|
Fedi moderation idea: UEFI Secure Boot. We have a big circle of trust. We switch from denylists of known bad servers to allowlists of known good ones. You can join the trusted network if some existing member vouches for your instance, and the network effect takes over. Participation requirements include moderation, failure to moderate = removed from the allowlist. List is centralized but maintained by consortium of sufficiently big instances. 6 comments
Of course, if an instance is given the benefit of the doubt and they violate that trust, then they would be removed from the list. This is no worse than the status quo. But malicious instances will not get to participate unless they can convince someone to vouch for them. And there could be punishments for vouching for a malicious instance If individual servers disagree with the collective allowlist, they can still have their own private list that they use that's catered to their own members  @AdrianVovk aren't there like, very good critiques of why the centralised approach to secureboot is bad? @cas Sure, but it depends on what you're defending against. Relying only on Secure Boot w/ a wide trust model is definitely something to criticize, because anything in the trust circle can have a vulnerability and break the whole system. Adding Measured Boot into the mix changes the dynamics completely: now SB just acts to prevent outright malware from running, and MB ensures the integrity of the boot chain. (1/2) @cas Analogizing to Fedi: a "trusted network" won't eliminate the need for moderators (just like SB w/ wide trust isn't particularly robust without Measured Boot), but it will prevent obvious malicious instances from participating. |
Gregory's Server
When I say moderation, I mean it in a lax sense. A single-user or small family instance is inherently moderated. Public instances will need dedicated moderators.
Requirements to participate should be lax. They're there to filter out the endless game of whack a mole with outright malicious instances. Those won't get to participate, but others will
Eventually this system can be used to enforce flag days across fedi too! "Have this safety feature for your users by $DATE or get defederated"