undefined | Better HN

0 pointsmcv2y ago0 comments

Controlling who can see your content is actually a very reasonable feature; some things are not meant for everybody, but just for the people who actually know you. But it's not a use case that ActivityPub was designed for. Google+ had a really nice feature where you could easily control who can see your post. Diapora has something similar, but considering it's federated, I'm not sure if you can really guarantee it.

I think the only way to guarantee this control in a federated system, is to encrypt everything that's not completely public. If everybody has a public key, you can use that to encrypt the secret key. It's a hassle, but I think this would work.

0 comments

5 comments · 2 top-level

XorNot2y ago· 2 in thread

This still doesn't make sense though: the reality is that your content will be private right up till someone reposts it publicly. Or saves the image, recompresses, posts it to reddit, reddit posts it to ActivityPub etc. etc.

mcvOP2y ago

Of course. On Google+, you got a warning if you reshared something that wasn't shared publicly, but it was possible. It's also a matter of trusting the people you share it with.

In the end, every private, highly encrypted message can always be made public by the recipient. That doesn't mean encryption is worthless for privacy.

XorNot2y ago

Right but even then the basis of protection was still being gated in punishment metted out by a higher power. That literally doesn't exist in a decentralized model - not only can anyone setup a new instance, instances which are blacklisted can also simply rebrand.

Beyond the tightest group of confidants who you can actually trust, your content can and will leak if you put it online - and the probability of this goes up as the legal entities involved become smaller and have less and less to lose.

joe_the_user2y ago· 1 in thread

The funniest thing about people wanting this kind of transitive control is that the only technical way to achieve this is through a wall-garden model like ... Facebook. Indeed, Meta/FB is eager to train people to want this model 'cause they know you at least one referee controlling everything if you have this transitive model.

Diapora has something similar, but considering it's federated, I'm not sure if you can really guarantee it.

Exactly, this level of access requires a hegemon. Who will be the hegemon?

mcvOP2y ago

Not necessarily. You can do it through encryption. But that creates overhead.

j / k navigate · click thread line to collapse