H. Poteat @nsqe@octodon.social

oh my god mastodon is a way to be nice but in a chill way to strangers on the internet

this is all i've ever wanted in life time to MAKE SOME MOTHERFUCKERS FEEL GOOD

I CAME HERE TO BE NICE TO PEOPLE AND CHEW BUBBLE GUM AND I'M ALL OUT OF PEPPERMINT BUT NO WORRIES I TOTALLY HAVE OTHER FLAVORS SO HERE HAVE SOME GUM!

"Soon after Donald Trump’s inauguration, persons critical of the president and his administration began creating anonymous Twitter accounts claiming to be dissident members of the federal government, such as the famous “Alt BLM” and “Rogue POTUS Staff” users. Today, Twitter is filing suit against the U.S. government, exposing an attempt to expose and attack one such account."

https://theintercept.com/2017/04/06/the-u-s-government-is-trying-to-unmask-an-anonymous-anti-trump-twitter-account/

technical note about this tech as I see some confusion/misconceptions:

Admins of your instance have complete control over your account. Really, we can read all the posts (including DMs) and we can even impersonate/hack your account with ease.

Make sure you trust your admins.

Here on toot.cat we have a CoC that applies to both admins and non admins. Admins are expected to abide by the CoC and not oppress users as well.

The number of people here who have no idea what is going on is a bit disappointing.

So, some things:

There is no verification. You can put ✅ in your name if you feel like it, it means absolutely nothing.

There are no cross-server rules, that would require a centralised authority which goes completely against the point of what federation does.

About risk profile:

- Mastodon is like email because you can't delete federated toots
- Mastodon is like twitter in that Google's search bots index it, unless your admins robot.txt it away
- Mastodon is like being a teenager because the people that own your instance can see all your private stuff

Have a talk with your admin about their policies.

By default, assume everyone will be able to read your toots forever.

The real value add of Mastodon is giving everyone an excuse to finally put something on all the weird domains they've been squatting

Ultimately Mastodon's killer feature is that it's a public good that someone built because they thought it needed to exist and not a startup someone built because they wanted to get rich quick selling other people's data.

It's about time someone developed an accurate way to test someone's true gender. The COGIATI was a bad try, but this is exactly what the community needed.

Try it, the answer may surprise you!

https://mkremins.github.io/genderquiz/

Disclosing "cellphone contacts and social-media passwords" goes beyond having "nothing to hide". It jeopardises other people that trust you.

I can tolerate the TSA pat-downs, but you can't ask me to make decisions with the rights of others.

https://www.wsj.com/articles/trump-administration-considers-far-reaching-steps-for-extreme-vetting-1491303602

No.

Just no.
https://mastodon.social/media/eK_YMuIKMVk5be0yy_Y

Ok guys, very funny.

Mastodon's federation introduces UX challenges.

One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.

Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).

Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?

@nsqe DOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOM!

E2E is only as trustworthy as the endpoints:

Undercover NYPD infiltrated small groups of Black Lives Matter activists and gained access to their text messages, according to newly released documents obtained by the Guardian. ...

...Undercover officers were able to pose as protesters even within small groups, giving them extensive access to details about protesters’ whereabouts and plans.

https://www.theguardian.com/us-news/2017/apr/04/nypd-police-black-lives-matter-surveillance-undercover

End-to-end encrypted Direct Messages would be a terrific feature for Mastodon. Twitter won't do it so it's a nice reason to give to people to migrate.