can ask questions then so be it.

In fact asking questions feeds in to two things

1. better faq’s
2. better documentation / information that reduces the need for the faqs in the first place

@torresjrjr @freemo @mur2501 @trinsec @users @keyoxide

So do people think this is a good / bad thing, I would err on the side of caution, given the lack of trust there is in zoom.

Too many acquisitions makes it harder to know who owns whom these days.