Just wanted to say that i moved from twitter to mastodon sometime late last year amd couldn't be happier with it. Keybase integration is interesting to me, but not realky useful since i don't want to tie mastodon with my real life identity.
the Fediverse as a whole has a very different 'feel' to it compared to Twitter. Twitter feels significantly more commercialized amd stressful...mastodon / pleroma feel a lot more relaxed and pleasant in comparison.
Maybe i just accidentally joined nicer communities, but i see a lot of small-scale chitchat and genuineness on mastodon than i rarely see on twitter.
I've also had zero issues with the platform from a technical perspective...overall i think Mastodon, etc have done decentralization "right", and have a lot of potential for growth in the future
There are lots of interesting people on Mastodon, I would recommend searching by hashtag and joining an instance that matches your interests (eg: sdf.org, sergal.org (furries), cybre.space, etc).
Many instances block Mastodon.social and other massive instances, and different instances will have different views of the network (based on who the users of the instance follow and how long toots are retained).
> Anyway trying to convert people from twitter to mastodon is sorta hard.
That's because going from Twitter to Mastodon is a downgrade in pretty much every concrete way and only an upgrade in less concrete more esoteric terms.
From most people the main benefits I've seen cited are censorship resistance (how many people encounter significant censorship on twitter today?) and decentralization (which only really matters philosophically, to the user on the site the decentralization gets hidden).
On the downsides though there's plenty right on the surface for users: limited users (like all social networks if the people you want to interact with aren't there it's useless), mediocre default layout (the 3 column default doesn't make good use of space and give equal importance to everything cramping the main thing you want to see the toots) and discovery (the main way I've found people to follow on Mastodon? finding them on twitter where I already follow them and seeing they're on Mastodon too).
To a random user who doesn't really encounter censorship on twitter or care about decentralized/federated networks it's just a sub-par version of Twitter with a worse interface, a sparser social graph and longer handles.
I switched to Mastodon about a year or so ago. I fully agree with the grandparent post in that the atmosphere is very different compared to the major social media platforms.
As you allude to, discovery is harder since you don't have an algorithm pointing you in the direction of content you're likely to engage with (yes, engage with, and not necessarily enjoy) but once you have found the right people to follow, it's more rewarding because it's your community, not owned by a single corporate entity.
Although I didn't use G+ much in the later days, its closure showed my how irresponsible it is to rely on proprietary platforms. I'm committed to never be active on a proprietary, closed social media platform again.
That's a good point. Clearly I still use this platform, but I do see a difference between them.
I don't “post” on Hacker News. I do comment, but I don't think anyone who are interested in following whatever it is that I may have to say would come here to look up my posts.
Or, to put it in another way, if this place would introduce some social media features, such as the ability to follow people and post to followers, then it is highly unlikely that I would be interested in using those features.
I referred to both, actually. It's about whether I own my own presence on the network.
Of course, I'm not hosting my own server, so I am in some way in the hands of its administrator, just like I was in the hands of Google when I used G+. However, I can talk to him directly, which is a huge benefit. Also, if he decides to shut down the server, I can still join a different instance and reconnect with all the people I was following on the old server.
I'd love to self-host a Mastodon instance that two-way mirrors my Twitter account and acts as a Twitter client (letting me pseudo-follow folks from Twitter). But in any case, I'd want to ensure that no content from people I follow gets mirrored/hosted on my own instance; the only content actually hosted on my own instance should be the content I post.
There is a concept of a federated timeline, which does get synced to your local instance. If you follow someone on a remote instance, that instance feeds content into your instance so it can be loaded.
Yeah, I self-hosted my own instance of Pleroma for a while, but eventually switched to a more popular instance with people who have similar interests as me (art + religion (specifically, rediscovering religion after rage-quitting Christianity @social.theliturgists.com)
Okay, how do I sign up for Mastodon? I went to mastodon.com, and I got a page that the domain was for sale. Are they having funding problems?
Okay, I'm not that dumb, but some users are. And I really don't know how to get started. Not that I've ever been a big social media user, but I'm enough of a hipster to want to say I was on Mastodon before it was ruined.
I know you're joking, but if you found your way on to a site called "Hacker News" at a URL like https://news.ycombinator.com , it it really going to be so much more complicated to understand that https://mastodon.social is the website of the Mastodon social network?
I'm honestly fine with the mastodon devs not having to spend 1000s of dollars to get the mastodon.com domain. Evidently that domain is so expensive that even the popular heavy metal band "Mastodon" haven't bought that domain (they seem to be at https://www.mastodonrocks.com/ )
BTW, if you're having difficultly finding an instance that caters to your interests, https://joinmastodon.org has a signup flow that shows mastodon instances based on interests. That might help.
> I know you're joking, but if you found your way on to a site called "Hacker News" at a URL like https://news.ycombinator.com , it it really going to be so much more complicated to understand that https://mastodon.social is the website of the Mastodon social network?
Yes it is, because when people thing of $something, they assume the website is $something.com.
If Mastodon plans to appeal to the general public then it will need to be easier to find.
I'm personally not at all attached to the 'mastodon.social' domain (i'm self-hosting my own account on a different instance), but I am somewhat surprised at this perspective on TLDs.
Most users of the internet have been exposed to TLDs other than ".com". For example, wikipedia is at a .org TLD, US government sites are at .gov domains, university websites are at .edu domains. Most non-US users will frequently interact with their country's (and neighboring countries') ccTLDs, like .de, .uk, .in, ... I find it surprising to assume that users of social networks who have already understood abstract concepts like "like vs retweet" or "like vs share" would find it difficult to understand the difference between .com and .social.
Also in a sense, it is more accurate for Mastodon to be at a .social TLD instead of a .com since Mastodon is a Patreon-supported FOSS project, and isn't a commercial entity like twitter.com or facebook.com. But yeah, I know that .com doesn't really mean "commercial" anymore, and is more of a general-purpose TLD now.
Mastodon has a number of issues that could stifle broader adoption, but I can't convince myself that the TLD is really relevant here. Most users will just be linked to Mastodon from other sites, or find it from a web search. Once its in their web history, web browsers will just autocomplete the site name in the address bar. And isn't the domain squatting and exorbitant pricing on ".com" the main reasons why the new TLDs have been released anyway?
I would like to add a few things on top of the relatively technical reasons why this lack of .com doesn't matter.
I'd say most users won't type "mastodon.com" in their "browsers". They will type "mastodon" in their "internet" or, if technically savvy, into Google first.
Second, from following the fediverse (not just mastodon, but also pixelfed, peertube etc), i have a feeling that they aren't into mainstream, general audience anyway. A lot of them are small focused instances and as such, won't even be attracting new people via Google, but by invites anyway. Many instances have closed registration anyway. So if you need to land anywhere it's likely not on mastodon.social, but something like ...(checks last five accounts to post directly on top of timeline):
icosahedron.website, fostodon.org, mastodon.social, mastodon.technology (my instance) and hackers.town.
> Second, from following the fediverse (not just mastodon, but also pixelfed, peertube etc), i have a feeling that they aren't into mainstream, general audience anyway.
Ultimately this is kind of a problem, as we desperately need an general audience alternative to FB/Twitter that isn't about turning outrage into dollars. Right now I'm sure it's nice to hide from the Eternal September, but in the meantime Facebook is enabling ignorance, wasting everyone's lives on purpose, and proposing laws that only they can afford to comply with.
OP is about Keybase, which is trying to solve the problem of why the whole world isn't using GPG. I'm just pointing out that Mastodon has some public adoption issues still, despite the benefit that it can bring to the world.
twblalock wasn't arguing that TLD bias is rational, but that it's a real factor that somewhat hinders large-scale adoption. Sure, Grandma or Jane Preteen has seen ".org" or ".gov" a few times, and sure the ".social" is a logical fit, but will those facts materially influence their habit of defaulting to ".com"?
You make a good point about how many users will simply Google the name, which naturally opens the question about whether users will want to scroll past info on the band & prehistoric animal before finding the service.
First step is explaining that Mastodon is like e-mail, not like Facebook. People know that to get an e-mail address, you don't go to to e-mail.com - you sign up to any e-mail provider to get an address you can use to talk with all other e-mail users. It's the same with Mastodon.
Mastodon will only have robustly succeeded in their mission when people don't think of it as joining Mastodon but as joining some particular social hub which happens to run Mastodon. Think of how people aren't joining academia but are joining Foo University.
> Keybase integration is interesting to me, but not realky useful since i don't want to tie mastodon with my real life identity.
Yeah, this is it for me. Also I don't want to tie my various online profiles together in general. Providing an open, strong, independently verifiable cryptographic link between my online profiles seems like something that a bad actor could exploit to harvest data about me far more easily and with a far higher degree of confidence than would be the case without it. It might even be hard to get rid of if integrating websites aren't careful about deleting your keys when you want them to, leading to a bunch of cryptographic litter linking your profiles even when you don't want that.
I'm also willing to bet the personal attacks are kept to a bare minimum at Mastadon, where as with Twitter, you just have be idk...opposed to one popular political thing publicly to be regularly attacked and harassed.
How much of that is just because there aren't as many people there though? Both in the lack of enough people to make a critical storm of people and just not enough people to form an audience for that kind of action. I doubt that would remain the same if Mastodon took off and became a huge thing.
Toots are posts. Boosting is reposting so your followers can see it. Instance owners can change the terms to whatever cutesy terms they want, so this example has boost replaced with boop and toot replace with toot.
Also this is a FINE example of why niche communities need unbiased online infrastructure. A casual google-searcher may judge them by whatever google's AI decides is representative of the group, and choose not to deal with them at all.
I googled this, and was very very sorry that I did. Suffice it to say this terminology is specific to a subculture of people who dress up as animal mascots. Booping snoots apparently means touching the nose, I think? I also ran across something called “cub porn” and now I need a shower so hot it can melt glass.
fwiw, after reading this post, i searched "boop snoots" (with quotes) on both duckduckgo and google, and came up with nothing disturbing in the first page of results for either search. nothing that even indicated a connection to furry subculture, far as i could tell.
maybe other variations on that search come up with much more risque results?
I didn’t just google “boop snoots;” I googled that, googled “furries” and went down the rabbit hole a bit.
...A decision I now heartily regret. The two major things I found is that some people are very weird, and some other people hate the weird ones disproportionately considering their prevalence and general demeanor.
ah, yeah, well, sorry. maybe don't chase that rabbit like that next time?
also i find the "rabbit hole" metaphor and a username beginning with "dbased" to be pretty "on the nose" in the context of this thread (sorry, i couldn't resist any of that, and i only realized i ended with a pun after typing it out).
Ummm if cub porn is what I think it is and it is frowned upon which it sounds like it is then imho I suggest not using a community-specific euphemism as the euphemism implicitly grants it a place and status within your community.
If your users post hate speech, child porn or run amok reply guying, then yes your likely to not federate with other instances.
For other differing rules, instaces generally silence from the federated timeline. Eg: I can still follow Humblr.social and Sinblr users, but Federated timeline users won't have to drown in porn if the admin silences the server.
They want ActivityPub servers to apply to a central service (keybase) to offer cross server identities.
And they want users to trust that central service to decide who is who.
It's always amazing, how strong the force of centralization is.
Even when the whole value proposition of a technology is that it is decentralized, users will soon flock to centralized services built around it and end up in the mercy of a few organizations again.
Reminds me of all the people who think they hold crypto currency while in reality they "hold" yeah-we-promise-we-owe-you-somethings by some exchange.
Reminds me of how little resistance the Ethereum elite faced when they flushed "code is law" down the toilet and forced all users to switch to a fork with rewritten history.
What makes this attempt of centralization even more tragic is that it does not bring anything to the table. If you want to run a service that let's people claim they are joedoe@host1 and joe_the_doe@host2, just let them publish two messages. "I am joedoe@host1" on joe_the_doe@host2 and "I am joe_the_doe@host2" on joedoe@host1. Neither the integration with the hosts nor the crypto spiel is needed.
There will never be a truly unique, open identification service, and that's what keybase is trying to do. Not necessarily by saying "this is who I am on keybase and will be my unique identity" but by saying "I am someone, known as X on github and Y on mastodon". The advantage of keybase is that
- Any identity on any service can (now) be linked
- There is only one protocol to do it and it is all done on the client side
Why would Mastodon (or, really, ActivityPub) be The One service when there are other, working services worth using ?
No need to integrate Keybase or any service for this. You just can use any place on the web as a hub and post "I am news.ycombinator.com/user?id=rakoo, I am reddit.com/user/rakoo" there. And from the others you link back to the hub. Say github is your hub then you post "I am github.com/rakoo" on HN and Reddit. This would be user readable and machine readable. And any 3rd party service like Keybase could read it. No need for the social media sites to apply at Keybase and integrate it.
You _can_ do it but you would be the only one doing it, and as such it would provide little value because no one wants to do this manual dance and if you're such a minority then there will be no automated way to do it.
Keybase provides an (open!) protocol, along with (open source!) tools to do what you describe and then some (a lot of crypto stuff is needed, for instance). You can probably fork the keybase client and have your own hub at notkeybase.founderling.io if you want, so you can implement your very own idea if you so desire, and that would even be an interesting addition to the open web.
Also, you might have missed it but identity providers do not need to "apply" for keybase integration anymore: _any_ service can provide identity and link up with keybase without asking first (https://keybase.io/docs/proof_integration_guide). It doesn't even have to be a web service, so if they want any email provider can do it (although the whole linking thinking would be through http)
Technically you don't need to ask first, but you still need to tell Keybase directly that you support their proof integration protocol in order to be supported from their side of the connection. Not so much a "please let me in" but rather "I'm ready to rock".
Linking has to go both ways, it makes sense for the hub to vouch for it. Otherwise you have the same situation as the CAs without CTs: ie A can vouch for me, but I can't really vouch for this vouching, so another malicious B can vouch for a fake me.
> It's always amazing, how strong the force of centralization is.
This is because Mastodon is a UX nightmare because of the way they decentralized it. With Twitter you go on and you @ your friends / etc and you're done. With Mastodon you have to figure out where they are and if they're not all in the same place it becomes a nightmare to try and manage.
I get it, decentralization can be great. But so far most of the implementations of decentralized social networks have been a UX nightmare for even the casual user.
> With Twitter you go on and you @ your friends / etc and you're done. With Mastodon you have to figure out where they are and if they're not all in the same place it becomes a nightmare to try and manage.
Nope, that's actually not the problem with Mastodon UX. On Twitter you still have to ask if your friend is @Johnny or @John1256 or @JDoe or depend on visual cues (avatar).
The problem with Mastodon UX (and Fediverse in general) is the friction of "remote follow" buttons instead of one-click Follow (the same goes for reply/like etc.)
I find that remote follow is only an issue this way if you've gone directly to the other party's profile rather than following them from your own instance, or when your instance is being banned for some reason by the other party's instance. It could be smoother, but this is what we get for having to defend against XSS.
The bigger problem with Mastodon is the explicit support for censorship via defederating instances you don't like.
> rather than following them from your own instance
This all requires people to explicitly copy user/page URL to clipboard and paste it on their instance. "Follow me" buttons or twitter.com/share-link URLs are just not possible on Mastodon. Copying and pasting stuff doesn't look like good UX to me.
> And you want to tell me with a straight face that users will do their own crypto foo instead and validate hashes?
Your Keybase client (for whichever platform) will perform the verification for users you follow. There is no need for any manual action and the verification has to happen when you follow someone (by following someone you're attesting that your client performed the verification).
> As we saw with Ethereum. They simply pushed out new code that rewrote history.
Do some basic research. History was never rewritten and new code was never pushed on users. Users voted in favor of the DAO fork, then users voluntarily downloaded newer versions of their wallets in which the respective developers had implemented the agreed upon new rules that moved the stolen money to a recovery account.
> It's always amazing to me to hear assumptions that decentralisation is a feature.
Decentralization is not a feature for the end-user, it's a feature to developers. It's probably impossible for a new social network to take on Twitter, Facebook, etc. directly. However, a decentralized social network allows startups to move far quickly and implement other features that the big social networks are lacking.
I suspect that whatever social network eventually pushes out the dominant players today, will use tools like these.
One good precedent for this is AOL. AOL was safer and more user-friendly than the world-wide-web, but the web's decentralized nature allowed competitors to spring up much more quickly. I suspect something similar will eventually happen to today's social networks.
> Decentralization is not a feature for the end-user, it's a feature to developers.
On one hand you are right, it's a huge benefit to developers as they are able to create new services that leverage the strength of the existing network. Such as Peertube getting subscription and commenting features from other servers for free, and it “just works”. Imagine a youtube competitor wanting to leverage Twitter in the same way. Highly unlikely that it would be allowed, and even if it did, the integration would be Twitter-specific.
On the other hand, (at least some) end-users see decentralisation as a huge benefit, and at least in my case it gives me confidence that the whim of a single company can't ruin the experience for me, or even take away the platform altogether.
Most people may not consider this, but some people definitely do. And hopefully that number will increase over time.
Whilst I appreciate your views, for many/most the idea that no party can affect or take down the content is a negative.
"Nobody can censor us!"
is absolutely, unfortunately equivalent to -
"Nobody can take down race hatred, online harassment, child abuse images or other evil shit"
And we've adequate evidence now to show that humans will use such platforms to post exactly that sort of stuff. For instance one of the bitcoin forks that allows larger data payloads had child abuse images uploaded to it, in an immutable, permanent way. Many/most people are not OK with that.
I'm not yet seeing a way to balance these concerns.
Exactly. Even a centralized filtering mechanism can be curated by the community. The important point is that each server gets to decide whether to use it. If a user considers their server is not doing a good enough job with this, they simply move to another server.
In the grand scheme of things censorship is the more dangerous thing though. People often don't care about censorship until it affects them, but once it does, they care a lot. There's a reason why the first amendment protects speech. It's the building block for an improving society.
> As far as I'm aware, the first amendment doesn't protect the distribution of child abuse images, or allow harassment, etc.
Yes, but those are already illegal. That does not (or at the very least should not) mean politicians get to dictate what kind of technology is allowed. You cannot outlaw a technology (or require a backdoor) simply because it may not support deletion as a feature by virtue of being decentralized.
I'm not sure I'm arguing for a ban on decentralised tech as a whole, to go back to my first post on the topic - far from being a selling point, decentralisation is a negative feature for a lot of people. Centralisation provides points of control that are useful way beyond political suppression of speech, to allow (for instance) transaction reversal and material take down.
The post I replied to was singing the praises of decentralisation, as if the idea that nobody can control what's said and done is a universal positive. I'm just putting across the counterpoint that it's not, there are circumstances where unilateral control could be (and is, by large sections of the population) seen as a good thing.
> You cannot outlaw a technology (or require a backdoor) simply because it may not support deletion as a feature by virtue of being decentralized.
I mean, you can. I'm not necessarily saying it's a good thing to do, but there's no real reason a government couldn't make exactly such a rule. Whether it could be enforceable in any way is a different matter.
Of course decentralized architectures are not without downsides, just like any engineering trade-off. I'm not so sure it is a strictly negative feature for a lot of people though -- they may just consider it an overall negative due to some conveniences they may have lost as part of the trade-off.
And that's okay. It's important to bear in mind the things lost by not being decentralized also, though. I think this is presently not very prominent since a lot people started using the internet for a few large centralized services so they are not very familiar with the idea. Arguably, there was a period when people flocked to the internet because of the newfound decentralization.
> I'm just putting across the counterpoint that it's not, there are circumstances where unilateral control could be (and is, by large sections of the population) seen as a good thing.
It's seen as a good thing as long as the single point of control is doing things which are (mostly) aligned with the desires of these large sections of the population. This is a tautology. History teaches us that this is not at all given, though, so it's important not to rely on it strongly.
> I mean, you can. I'm not necessarily saying it's a good thing to do, but there's no real reason a government couldn't make exactly such a rule. Whether it could be enforceable in any way is a different matter.
Well, certainly. You can declare anything at all. I was proclaiming that from a position of practicality.
I'm mostly ambivalent to the censorship debate. What I mean by that is that I can see valid points on both sides.
Most Mastodon instances have pretty strict policies with regards to the speech that is allowed on them. Many instances block federation with other instances whose policies they don't agree with.
Other instances allow pretty much everything (they are usually called “free speech zones”). The result is what you would expect, and they end up being mostly blocked.
I'd argue that it works reasonably well for now (but it may of course change if the Fediverse grows further). Everybody is allowed to say what they want on the Fediverse, but others are not forced to listen to it.
It's really weird that this extremist position ("any removal of content is censorship, and censorship is always bad") is so prominent on HN whenusers of products have shown, every single time, they they don't want it.
> It's really weird that this extremist position ("any removal of content is censorship, and censorship is always bad") is so prominent on HN whenusers of products have shown, every single time, they they don't want it.
Why are you trying to paint this as an extremist position? Perhaps we are misunderstanding each other. Any removal of content is not censorship and that position is clearly nonsense. E.g. a commercial entity can do what it wants with its own property, including removing content.
What is universally negative is requiring all future technologies to have loopholes through which things can be deleted, thereby preventing some designs outright. I think this parent comment sums it up quite nicely why having such systems is something very reasonable and desirable:
> On the other hand, (at least some) end-users see decentralisation as a huge benefit, and at least in my case it gives me confidence that the whim of a single company can't ruin the experience for me, or even take away the platform altogether.
I'm looking at the news but I'm not reaching the same conclusions.
Public opinion heavily depends on context and evolves continually. Of course people are going to get behind the idea of preventing teen suicides, particularly when it seems that the solution might be preventing a huge, corporate giant do as it pleases.
Given the context of government censorship, which is happening and is likely to increase and become a larger problem in the future, and myriads of smaller, independent entities, people might react differently.
In any case, I don't think it's a good nor strong enough argument to abandon decentralization and anti-censorship efforts.
I think these ought to be tempered with the knowledge of how such systems invariably end up being used for the transfer of child abuse imagery, and other abhorrent stuff.
I'm not saying you should abandon decentralisation efforts if that's your thing, I'm just saying don't expect the world to flock to (or praise) what you create. Censorship resistance is not seen as a universal good.
> Of course people are going to get behind the idea of preventing teen suicides, particularly when it seems that the solution might be preventing a huge, corporate giant do as it pleases.
The criticism is usually that not enough was done to police the harassment. Decentralised systems are likely to make that worse.
> I'm not saying you should abandon decentralisation efforts if that's your thing [...]
Isn't not being controlled by the whim of a single corporation/government everyone's thing? Or the ability to be your own free person whose actions are not thwarted by a petty desire or ulterior motive?
Of course, in times of relative stability, people are sometimes lulled into thinking this is not and cannot be compromised in any way.
> Censorship resistance is not seen as a universal good.
Of course, it's a deep and fundamental issue. There are bound to be proponents of both sides with a lot of people in between.
I argue that inability to destroy abhorrent stuff is likewise not universally viewed as the ultimate evil, though.
> The criticism is usually that not enough was done to police the harassment.
You elided the rest of my argument so I'll repeat it rephrased: I think the current design of the system, where there is a very public single point-of-"failure" that is very easy to hate (big corporation) makes this more prominent.
There is abhorrent stuff printed on paper all around the world, but you don't see people claiming that not enough was done to seek out and destroy every such piece of paper. It is apparently enough to people that such paper is not very prominent in day-to-day situations.
> That's a very exaggerated and polarised way to look at the question of decentralised social media.
Why/how? I truly do not see why it is exaggerated: I did mean to talk about an edge case and I'm not saying we are exclusively dealing with that edge case today. However, being prepared for this edge case and having a viable alternative seems extremely important.
I wonder if the Mastodon community will pick up Keybase chat as the de facto chat option with this integration in place. Chat or private messaging has always been considered the weak link of the fediverse since it's easy for bad servers to mishandle "private" toots.
>Signal UI used to be horrible but as of the past few months it's improved a ton!
That's funny, I've had the opposite experience. Once I got everyone I know to start using it and was completely locked-in, I started having all kinds of weird issues.
My favorite is when my phone has been off awhile. After I turn it back on, I get a notification for every message I sent/received on another device while it was off. Usually takes about 30 minutes for it to fully sync, buzzing and/or producing popups for every message along the way. I have about a dozen equally frustrating issues I could, if I had the time, enumerate.
And of course because it's free, there's no real support. Signal has been a huge disappointment for me. I'm preparing to move back to regular SMS, but now I have to untangle all of the users like my mother that I convinced to use Signal. Caveat emptor!
It's not inconvenient, it's broken. The issue I described above is not the only misbehavior to which I'm frequently subjected. Another example: messages are delayed, often.
Recently I failed to reply to an urgent text about a medical diagnosis from my fiance due to Signal failing to push the message to my phone. This is unacceptable behavior from a critical application.
Do I get on a soapbox about how surveillance is terrible and miss being there for her by insisting on using Signal? No! I want her to be able to get in contact with me if there's an emergency, and that's the #1 priority.
(note: not trying to say the medical diagnosis scenario you describe is less important than your contribution to getting the world off SMS, just spitballing how we can work towards timely updates in our current world and wean off SMS)
in the situation you describe, or any urgent situation where speed of communication is paramount, what about bombardment through multiple channels? like, i'll often leave my phone out of my pocket, and not pay super close attention to it. and if it lights up with one text message, or one signal message, or whatever, i might not look at it. but if it's buzzing like crazy, or someone starts calling, i'd pick it up.
i guess what i'm saying is, "urgent" to me means signal/text/call/call someone that might be around the person/whatever, until the message gets through. if something is urgent, i would not send it solely by text. i've certainly had SMS messages get dropped or delayed many many times over the years.
can you really only use one messaging app at a time? signal is my primary messaging app, but i don't really find it bothersome to use whatsapp and regular SMS also. different people i communicate with prefer different channels, and often the same person will use different channels with me depending on the purpose (e.g., my dad mostly chats with me by SMS, and most of my immediate family's group chat is on SMS, but when my dad is texting with me about some sensitive personal financial info, it's over signal).
also, i hope that whatever the urgent issue was, it was resolved in an ok way. like i said, not trying to shortchange the urgency of a medical emergency or second guess your decision making or frustration at the time.
Yeesh, that is really terrible, I'm sorry to hear that. I understand your reasons, but in signal's defense it is a free service, which is pretty amazing considering the number of users they are able to support. I suppose reliability is a trade-off, but it would be nice if they offered a paid tier with better performance.
It's not, but decentralization isn't super effective for private channels of communication, particularly where neither end is running the software in question. (Most Mastodon users aren't site admins.)
But presumably if proving a Keybase user and a Mastodon user are the same is given, when a Mastodon user wants to contact another outside of Mastodon, Keybase Chat may be the new default choice.
Email is de-facto centralized at this point, with the overwhelming majority of email going through a small handful of giant providers. I don't remember the number anymore but some scary-high percentage of all email volume goes through Google servers.
1. There are still multiple options working options within the same ecosystem. And yes you can still self-host or pay to host. Unlike on WhatsApp, Telegram or Signal where you have to choose one (or more) providers.
2. I find it weird how busy we are as a community are: scaring each other away from the solutions we should use by pushing Joe Average in front of us (like the post in this thread about mastodon.com being up for sale).
: yes, there are problems. But FWIW mail disappeared before Gmail as well: I have memories of customers complaining about mail from "central USA" (or something) not arriving and after hassling our email provider and having them hassling their connections mail suddenly started to arrive. (And no I don't think it was acceptable then and I don't think it is acceptable now.)
My bet would be both. After all, why handle all the dirty work of implementing real-time chat that works across multiple different sites when you can just plug in Keybase instead? After all, if you're using it for encryption you already require people to have a Keybase account to have their chats encrypted.
You mean, ones that block spam farms and troll infestations? If so, that would leave a tiny little awful network. There's a reason that Mastodon is more pleasant than Twitter, and it's largely because its federation model penalizes both ban-happy and completely unmoderated peers.
Keybase has said porn related names / IDs won't be allowed? I was going to suggest some people look at using it as an alternative ID system to use in various chat systems. However some of those appear to be sex chat focused, so if that could cause an issue for them I'd be better off not mentioning and looking for a keybase like ID alternative.
Good q - this step will likely be automated soon. Still, there will always be one final step of our approving any integration, otherwise there would be 10,000 pr0n sites or ad sites. (We mention this in the FAQ.) But we can automate everything up to turning it on.
For now, we want to talk to everyone working on integrations, so we can see what steps are working and what are confusing, what could be improved, etc. So we're talking to everyone doing an integration.
I still don't get it. You have always been able to get a keybase proof for ANY website/domain without being approved first. Why do you need to whitelist mastodon instances? Why not just let people type in the domain name for their instance and get rolling?
Task: Send me a tweet on Twitter. Careful not to send it to any imposters.
Challenge: Finding me on Twitter. For example, I am not @Nadya
Extra Credit Challenge: Let's say I'm e-famous enough to have imposter accounts but not have a Twitter "verified" badge. Which Twitter account is the real me? And how do you know?
Where Keybase comes in: On my HN profile itself you can find my signatures on Keybase. Keybase is not necessary for these signatures but becomes a convenient place to look. You also do not need to trust Keybase; although in practice many people will. Don't lie to me and tell me you'd verify the keys. :)
Now you can go directly from my HN profile to my Twitter profile and tweet at me knowing that I am who I say I am. Or at least the individual posing as me has access to three of my accounts (HN, Keybase, and Twitter) and that you'd at least be talking to the same person.
The social proof and web of trust bit is where Keybase falls down but that's an inherit flaw of the web of trust (key exchange parties aren't as popular as they used to be and people will sign/trust keys of people they've never met IRL). Ultimately you'll have to trust that the people who follow me on Keybase are certain beyond a reasonable doubt that I am who I say I am. From there, you can trust the social proofs.
I personally use it so that people can find me on other services more easily and know that they are speaking to me.
If you have an account on N different sites, and you want to let people identify you between each of those, linking directly requires (N-1) links per profile, or N*(N-1) links total. When you create a new profile elsewhere, you need to update your profile on each of the N original sites, plus add N links in your profile at the new site.
Or you could collect all of your identities into a Keybase profile, which all of your other profiles link to. That's a lot less to manage. Plus, proving your identity at some site (usually) has the byproduct of pointing back at your Keybase profile, so even if you come at this just from a "less work for me" angle, you're getting verifiability for free.
Or you could collect all of your identities in one other central place (say your website or HN) and link to the central place from all other profiles. Because that is exactly the scenario you just mentioned. Having direct links to all other profiles isn't solved by keybase. The only thing it provides is a central place for profile links – and there are obviously other ways to achieve this.
Sure, but if you look at how Keybase is verifying the information and how it is presenting that trust to external users, I feel that the value they are providing has increased greatly over a static page listing social network IDs.
If someone hacks your HN account they could redirect the Twitter link elsewhere. If the only 2 accounts you have are HN and Twitter then Keybase doesn't solve that problem, but if you have more accounts elsewhere that are well-known, those extra accounts then prove that the HN<->Twitter connection is valid.
Right, but if your Twitter account links to your HN account then you've proven ownership both ways. If you don't want the n^2 problem then just have a list of all your accounts on one site and link there. Say, for example, your Mastadon account.
It comes with some issues, namely that I suck at keeping it up to date and that not all identities I would like to list there have a way for me to provide proof beyond my word alone. For most use cases and attack vectors I consider this sufficient enough. Now this is outside most peoples' threat models, but Keybase also provides some mitigation against some other scenarios.
1) If nadyanay.me becomes compromised the imposter could update /identities.html with a new and fake list and I would need to update my link everywhere it is used or I would be pointing people to the imposter list. I have more faith in both (a) Keybase is less likely to be compromised and (b) in the event Keybase has become compromised someone will notice. Nobody would notice if my personal site was compromised, as even my closest friends don't regularly browse my website. It could honestly take weeks or even months to discover the file had been changed.
2) A person who compromises my account(s) must also have access to my private key in order to sign messages in my name. This is important because even if any of my accounts is compromised they're still unable to prove they are me if asked. This is something I actively practice with a few online friends of mine. We pretty regularly lend large sums of (virtual) game cash to one another worth in the range of $10,000-$15,000 USD if RWT'd. The last thing either of us would want is an imposter asking to borrow some money in-game from them and selling it off and so anytime we ask to borrow some in-game cash we ask to see a signed message. I admit that's the primary reason behind most of my signed messages...
3) Any attempts at creating a new key will allow users to see that my key has been revoked and replaced. Users who had signed my old key would need to re-verify with me that my new key is valid. Social engineering and people's casual use cases means the imposter would just claim to be me and most people would believe them. Few would bother verifying but it at least provides an additional opportunity for the imposter to be outed.
The obvious question is: "Isn't that what a domain is for?"
And the answer is a lot of the New Famous don't have domains to list canonical social media profiles on. They exist solely on silos like YouTube, Twitter, Facebook, and Instagram with no way to connect to their fanbase without it.
I think their goal is to do everything (or a large subset of things) Slack/Google Drive/GitHub can do, but with end-to-end encryption and easy discovery (look someone up no matter where on the internet you know them from).
The remote git repo feature is nice. But from what I understand, the primary use is to serve as proof of identity. They have other products like a chat app for individual or team use, file storage, PGP operations, and more. All e2e encrypted.
Can someone explain Mastodon to me? Because I’m not really sure I “get” it.
As I understand it, I need to register for Mastodon at some server ``foo``, and with this one single registration I can also access other servers ``bar`` and ``baz`` and read what their members post, but I’m not able to post on those servers myself, only on my original ``foo`` server.
So what happens when ``foo`` goes under for whatever reason? Or what if the admins at ``foo`` decided to ban me from their server for whatever reason? Am I just shit out of luck now?
And what if my friends decide to join Mastodon some time later, but they all agree to join ``bar`` leaving me the odd person out? I think I’ve read somewhere that it’s not possible to relocate my ‘home server’?
The entire ActivityPub concept is flawed, but not because you would be left alone in your server, it's the opposite: since you're interacting with your friends, your friends' server would then fetch all posts from your server and vice-versa, it will be as if there was just one server, but maintenance costs are now duplicated and the discovery process is not great also.
These problems are less problematic the smaller the servers are, which makes me think the best structure would be one in which each user is its own server and just syncs to temporary syncing hubs when possible -- or maybe sync directly to other online peers they know.
Bug report: I just connected my Mastodon.social and Keybase profiles. On my Keybase profile, the "post" link next to my Mastodon.social profile link doesn't go directly to the proof post, but instead just links to my profile again.
Yet its been proven again and again and again that once the diversity circle takes effect the LEFT as a whole refuses to support diversity of viewpoint and will censor non left people on all platforms left admins exist on
Even Diaspora has a massive infection of SJW , Diversity and "woke" people that are pro censorship