56
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 21 Jul 2024
56 points (100.0% liked)
technology
23239 readers
256 users here now
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
- Ways to run Microsoft/Adobe and more on Linux
- The Ultimate FOSS Guide For Android
- Great libre software on Windows
- Hey you, the lib still using Chrome. Read this post!
Rules:
- 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
- 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
- 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
- 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
- 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
- 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
- 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.
founded 4 years ago
MODERATORS
How do you ensure the public key being used is the correct one? Server could get hacked or could get replaced when server requesting from the activity pub federated server. Worse than unencrypted (with everyone knowing this) is unreliable encrypted with everyone thinking it’s working as expected.
I think using activity pub as a public key exchange would be good, but it can’t be half assed.
Yeah what would ultimately be the benefit, because there's no way this is going to be so secure and foolproof that it could be recommended for things that should actually be encrypted. Doesn't seem like it's worth the effort to add something like that to a social media website unless there's some existing system they can implement. It makes a lot more sense for messaging clients like Signal.
good point and i'm pretty sure that was the reason why it wasn't initially included in ActivityPub or virtually any other fedi service. it would be convenient to have secure messaging as a future and it would be interesting to emulate E2EE email services especially as ActivityPub already works similar to SMTP (email protocol)