[founderling]

This seems backward.

They want ActivityPub servers to apply to a central service (keybase) to offer cross server identities.

And they want users to trust that central service to decide who is who.

It's always amazing, how strong the force of centralization is.

Even when the whole value proposition of a technology is that it is decentralized, users will soon flock to centralized services built around it and end up in the mercy of a few organizations again.

Reminds me of all the people who think they hold crypto currency while in reality they "hold" yeah-we-promise-we-owe-you-somethings by some exchange.

Reminds me of how little resistance the Ethereum elite faced when they flushed "code is law" down the toilet and forced all users to switch to a fork with rewritten history.

What makes this attempt of centralization even more tragic is that it does not bring anything to the table. If you want to run a service that let's people claim they are joedoe@host1 and joe_the_doe@host2, just let them publish two messages. "I am joedoe@host1" on joe_the_doe@host2 and "I am joe_the_doe@host2" on joedoe@host1. Neither the integration with the hosts nor the crypto spiel is needed.

[rakoo]

There will never be a truly unique, open identification service, and that's what keybase is trying to do. Not necessarily by saying "this is who I am on keybase and will be my unique identity" but by saying "I am someone, known as X on github and Y on mastodon". The advantage of keybase is that

- Any identity on any service can (now) be linked

- There is only one protocol to do it and it is all done on the client side

Why would Mastodon (or, really, ActivityPub) be The One service when there are other, working services worth using ?

[founderling]

    Any identity on any service can (now) be linked

No need to integrate Keybase or any service for this. You just can use any place on the web as a hub and post "I am news.ycombinator.com/user?id=rakoo, I am reddit.com/user/rakoo" there. And from the others you link back to the hub. Say github is your hub then you post "I am github.com/rakoo" on HN and Reddit. This would be user readable and machine readable. And any 3rd party service like Keybase could read it. No need for the social media sites to apply at Keybase and integrate it.

[rakoo]

You _can_ do it but you would be the only one doing it, and as such it would provide little value because no one wants to do this manual dance and if you're such a minority then there will be no automated way to do it.

Keybase provides an (open!) protocol, along with (open source!) tools to do what you describe and then some (a lot of crypto stuff is needed, for instance). You can probably fork the keybase client and have your own hub at notkeybase.founderling.io if you want, so you can implement your very own idea if you so desire, and that would even be an interesting addition to the open web.

Also, you might have missed it but identity providers do not need to "apply" for keybase integration anymore: _any_ service can provide identity and link up with keybase without asking first (https://keybase.io/docs/proof_integration_guide). It doesn't even have to be a web service, so if they want any email provider can do it (although the whole linking thinking would be through http)

[coldacid]

Technically you don't need to ask first, but you still need to tell Keybase directly that you support their proof integration protocol in order to be supported from their side of the connection. Not so much a "please let me in" but rather "I'm ready to rock".

[rakoo]

Linking has to go both ways, it makes sense for the hub to vouch for it. Otherwise you have the same situation as the CAs without CTs: ie A can vouch for me, but I can't really vouch for this vouching, so another malicious B can vouch for a fake me.

[BinaryIdiot]

> It's always amazing, how strong the force of centralization is.

This is because Mastodon is a UX nightmare because of the way they decentralized it. With Twitter you go on and you @ your friends / etc and you're done. With Mastodon you have to figure out where they are and if they're not all in the same place it becomes a nightmare to try and manage.

I get it, decentralization can be great. But so far most of the implementations of decentralized social networks have been a UX nightmare for even the casual user.

[Leace]

> With Twitter you go on and you @ your friends / etc and you're done. With Mastodon you have to figure out where they are and if they're not all in the same place it becomes a nightmare to try and manage.

Nope, that's actually not the problem with Mastodon UX. On Twitter you still have to ask if your friend is @Johnny or @John1256 or @JDoe or depend on visual cues (avatar).

The problem with Mastodon UX (and Fediverse in general) is the friction of "remote follow" buttons instead of one-click Follow (the same goes for reply/like etc.)

[coldacid]

I find that remote follow is only an issue this way if you've gone directly to the other party's profile rather than following them from your own instance, or when your instance is being banned for some reason by the other party's instance. It could be smoother, but this is what we get for having to defend against XSS.

The bigger problem with Mastodon is the explicit support for censorship via defederating instances you don't like.

[Leace]

> rather than following them from your own instance

This all requires people to explicitly copy user/page URL to clipboard and paste it on their instance. "Follow me" buttons or twitter.com/share-link URLs are just not possible on Mastodon. Copying and pasting stuff doesn't look like good UX to me.

[willvarfar]

People managed to share email addresses, which are name@domain.

[lifthrasiir]

And the domain is predictable. There were (and still are) a two-part email form around the web, where the domain part is a drop-down list.

[dewey]

That would not be much different from a drop down of Mastodon instances then?

For both it's a bad way of doing it because people with their own domain can't use it for email and the Mastodon one would be too long to select something.

[lifthrasiir]

I meant that the comparison to the email is not adaquate because the number of common email domains had been steadily decreasing (and I hate it).

[mintplant]

> And they want users to trust that central service to decide who is who.

Actually, no, the whole point of Keybase is that you don't have to trust the central server, and can verify all the proofs yourself. The CLI does this automatically.

[founderling]

1: They claim the integration is needed because people are too dumb to copy&paste a string.

2: The whole user interface is set up so users believe in what they see in the web interfaces.

And you want to tell me with a straight face that users will do their own crypto foo instead and validate hashes?

Even if the users used that CLI, that does not help. As we saw with Ethereum. They simply pushed out new code that rewrote history.

[robryk]

> And you want to tell me with a straight face that users will do their own crypto foo instead and validate hashes?

Your Keybase client (for whichever platform) will perform the verification for users you follow. There is no need for any manual action and the verification has to happen when you follow someone (by following someone you're attesting that your client performed the verification).

[codewiz]

> As we saw with Ethereum. They simply pushed out new code that rewrote history.

Do some basic research. History was never rewritten and new code was never pushed on users. Users voted in favor of the DAO fork, then users voluntarily downloaded newer versions of their wallets in which the respective developers had implemented the agreed upon new rules that moved the stolen money to a recovery account.

[fiatjaf]

There's no trust in Keybase, my friend. Everything is signed by users themselves and you can verify that. Keybase is only providing the infrastructure.

[Nursie]

It's always amazing to me to hear assumptions that decentralisation is a feature in and of itself.

For most people it's an entirely secondary concern, not a concern at all or even an anti-feature.

Who do I appeal to, to take down that cyber-bullying material? How do I get my transaction reversed, as the victim of fraud? What do you mean I can't and the system was deliberately designed that way?

[speedplane]

> It's always amazing to me to hear assumptions that decentralisation is a feature.

Decentralization is not a feature for the end-user, it's a feature to developers. It's probably impossible for a new social network to take on Twitter, Facebook, etc. directly. However, a decentralized social network allows startups to move far quickly and implement other features that the big social networks are lacking.

I suspect that whatever social network eventually pushes out the dominant players today, will use tools like these.

One good precedent for this is AOL. AOL was safer and more user-friendly than the world-wide-web, but the web's decentralized nature allowed competitors to spring up much more quickly. I suspect something similar will eventually happen to today's social networks.

[lokedhs]

> Decentralization is not a feature for the end-user, it's a feature to developers.

On one hand you are right, it's a huge benefit to developers as they are able to create new services that leverage the strength of the existing network. Such as Peertube getting subscription and commenting features from other servers for free, and it “just works”. Imagine a youtube competitor wanting to leverage Twitter in the same way. Highly unlikely that it would be allowed, and even if it did, the integration would be Twitter-specific.

On the other hand, (at least some) end-users see decentralisation as a huge benefit, and at least in my case it gives me confidence that the whim of a single company can't ruin the experience for me, or even take away the platform altogether.

Most people may not consider this, but some people definitely do. And hopefully that number will increase over time.

[Nursie]

Whilst I appreciate your views, for many/most the idea that no party can affect or take down the content is a negative.

"Nobody can censor us!"

is absolutely, unfortunately equivalent to -

"Nobody can take down race hatred, online harassment, child abuse images or other evil shit"

And we've adequate evidence now to show that humans will use such platforms to post exactly that sort of stuff. For instance one of the bitcoin forks that allows larger data payloads had child abuse images uploaded to it, in an immutable, permanent way. Many/most people are not OK with that.

I'm not yet seeing a way to balance these concerns.

[speedplane]

> Whilst I appreciate your views, for many/most the idea that no party can affect or take down the content is a negative.

Just b/c something is decentralized doesn't mean you can't take it down or hide it.

[feanaro]

Exactly. Even a centralized filtering mechanism can be curated by the community. The important point is that each server gets to decide whether to use it. If a user considers their server is not doing a good enough job with this, they simply move to another server.

[Mirioron]

In the grand scheme of things censorship is the more dangerous thing though. People often don't care about censorship until it affects them, but once it does, they care a lot. There's a reason why the first amendment protects speech. It's the building block for an improving society.

[Nursie]

As far as I'm aware, the first amendment doesn't protect the distribution of child abuse images, or allow harassment, etc.

So we already have lines on 'speech'.

I agree, censorship can be sinister, but I disagree that it's so sinister that we have to allow everything for fear of allowing nothing. Society already doesn't work that way.

[lokedhs]

I'm mostly ambivalent to the censorship debate. What I mean by that is that I can see valid points on both sides.

Most Mastodon instances have pretty strict policies with regards to the speech that is allowed on them. Many instances block federation with other instances whose policies they don't agree with.

Other instances allow pretty much everything (they are usually called “free speech zones”). The result is what you would expect, and they end up being mostly blocked.

I'd argue that it works reasonably well for now (but it may of course change if the Fediverse grows further). Everybody is allowed to say what they want on the Fediverse, but others are not forced to listen to it.

[feanaro]

> Whilst I appreciate your views, for many/most the idea that no party can affect or take down the content is a negative.

Citation needed, please. This really sounds like your personal opinion presented as a general statement.

[Nursie]

Look at the news. Look at the outcry over teen suicides and how facebook/twitter didn't do enough to protect them. Look at the laws around child abuse imagery and how much popular support they get.

It's not just my opinion.