pleroma.debian.social

pleroma.debian.social

jlines | @jlines@pleroma.debian.social

.

@vkc @kasperd For some time I have felt that some form of federated ActivityPub based security system would be beneficial. This would be aimed at being produced and consumed primarily by computers, but should be readable by humans for verification. Things like fail2ban from a computer attack level, sharing spam sources and sharing info on objectionable content origins. Web of trust and similar content policies would apply.

Unicorns
I am constantly bombarded by companies trying to sell me things I don't want, but there are things I would buy, if somebody made them. I am calling them #unicorns. There doesn't seem to be a good mechanism to let companies know they exist.

https://blog.wp.paladyn.org/category/unicorns/

@nixCraft I would like to see more organisations/companies setting up their own Fediverse (I use pleroma for my personal Fedi - as does Debian - server diversity is good). This deals with a lot of the issues of identity confusion, once people start to see more accounts like @news@bbc.co.uk (does not exist, but hard to fake, and fewer @thisIsTheBBCNewsHonest@mastadon.social (also does not exist).
https://wordpress.debian.social/jlines/2021/01/12/it-is-good-to-be-a-tree/

@JamesBaker Beyond this, once a digital means of proving your identity goes out of your control who is to prevent it being re-used. I wrote https://blog.wp.paladyn.org/2024/11/14/the-proof-of-identity-problem/ about this, and I believe it is a hard, but important problem.

Who owns 'your' contacts

I am seeing TV advertising for WhatsApp, emphasising how private the message data is, which is probably true, but misleading, as the issue is that people have to share their contact metadata.

https://wordpress.debian.social/jlines/2025/07/04/who-owns-your-contacts/ suggests #XMPP, possibly @snikket_im

@xmpp

If your business model doesn’t work without breaking the law, you’re not in busiess — you’re in organized crime.

https://www.vanityfair.com/news/story/meta-ai-lawsuit

@johncarlosbaez @mansr Time for a new list of highly cited researchers caught engaging in bad practice - or would that just encourage them ?

@mikebroberts For me the issue is that Slack/Discord and the like act, in ecological terms, like an invasive species, such as Ground Elder "It can pose an ecological threat owing to its invasive nature, with potential to crowd out native species." Once they have a foothold they are hard to dislodge.

The greatest trick the devil ever pulled ... was convincing internet communities to switch from email lists / IRC / another open standard to Slack / Discord. The latest example of a “it's only free while we say it's free" is CNCF’s / Kubernetes's Slack - https://github.com/kubernetes/community/blob/master/communication/slack-migration-faq.md - who it appears have *4 days* to backup their history (for a server with 100,000s of users)

Neither Slack nor Discord are reasonable, serious, professional, options for open community discussion. They are either too expensive, and/or involve inappropriate advertising. And who knows when Discord will start pulling this kind of behaviour, too, requiring large communities to pay?

The problem is today when anyone says "can't we just use an email list?" they are pooh-pooh'ed as being horribly out of touch. Hence why even the linked FAQ describes Discord as the only likely exit plan for Kubernetes. What a mess.

@bkuhn I spent far more time than I should have done reading Groklaw - It was fascinating to be able to follow a complex case in such detail.

@OpenTech_AUC I suggest investigating #XMPP, but in particular snikket as the Instant Messenger/chat equivalent to WhatsApp. It is fully open source, and built out of standard components. You can run up your own server quickly and federate with all the other XMPP servers. Note that WhatsApp is basically an XMPP server (eJabberd) which does not federate. For a University College running your own XMPP server(s) lets you undertsand IM by doing

How to tell that you're valued as a customer in 2025: if you need to wait 45 minutes to be connected to a representative, you know they're not using an LLM

Really, @EUCommission? It's great that you are here on Mastodon, but why not show it proudly instead of linking out only to those Big-Tech-Silos?

@_elena, me and other people at thought, you should change that please.

Will you?

Screenshot from European commission website showing share buttons to Facebook, Instagram, X, LinkedIn and a Link button.

@amy certainly agree on your points, and also concerned at the way that SMTP is becoming/has become defederated in practice. I believe an effort to educate the law makers would be more productive than asking Meta to be nice. I wish the tech giants who do not have a stake in the Instant Messaging and Social Media spaces would see that there can be value to them in promoting the open standards. Ideally the foundations would have financial support from more than 1 company.

@fencepost @GossiTheDog It is a very poor UI decision to hide information from a user for the sake of convenience which would allow them to make security decisions. This is not restricted to Instant Messengers.

@fencepost @GossiTheDog I think the inherent 'flatness' of Signal, and other non-federated IM systems is a weakness in that it fails to make use of the information you get for free from the tree structured nature of the DNS. If the other members of the group had all been on the republican.org, or whitehouse.gov server (or a mixture), then the presence of a jeffrey.goldberg@theatlantic.com would/should have been glaring obvious.

@Viss so if your internet is down you wont be able to, for example "Alexa turn the light on", turn the heating up or down etc.

@ireneista @contrapunctus @grimalkina @Lunaphied Clicking on the ellipsis at the bottom right of Daniel's post and selecting 'Expand this post' show other replies, but the one from @winfriedtilanus is the most useful.

@adamhotep @snopes rather than using Signal, I suggest self hosting an #XMPP server with accounts for key people. Create a group for sharing MFA keys and keep this sensitive information under your control. If your xmpp server was, say chat.snopes.com, then you can leverage DNS security to have confidential discussions with external people too. See [It is good to be a tree}(https://wordpress.debian.social/jlines/2021/01/12/it-is-good-to-be-a-tree/)

@ireneista @contrapunctus @grimalkina @Lunaphied There is an interesting thread here on Federated Metadata privacy

»