Gregory's ServerBut also, in response to all the "what about e2e encryption" -- I would like that but I would *also* like a nice dedicated user interface for my activitypub DMs as they exist today. Would a custom client be more secure than my current DMs? no. would it be LESS secure? also no!
|
16 comments
 Further (and now I am ranting, sorry), I used email as an analogy specifically because it is insecure as shit but we use it every day I probably should have pitched it in the original post as an idea for insecure messaging @darius Yeah. I’m in favor of a better UX. I’m even more in favor of fixing the glaring safety hole before encouraging new adoption. I’m a thoughtful server admin, but even I don’t trust me with your DMs. (And yes, I totally had the “I read your emails” sticker back in the day.)   @darius i'm not sure what the point of such a *server* would be, but as a *client*, i imagine it would make some sense. i'm thinking generic activitypub server and then an activitypub client that just shows you your inbox. i mean, everything is a "direct message" on the spec level, right? just, you're dealing indirectly with resources. perhaps you could have a separate Message activity, but it is also conceivable to add certain objects to a certain collection. maybe even both of these ideas.   @darius FWIW email is a lot more secure, on average, than people give it credit for. It doesn't break in the nice clean way that e.g. spoofed TLS would, but in practice if you try to blast out plaintext SMTP forged from: headers these days, you get blackholed into oblivion 99% of the time. servers are also using TLS between each other and so grabbing messages off the wire is not trivial either. @glyph right, and ActivityPub has similar protections built in for forged from fields and the like. The core insecurity of "Google can hand your plaintext email to the cops" is analogous to "admins can read your DMs" that people on here are always bringing up |
@darius you could also have explicit support for bootstrapping into more secure messengers if you were doing this as a first-class thing. a lot of people (myself included) _mostly_ use social DMs as a way of getting off-platform onto Signal or similar