zedage

joined 1 month ago
sorted by: new top controversial old
1
How does lemmy implement Auth? (lemm.ee)
submitted 1 month ago* (last edited 1 month ago) by zedage@lemm.ee to c/meta@lemm.ee
0 comments fedilink
 

Can somebody please tell me how lemmy implements auth? If I sign-up to an instance, who manages the login credentials for my account to validate login attempts? If it's with the instance manager, am I at the mercy of the instance to keep my login credentials safe? What about when logging in with 3rd party apps like voyager or alexandrite, are my login credentials passed to those 3rd party apps in clear text to validate with the instance that hosts my account.

Ideally, I would want the auth to be handled by one centralized authority that I can trust to keep my credentials safe, instead of trusting instance managers or 3rd party apps not only to store my credentials but to validate auth as well. Is that something that can be implemented for each ActivityPub software? As in auth for all instances of lemmy is handled by lemmy, mastodon by mastodon, misskey by misskey, etc.

E: I'm talking about user authentication, in case that wasn't clear.

E2: This discussion would be more suited on each software's development platform. But I will leave it here to get other people's perspectives.

The fediverse has a bullying problem in c/fediverse@lemmy.world
[–] zedage@lemm.ee 5 points 1 month ago* (last edited 1 month ago)

I think the confusion from fediverse’s claims of privacy stem from poor ~~enunciation~~ elucidation of the nature of the privacy from its proponents. It is definitely more private in the amount of passive data mining for ad tracking purposes compared to for profit social media. The architecture is designed to discourage instance managers from implementing ad-tech from building sophisticated user profiles of your behaviour in order to serve you more targeted ads from the people that manage the infrastructure. There’s no monitoring of clicks, click through rates, time spent on the platform, the type of content you like, etc. And the price for that mechanism is, making public, data that cannot be monetised on a large scale, which for profit social media guaranteed “privacy” to(in quotes because it was private from prying eyes through E2EE but not your keys not your data.)

I can see where the confusion might arise for nontechnical people who aren’t familiar with the technical aspects of ActivityPub implementations. I don’t think there should be any confusion for technical people in understanding the architecture clearly guarantees a total lack of private data, seeing as how decentralisation works.

The fediverse has a bullying problem in c/fediverse@lemmy.world
[–] zedage@lemm.ee 3 points 1 month ago

I think the confusion from fediverse’s claims of privacy stem from poor enunciation from its proponents. It is more private in the amount of passive data mining for ad tracking purposes compared to for profit social media. The architecture is designed to discourage these practices from the people that manage the infrastructure. And the price for that mechanism is, making public, data that cannot be monetised on a large scale, which for profit social media guaranteed “privacy” to(in quotes because it was private from prying eyes through E2EE but not your keys not your data.)

I can see where the confusion might arise for nontechnical people who aren’t familiar with the technical aspects of ActivityPub implementations. I don’t think there should be any confusion for technical people in understanding the architecture clearly guarantees a total lack of private data, seeing as how decentralisation works.

Discord going public. Plz help a future refugee. in c/selfhosted@lemmy.world
[–] zedage@lemm.ee 1 points 1 month ago

I've found SimpleX a much better solution than matrix for a discord alternative.