J.M. Porup ✅ @toholdaquill@octodon.social

MastodonCipher, an authenticated cipher whose code fits in a 500-char message, soon on your timelines (or however they call it here, tootlines?)

@donb "trusted computing" as far as I can tell is a euphemism for "owners of the device are untrusted and should not be able to access all data flowing through the device, so we need to build devices that the copyright industry can trust to be controlled by them and not their owners".

For some reason Mastodon's early internet community vibe keeps bringing this Conrad quote to my mind:

"Going up that river was like travelling back to the earliest beginnings of the world, when vegetation rioted on the earth and the big trees were kings."

This is like the BBS days of the 80s and early 90s, and it is great. This is basically FidoNet in real time: anyone can set up an instance to run as they please, with local rules and customs and community... and they can connect to the global network as an added service.

As more instances happen, local flavor and customization and artistry will become a Big Thing. This is going to be history we'll want to preserve.

mom: hey son I joined this new Mastodon thing
me: oh shit mom, I coulda helped you find a server, which one did you choose?
mom: well I liked the privacy policy on satanic.bikerladi.es but then communist.blaze.party had the shortest ping latency so

In summary:
- information on the server (including the DMs you send) are unencrypted.

- the person who runs your mastodon instance has access to the server and CAN access this unencrypted info. They may do this intentionally or by accident during maintenance.

- this is common across ALL messaging services, but since Mastodon servers can be small, it's easier to do than it would be on other services.

Be aware and toot safely, thanks for everyone who contributed! :sunglasses:

I made a diagram to help you understand how the different timelines/columns work:

https://techn.ical.ist/assets/help.svg https://techn.ical.ist/media/zhoMEHOzhT2r6zlz034

Here's a thing that makes Mastodon instances work less well than they could...
when you visit an instance, all the front pages look the same.
"About this instance" is a TINY little link under the sign-up form. This is crazy.
Instances should LEAD with a community description, not bury it.
That's like a newsgroup leading with the OS it used to run the newsgroup rather than saying: "This is a Kenny G community"

How tired is the green checkmark joke already?

@toholdaquill These are just emojis people add to their username.

@toholdaquill

One steals it from another user.

@toholdaquill It's an emoji >✅<

Ultimately Mastodon's killer feature is that it's a public good that someone built because they thought it needed to exist and not a startup someone built because they wanted to get rich quick selling other people's data.

Mastodon's federation introduces UX challenges.

One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.

Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).

Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?

It's actually really awesome that Mastodon attracted a shitload of users who largely aren't aware that the underlying GNUSocial platform is old.

You know why?

Because it means we can do this over and over.

Every time someone releases a new implementation with different-looking chrome on top, it can go through its own marketing and media cycle and garner new users. *And the network effect will be cumulative.*