Back

@fediverse

All of the shared/single sign on and easy cross posting would probably be trust or allow-list based.

As the platforms would be FOSS, anyone could run their own instance and start their own "circles of trust". So even with big vs small server friction, there could be a few "gardens" of small and big server networks providing different "spaces" for different purposes ... all without having to worry about defederation and the software difficulties of building against the protocol.

@joeldebruijn

Quick attempt at coming up with an alternative.

Something to bear in mind here is it’s my impression that federation creates difficulties that many struggle with. So while it might be over simplified, the scale for me is already weighed with the possibility that we over complication that may need to be remedied.

Also, that big instances (eg mastodon.social) seem to be a natural thing even on the Fedi, there’s clearly perceived value for many there.

@joeldebruijn

Yep. Add a good aggregator client (hmmm, Google should make one) and you’re cooking.

@chris

Well are the requirements different in scope and engineering onus? If so, then the question is whether the end results justify the work.

Part of my motivation in thinking about this is that it seems pretty clear that alternative social media peaked around Oct-2023. It may very well continue to grow. But it might also fail. Meanwhile, many struggle with federation both as users and developers.

@maegul I agree that ActivityPub isn't easy to implement. But it is that way because of some key principals.

- no single point of failure
- openness to different instance types (not just microblogging)
- cryptographic validation of senders
- resilience towards temporary failures of instances
- control over content

And probably more. There are sure more minimalistic implementations possible but people want more functionality not less.

@1984

By single sign on I didn’t mean using Google etc, but an account from one of the sorts of trusted platforms I suggested. I’m not talking about a single server/platform. But multiple at such scales that you can use only one if you want, but which are otherwise unified by infra-network SSO and aggregating clients, all tempered by operating within networks of trust.

Yea this is exactly what I was thinking about.

The idea being that there would be circles of trusted platforms and once you have an account with one you have an account on all of them. Which, I imagine, would allow easy/quick cross posting from one platform to another when desired and make it easier to build and maintain an aggregating client that allows you to view all the platforms within such a “circle of trust” that you’re interested in through a unified interface.

@maegul How would servers share accounts and passwords? Allowing any server to know what a user’s password should be is not very good for security.

@fediverse @maegul @1984 @mindlight

@Aatube @1984 @mindlight @maegul@lemmy.ml

Yea I don’t know the best approach to that. Either a separate server for managing IDs. Or you always a principal server that manages authentication for its platform and others within the trusted “circle”. And then, should the principal server fail, you can switch to another server as your principal. Hubzilla/Streams has some process like that AFAIK.

@Aatube @1984 @mindlight @maegul@lemmy.ml

The key idea is that you can have a single unified identity on all the platforms you want. Signing into multiple platforms doesn’t require a new account every time. And cross posting from one platform to another, under your single identity is easy from every platform.

Then leveraging those features (and an open API), a good unifying client will make that easy.

There must be a way of doing that without fatal security issues or decentralisation.

@joeldebruijn Ah, that makes much more sense. I guess this could be also used for phishing, but that may be unavoidable.

@fediverse @maegul @1984 @mindlight @maegul

True! One of the main building blocks, sadly.