this post was submitted on 31 May 2024
1954 points (98.1% liked)

Fediverse

28556 readers
940 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 6 months ago

You may also interact with countless bots without ever knowing, because creating fake identities is free.

Maybe. Bots don't seem currently capable of holding a conversation beyond surface level remarks. I think I tend to engage with thought-provoking stuff.

On the off chance that I reply to a bot, it is as much for my reply to be read by other humans viewing the conversation. So I don't understand how interacting with countless bots is supposed to be such a big downside.

Plus, I don't see how public/private key pairs prevents endless "fake" identity creation/proliferation. It's not like you need a government-issued ID to generate them (which, to be clear, still wouldn't be great -just got other reasons).

Fair, some people value their identity.

To be clear, I'm talking about online identities. In which case, I would argue that if you value it so much you should not delegate it to some third party network. My IRL identity is incredibly valuable to me, which is why I don't tie it up with any online communications services, especially ones I have no control over.

For average people nothing changes, the app can hold their key for them and even offer email recovery.

...so then the app can post on my behalf without me knowing? And it'll be signed as if I had done it myself. I don't understand preferring this if you're not also self hosting.

That's something having signatures and a web of trust solves.

But as I wrote in my previous message regarding gpg signing circles (a web of trust), that doesn't "solve" things. It just introduces more layers and steps to try and compensate for an inherently impossible ideal. Unless I'm misunderstanding your point here?

Besides, you fail to see another problem: Whichever centralized, federated site you use can manipulate anything you read and publish.

I just take that for granted on the internet. It's true that key-signing messages should make that effectively impossible for all but the largest third parties (FAANG & nation-states). But you still need to verify keys/identities through some out-of-band mechanism, otherwise aren't you blindly trusting the decentralized network to be providing you with the "true" keys and post, as made by the human author?

Anyway, if you don't see a need for tools like nostr you don't need them.

Maybe I'm not expressing myself properly; I don't see how nostr (and tools like it) effectively address that/those needs.

Sort of like how there was (arguably still is) a need for cash that governments can't just annul or reverse transactions of, yet bitcoin and all cryptocurrencies I'm aware of fail on that front by effectively allowing state actors (who have state resources) to participate in the mining network and execute 51% attacks.