I mean idealy ur account is simply an id and a public key. Therefore ur private key is all ur account is u fully control it unhackable verifyable etc etc
Idk if its in the works but really want transportable profiles,
Yeah. That’s gonna be necessary for people to deal with instances that maybe go down.
I’d like that to be based on a pub/privkey pair, with the privkey not being uploaded. Like, I can sign a message in the profile on each account saying “I am both blah@instance1.com and blah@instance2.com; blah@instance2.com isn’t some imposter”.
You can do that manually in your profile and have humans verify it, I guess, but it’s something that software could handle automatically.
Other benefits:
If someone breaks into an instance and compromises the password database and attacks it offline, as things stand, you have no way to prove that you are who you say you are. If you have the private key, you can come back and re-establish trusted identity, since it’s tied to a pubkey.
It doesn’t even need to deal with permanent moves. If an instance is just down temporarily – which does happen – it’d be nice to just seamlessly browse on another instance. I dunno if there’s a great way to do that from a browser, absent plugins, but for native clients, the client could dump the subscription list, etc and sync them. Help reliability of the service in general.
Idk if its in the works but really want transportable profiles, and the ability to add a licence to content i post like pixelfed and peertube.
Would also be nice to have tags hopefully they federate with mastodon.
Idk if they are gonna add any of this just would like to see it in the future.
Or even have a way to automatically keep your profile saved localyl or backed up to your own cloud service.
I think that you could do the profile export/import in native clients, without any server-side changes, but it’d be nicer to have server-side support.
I mean idealy ur account is simply an id and a public key. Therefore ur private key is all ur account is u fully control it unhackable verifyable etc etc
Yeah. That’s gonna be necessary for people to deal with instances that maybe go down.
I’d like that to be based on a pub/privkey pair, with the privkey not being uploaded. Like, I can sign a message in the profile on each account saying “I am both blah@instance1.com and blah@instance2.com; blah@instance2.com isn’t some imposter”.
You can do that manually in your profile and have humans verify it, I guess, but it’s something that software could handle automatically.
Other benefits:
If someone breaks into an instance and compromises the password database and attacks it offline, as things stand, you have no way to prove that you are who you say you are. If you have the private key, you can come back and re-establish trusted identity, since it’s tied to a pubkey.
It doesn’t even need to deal with permanent moves. If an instance is just down temporarily – which does happen – it’d be nice to just seamlessly browse on another instance. I dunno if there’s a great way to do that from a browser, absent plugins, but for native clients, the client could dump the subscription list, etc and sync them. Help reliability of the service in general.
I love how u independantly came to my ideal implementation. It solve so many problems and helps make security tight af.
That isn’t in the works. @nutomic@lemmy.ml decided to close the issue on GitHub without waiting for community input.
It’s already largely resolved through the feature to export/import user profile.