Why can’t we have federated identity to login into fediverse instead of creating login for each instance?

  • Seperis@lemmy.worldEnglish
    21·
    2 years ago

    So after twenty-something years on social media, along with mailing lists, messageboards, usenet, this is a topic I think about literally every time I have to add, change, migrate, delete my account as I migrated from platform to platform like some virtual vagabond between text-driven city-states. A virtual vagabond with no worldly goods, no name, no history, and completely invisible to all. To exist, I must apply to the City Leader, and if accepted, I get a name, a nice studio apartment, and visibility as well as contact with other humans after watching a short commercial every five or so humans. If I leave, am thrown out, or the city is burned down, I can’t take anything the city gave me with me. By ‘gave’, I mean ‘loaned’ btw; none of those things were actually mine.

    All the discussion of whether or not to federate with Threads were interesting in that in general, it’s kind of pointless. A server instance isn’t a democracy; the owner’s opinion is the only one that matters. If you don’t like it, leave. And I don’t argue their right to do so; they’re paying the bills, doing the upgrades, eating grapes with robot butlers, I don’t know their lives. Federated means anyone can run their own not-twitter or not-reddit; go for it. All you need is money, free time, and the knowledge of how to register a domain name, get, run, secure, and maintain servers, and install and configure the program, lure people in, and avoid breaking any national or international laws. Like I said: I really seriously do not argue the owner’s right to decide anything for their server. i know how to do all those things and I ran several websites and archives: I wanted a nap before installation step.

    Fediverse is a massive step in loosening the stranglehold megacorporations had on our ability to shitpost in peace and talk about our cats without feeling stalked by people wanting to sell us shit or sell our browsing habits, blood pressure, and underwear size to those who will the try to sell us deeply individualized shit; it’s the circle of life, man.

    Wow this got long but feelings.

    So at this point–two decades and change of social media, the rise and fall of social empires, so much virtual vagabonding across the virtual desert to find a new city-state…I don’t think it’s too early to consider getting around to a productive discussion of how we go about separating the individual identity from the community and define what is theirs to keep no matter where they are. If there was ever a place and time to start building a model, it’s where all the city states are allies and the individuals can interact with each other no matter what city they’re in. The account transferability in Mastodon is a really good start, but it’s not a solution, much less the solution. It’s a beginning.

    I don’t expect to have a working, finished, flawless product in six to eight weeks or six to eight months; I expect it to slide in three weeks and two days after the announcement that it’s ready for alpha testing and immediately break the first time a tester opens it; it’ll be another month before it goes into testing again. I expect it will be a weird buggy mess of wtf after months of virtual warfare and everyone will hate it before the rough draft of the design documents are even released. I expect there will be one weird guy who really thinks everything should be written in Rust because he’s insane and never sleeps. Five to eight devs will dramatically quit; one will quietly move to Utah and farm emus. None of them will be the Rust guy; you’re stuck with him. I expect the working version after testing is done will be hated by everyone and probably kind of crappy. But it will also be amazing, because as of it’s release–no matter how shitty, buggy, or how many inexplicable design choices are made–the individual exists outside of being community property and that no matter where we go or how much we pissed off that admin or if our city-state was nuked from orbit, there are things that are ours and we get to keep them.

    • HRDS_654@lemmy.worldEnglish
      2·
      2 years ago

      As much as I disagree with him, like a LOT, I do think Nilay from the Verge has a point. It does feel like the “new” internet we have become used to over the years is starting to shift. It feels like people are becoming more and more fed up with social media and want to go back to just hanging out with virtual strangers online. Like, arguing on Twitter with people is all well and good, but it’s also miserable and stressful and it’s been getting worse. Not to mention Elon has no idea what he’s doing. Mark is pivoting away from Boomerbook and Instagram because one isn’t growing and the other is an amalgamation of every other feed based social network, and Reddit is burning down. At this point it was only a matter of time before Corporations set their sight on the Fediverse. Nothing else is working.

      The problem with that is that big corporations have no idea why the Fediverse exists and think selling personal data and being free is enough to attract people. Hell, I didn’t even know what the Fediverse was until Reddit immolated itself so I don’t expect your average person to be aware of the inner workings either. That being said it doesn’t take long to realize that the Fediverse is something altogether different once you are a part of it.

      There isn’t an algorithm pushing negativity to the top, and each instance is like a person inviting you into their house to stay if you want; as long as you don’t mess up the furniture you are good. At the end of the day you have been allowed in so you should be on your best behavior and follow the rules. You can argue all you want but you are not in control, and if you want control open your own house. Simple as. You can also stroll through the neighborhood if you want as long as a wall hasn’t been built around other houses.

      • Seperis@lemmy.worldEnglish
        1·
        2 years ago

        Okay, I apologize for missing something; I don’t disagree with any of that. Did I give the impression I did?

          • Seperis@lemmy.worldEnglish
            1·
            2 years ago

            Oh thank God. Normally I know how to read (since kindergarten) but in the time between posting and your reply, I hit a very unwilling thirty-six hours awake so I low-grade panicked that actually, it only read normal to me and I was lecturing people on becoming a vegan fascists or something.

            I am still thinking on the article but it’s going to need a couple of times to put it in context. I’m still trying not to form really firm opinions on much yet on Fediverse since I seriously do not know enough and yes, even I find it hilarious when I have to backtrack from a really stupid position, but I can save public embarrassment for later. Lemmy’s still young, I have plenty of time for that.

  • BJHanssen@lemmy.worldEnglish
    20·
    2 years ago

    The technical challenges are vast, is the long and short of it. But it’s high time there’s a good discussion over how it should (or might) work, at least the kinds of properties such a system should have.

    • Self hosting of federated credentials should be possible, but not required
    • ‘Backwards tracking’ of federated credentials should only be possible with limited requests (e.g. ‘verify author of post’) and approval of the credential owner
    • All data on the credentials instance should be properly encrypted
    • All data on credentials instance should be fully and easily portable to other instances via common protocols

    There are several issues involved here, beyond just ‘mere’ technology, that need addressing. Personally I think a good start might be to engage with public libraries here. They already keep simple identity records (library cards) and have public service purpose well-aligned with the concepts of the federation and public distribution of information and knowledge.

    • mockingben@sh.itjust.worksEnglish
      3·
      2 years ago

      From my understanding, a current goal is to make any account transferable, in case the instance the account is attached to decides to shut down/defederate?

      If implemented, we can hope that won’t be tied to an instance shutdown.

    • dingus@lemmy.worldEnglish
      3·
      2 years ago

      This is why I’m not really on board with the people that advocate for others to seek out and join small instances unless they are older, well established, and active.

    • nLuLukna @sh.itjust.worksEnglish
      3·
      2 years ago

      This was thrown around a couple of weeks before the Reddit migration really kicked off, it appears to be excessively difficult to code. And it also doesn’t really fit with the system that Lemmy runs. It’s a great idea, but Ive been lead to believe that it is too difficult to create Although people do feel that account transfer would be a nice feature

    • DingDongBell@lemmy.worldEnglish
      2·
      2 years ago

      well if we can move to another instance and migrate our saved posts, post and comments history, subscribed community easily this might drive adoption because people are used to centralized platform

  • ScaNtuRd@lemmy.worldEnglish
    142·
    2 years ago

    Because then there would need to be a centralized entity to host all user accounts, and we don’t want centralization 'round here

      • ttmrichter@lemmy.worldEnglish
        2·
        2 years ago

        Once someone had a technical problem. “I know,” they said. “I’ll put it on the blockchain.” Now they have a million technical problems.

    • thekinghaslost@lemmy.worldEnglish
      4·
      2 years ago

      For identity verification, you can just do a simple key signing, just like how Nostr does it.

      Each user will generate a public-private key pair on their own device and has all their posts (and edit/delete requests) signed using their key.

      If someone wants to delete or edit their post, the site can just verify that the request is signed with the same key.

      There’s still issue of who’s going to store the user’s follows, etc. but I think we can find a way to workaround it.

  • tobier@lemmy.worldEnglish
    6·
    2 years ago

    The whole point is to be decentralized. You can still interact with communities on other instances, so what’s the point?

  • DreadTowel@lemmy.worldEnglish
    4·
    2 years ago

    It’d be great to support identity based on a key hash, so that it’s completely decoupled from any instances. Maybe some time in the future.

  • lunaticneko@lemmy.mlEnglish
    1·
    2 years ago

    I think you should more clearly define how it would work and what features you want. Then, all the technical problems will soon surface and you will see that it is not as appealing anymore.

    How do you log in? How do you reconcile people with the same name? Which instance are you representing? There are tons of difficult questions that make the idea impractical.

  • irkli@lemmy.worldEnglish
    11·
    2 years ago

    You don’t need either. It’s not about places, so much as it’s about people and conversations.

    Maybe you only have used corporate centralized giant sites? Believe me, that was the anomaly.

    You can’t and don’t visit every cafe, every club, every library, you mostly visit a few locals and seek out the rest.

    Same thing here. Also with this you get actual diversity. You can change instances and still see everything!

    You just have to learn how this new system works. It’s far far better.