Gregory's ServerFurther (and now I am ranting, sorry), I used email as an analogy specifically because it is insecure as shit but we use it every day
|
12 comments
@darius Yeah. I’m in favor of a better UX. I’m even more in favor of fixing the glaring safety hole before encouraging new adoption. I’m a thoughtful server admin, but even I don’t trust me with your DMs. (And yes, I totally had the “I read your emails” sticker back in the day.)   @darius i'm not sure what the point of such a *server* would be, but as a *client*, i imagine it would make some sense. i'm thinking generic activitypub server and then an activitypub client that just shows you your inbox. i mean, everything is a "direct message" on the spec level, right? just, you're dealing indirectly with resources. perhaps you could have a separate Message activity, but it is also conceivable to add certain objects to a certain collection. maybe even both of these ideas.    @darius FWIW email is a lot more secure, on average, than people give it credit for. It doesn't break in the nice clean way that e.g. spoofed TLS would, but in practice if you try to blast out plaintext SMTP forged from: headers these days, you get blackholed into oblivion 99% of the time. servers are also using TLS between each other and so grabbing messages off the wire is not trivial either. @glyph right, and ActivityPub has similar protections built in for forged from fields and the like. The core insecurity of "Google can hand your plaintext email to the cops" is analogous to "admins can read your DMs" that people on here are always bringing up |
I probably should have pitched it in the original post as an idea for insecure messaging