So... Has anyone on here actually talked with the people from the #SocialWebFoundation?
-
@[email protected] @[email protected] @[email protected] @[email protected] Like we're already testing our luck with TLS on some of these instances that easily get >10,000,000 AP requests per day.
-
@puppygirlhornypost2 @mia @hazelnoot @Raccoon I've talked about supporting [RFC 6920](https://datatracker.ietf.org/doc/html/rfc6920) to spread the media processing load before but this really makes media impossible to ever retract
-
BeAware :fediverse:replied to Raccoon at TechHub :mastodon: last edited by
@Raccoon what do you mean they're "not" involved? They're on the advisor team... A.k.a. they're the financial backing...
-
WHY PRIVATE MESSAGING OMG.
Because Evan and Tom got a grant from Ethereum Foundation to implement E2EE for AP.
(I agree with you that it's a terrible idea for everybody but Evan and Tom, I just wanted to give the background as to why.)
@[email protected] @[email protected] -
kouhai, Breaker of Cachesreplied to Amber last edited by
@puppygirlhornypost2 @erincandescent @mia @Raccoon @hazelnoot I don’t think that’s a particularly big issue?
cryptographic RNGs don’t just run out of entropy because they get reseeded periodically. this happens automatically [ref: https://docs.openssl.org/1.1.1/man3/RAND_DRBG_reseed/#description].
the cpu time for TLS/pk ops, sure, that’s a concern. but not that
honestly, wrt e2e, I’m more concerned that we’re going to get a design that’s objectively worse than soatok’s well thought out draft.
https://soatok.blog/2024/09/13/e2ee-for-the-fediverse-update-were-going-post-quantum/
-
kouhai, Breaker of Cachesreplied to kouhai last edited by
@puppygirlhornypost2 @erincandescent @mia @Raccoon @hazelnoot holy shit just give soatok $250,000 to spend a year doing this.
like. do we want matrix. I suspect we’re just going to get “Messages can't be decrypted by receiver (session key missing)” social whatever foundation edition, now with more Automattic Matt funding
-
@[email protected] @[email protected] @[email protected] @[email protected] @[email protected] it depends on the hardware. Modern hardware? Sure that’s not a problem but older hardware does tend to run out of entropy faster than it can replenish it. Of course the last time I heard this being an issue was like 2014 so
-
@puppygirlhornypost2 @mia @hazelnoot @kouhai @Raccoon entropy exhaustion is a stupid concept (you can't destroy entropy! This is basic thermodynamics!!) promulgated by the fact that the Linux RNG was badly designed for a long time and had stupid "entropy accounting"
The RNG no longer "depletes" entropy -
The last fucking thing we need is encrypted dms to be used as a tool for harassment.
As per the actual work (and not just saying things) that Saotok and others have been doing, this would not be like Signal, content would be report-able and forward-able to instance admins if it goes against rules. It is to protect general conversations but not preventing the reporting of content; It is not and was never intended to be a Signal alternative.
There are concerns to be had about how content will be forwarded to administrators as you do not wanna just send out potentially illegal content (e.g csam) to other servers, as that'd count as distribution, but the general idea is to have a working report function.
I do not intend to downplay existing issues with Fedi and moderation, but the foundation is claiming work as theirs without proper transparency on what the goals are based on actual work actual contributors have already done before the foundations existence, leading to a skewed image of what some of these initiatives are supposed to be.
E2EE for AP is **not supposed to be confidential nor is it supposed to provide secrecy.** It is supposed to give a basic layer of privacy whilst still allowing content to be reported. Please see this to understand what I mean.
-
@[email protected] wow this gets worse the more i hear about it, because i support Saotok. I can't believe the foundation is just spewing shit.
-
I initially gave the SWF a pass despite it's connections but with their page on E2EE being so vague that it gets misinterpreted like this and causes a massive hellthread is a sign that they're not up to the task
They NEED to be clear with their goals. Not making the distinction between Privacy and Secrecy on their page about E2EE in AP as well as many other mishaps that have already happened has caused nothing but confusion and outrage
Not to mention, whilst the general idea of their goals are nice and all, they do not represent the wider community, and they ESPECIALLY do not represent what actual Fediverse admins are lacking (as you outlined quite clearly)
So far, quite a failure.
-
Also, Mallory's graduate research is on encryption interoperability. She's on the board of LEAP Encryption Access Project which does LEAP VPN.
@[email protected] @[email protected] -
@puppygirlhornypost2 @Raccoon Also we need to normalize having programs that do one or two things. Not everything needs to be an "everything app". Having separate social networking & instant messaging programs is a good thing because the developers will actually be able to focus on those things.
-
Raccoon at TechHub :mastodon:replied to Luna Lactea last edited by
@jackemled @puppygirlhornypost2
Just wanted to say, I've been completely overwhelmed by the amount of response to this post, which is why I haven't responded to any of it yet, but I really appreciate seeing this discussion happen. -
Raccoon at TechHub :mastodon:replied to ⚞ Alexia ⚟ last edited by
@cyrus @puppygirlhornypost2
Just wanted to say, I've been completely overwhelmed by the amount of response to this post, which is why I haven't responded to any of it yet, but I really appreciate seeing this discussion happen.