• 0 Posts
  • 19 Comments
Joined 1 year ago
cake
Cake day: September 13th, 2023

help-circle




  • If you’re proposing overhauling the whole architecture of lemmy to use consistent UUID-based IDs for comments, posts, etc. across all instances, that could probably work but there are some edge cases especially with malicious actors, and it would be a huge undertaking.

    That was what I was suggesting yeah, version 3-5 look like it could work, you could use the originating server as the name-space, and a local server generated ID for the name. As long as they only use information sent elsewhere the hashes should be reproducible, so you can check that a server is only using it’s own name to send new comments/posts, which should protect against the obvious attacks.

    The more I think about it I’m not sure you would even need to use an official UUID system actually, just make something like <originating server>-<id from origin server> as the unique ID?

    I agree it would be a big change to make though, especially dealing with all the existing posts.












  • RobotToaster@mander.xyztoLemmy@lemmy.mlRFC for Private Communities in Lemmy
    link
    fedilink
    English
    arrow-up
    29
    arrow-down
    1
    ·
    9 months ago

    Given that the admin of any instance with a single approved follower can see the contents of the community, this idea feels like placebo privacy. The false sense of privacy could be counterproductive.

    The only way I can think to federate with something resembling true privacy would be to use PGP or similar. Encrypt the data with the user’s private key, send it to and store it on remote instances encrypted ,and decrypted in JS on the user’s computer. That would require users to mange private keys which they would no doubt lose, and be a lot of work for a pretty niche feature.