Asklemmy

43148 readers

1647 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
[email protected]: a community for finding communities

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago

MODERATORS

[email protected]

183

What are some downsides of software being federated? (lemm.ee)

submitted 1 year ago by [email protected] to c/[email protected]

156 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 year ago (1 children)

The thing is that for some features to have any benefit you actually need everyone on board. Security is just that.

If you have to basically have a fallback-backdoor built right into your system to deal with those who don't participate in the security system, an attacker just needs to force the fallback and nothing is secure anymore.

And sure, Gmail could just force encryption, but then (a) would everyone complain about one big actor abusing their market power, as happens a lot e.g. with Chrome and (b) the whole point of using email is that it's a service that's super stable and "just works". If I can't send an email to my dentist about an appointment, then it's worthless. So something like that could hurt Gmail's market share.

But all in all, my point was that open systems with lots of actors with the power to decide stuff makes implementing important changes more difficult, because you have to convince much more people to follow suit.

[–] [email protected] 1 points 1 year ago

Yeah. I get it. You're right. If there is only one actor, they can make decisions more easily. If there are multiple actors involved like with federated stuff, you add additional overlay by having to agree and have methods like voting, consensus etc.

My point is: It is possible. I don't disagree that takes extra work. But we live in a democraty, not a monarchy. We have technical solutions. You keep saying we need consensus between every instance of a federated software and 100% solutions. But that simply isn't true. We don't need consensus. We don't need everyone to agree. You could just expel everyone from the network that hasn't updated their server for 3 years from the network. You won't even notice the <1% users that go missing. You could implement text, audio, video, group chat mandatory encryption and minimize metadata. Make it performant and extensible and a backwards-compatible protocol. You might only be 95% of the way. But isn't that better than anything currently available? It'll probably stay that way for some time if you did it right. Just forget the last 5% to make it a theoretically perfect solution.

With the encryption: As with everything security related, it depends on your specific thread model. My example would help against everyone casually reading everyone else's mail. It won't help against a targeted attack IF you could force the fallback triggering and there wasn't such a thing like certificate pinning. But it's a thousand percent better than not doing anything at all because it could be curcumvented in an edge case. But I don't want to argue in email's favor. email is old. the only reasonable option is to start over. and force reasonable encryption this time.

Regarding the network effect: Nothing new is going to happen in the world if we don't fight it. Many people are conservative. We buy the stuff we're familiar with instead of something better. We want the things everyone has despite there being better alternatives. Americans keep using the vastly inferior imperial system. We sometimes need to get done with tasks and use that thing that is compatible with people we want to interact with. Like the messenger, the social media platform everyone uses. Microsofts office software to interact with clients... I understand. But again, there are ways around this. You could establish something nice and better in your small community and stop caring for the rest of the world. You could use something like a bridge that connects old and new technology. You can be a country and make laws that force something into existence. You can be a big corporation and just foist the the new thing on your users. Like the Instagram accounts that kickstart Threads. I don't say it's necessarily easy to do. But possible.