I suspect the fedi-collective has more negotiating power in this moment than it realizes. We may as well make some asks, see how Meta responds, and they in turn will see how the public, the media and the regulators respond to them in this bold new era of pervasive Big Tech skepticism.
> Digital Identities aren’t something unique to the fediverse and it’s not something Mastodon could stop if they wanted to. Nomadic identity is coming to the internet. The only question is who is going to own your identity. VISA/Mastercard, your government, Google, Microsoft, or you.
With a #DID derived from a secret key you can truly own your identity. Unfortunately, key rotation is not supported, and if you lose your key, you lose everything. This can be partially mitigated with distributed key generation techniques that make key recovery possible if only M of N shards are available, but they are complicated.
Servers can rotate keys, but they can also suddenly disappear, and again you lose everything.
Blockchain-based systems support key rotation and don't have a single point of failure (if done right). Sometimes they are called "servers with superpowers". However, popular ones are not suitable for the job because writing to them is very expensive and their clients need powerful computing devices and a lot of storage.
Is there a way around that? Yes. Blockchains can be very lightweight and they don't actually need a cryptocurrency, miners or stakers in order to work. There is a simple consensus algorithm known as Proof of authority, and one of the Fediverse competitors, Bluesky, seems to be planning to build such system:
>We are actively hoping to replace it with or evolve it into something less centralized - likely a permissioned DID consortium.
They are afraid to say the B-word, but "permissioned consortium" is exactly what it is. Of course, their identity #blockchain doesn't have to be the only one in existence. I think in the future we might see quite a lot of "identity cooperatives" of different shapes and sizes. Perhaps even a universal client, curl for identity, can be developed.
@silverpill while I’m clueless about this stuff at the low level, it seems to me like did-plc is Good Enough for a starting point that works today.
It is transitory by design, so whichever next-stage direction the Bluesky devs take it in can be diverged from if it doesn’t align with the requirements for #NomadicIdentity in the fediverse.
I’m afraid that if we wait around another year++ for the perfect solution to come along, Good Enough alternatives will be deeply entrenched by that time.
Oh, Zot! Nomadic Identity is Coming to ActivityPub: This could change the Fediverse forever
Years before there was Mastodon and even ActivityPub, there was Mike Macgirvin who created the Zot protocol, which Hubzilla runs on. One of Hubzilla’s most amazing features (apart from also integrating with Activity and the Fediverse, and having cha ...continues
Nomadic Identity is a concept pioneered by Mike Macgirvin, a longtime builder in the Fediverse. If you’ve ever used Friendica, Hubzilla, or Streams, you’ve used software written by this guy.
Got Zot — Mike Macgirvin on building your own apps and protocols
An interview with the brilliant mind behind the Zot protocol, MagicAuth, and Nomadic Identity.
One of the big problems in federated social systems involves permissions, identity, and data. We can sum this up in three parts:- Permission Management – If I visit a friend’s site to interact with something, there typically isn’t a way for me to do anything while I’m over there. I have to go back to my server.
Identity Management – Okay, I have a way to validate that I’m really me. What do I have as a fallback if that fails?
Data Portability – What happens to my stuff if my server goes down? Can I move to another servers and get my statuses, messages, and interactions back? Could I even just do it temporarily, to keep my followers, while my server gets sorted out?
From the end user’s side of the house, everything boils down to how their identities are coupled to their instances. ActivityPub-based systems like Mastodon do a pretty decent job with letting people migrate from one server to another, letting users pull in remote statuses from a URL, and letting users decide who is allowed to see or reply to their posts. It’s a far better situation than what came before ActivityPub.
At the end of the day, though, what is currently provided in the ActivityPub side of the network is somewhat limited, compared to what the Zot protocol brings to the table with Nomadic Identity. Let’s dive into the three different components: OpenWebAuth, Channel Relays, and Data Migration.
OpenWebAuth
OpenWebAuth used to be called “Magic Auth”, because of how seamless the experience is. Instead of only being able to manage things from your social dashboard, you can jump from one part of the Fediverse to another, and your permissions will be granted automatically. It all happens in the browser.
The way this works is relatively simple: your browser accesses a token inside of a cookie. That token references your Digital Identity in the Fediverse, verifies it, and a handshake is performed. Afterwards, anything you were given permission to access unlocks and becomes visible on the page.
A really old video of Hubzilla doing it. I’m navigating from my site to Andrew’s.
OpenWebAuth solves one of the most frustrating UX problems the Fediverse currently has: dealing with remote content that you discovered somewhere else.
Channel Relays
Channel Relays are the second major piece of the puzzle here. Using a common ID, you can associate separate accounts across the network with one another. Each relay is verified through an Authorization process, and then each relay is tethered to one another like so:
Using your credentials, you can log into any one of these three relays, and post to your followers. If the server my work account is on suddenly goes down, I can still log in to my family account or blog, and keep interacting like nothing happened. I’m still in contact with my followers, and if I want, my relay accounts can replicate statuses posted from elsewhere.
A few clear benefits emerge from this:- Network Resilience
Censorship Resistance
Ease of Migration
In fact, this mechanism is so good, it feeds directly into the next use-case: Data Migration.
Data Migration
So, we already have two pieces: multiple identities can be connected together across a network, logging into one can allow you to post from another, and a person can decide, at any time, which account will serve as their primary.
Because all of these things are set up, the act of moving your stuff becomes relatively trivial. All of your accounts are aware of each other. If you switch to a new primary, you can trigger an update to all of your existing conversation threads and comments to switch the author, and replicate the data on your end. Thanks to the way that Nomadic Identity is set up, those verified parts of your identity can perform those kinds of actions, whereas no other account can.
Why is This Important?
As we continue to think about how to further develop the Fediverse and give people more robust tools capable of doing more things, we have to consider the plumbing that holds it all together. Identity Management is one of those pieces of plumbing that’s surprisingly shaky, and requires serious consideration.
Digital Identities aren’t something unique to the fediverse and it’s not something Mastodon could stop if they wanted to. Nomadic identity is coming to the internet. The only question is who is going to own your identity. VISA/Mastercard, your government, Google, Microsoft, or you.
Mike Macgirvin
As Threads, Tumblr, and other big social networks come into the space, developers need to think about the stakes. The user migration flow is decent for moving from one server to another, but it’s relatively brittle, and currently only updates a reference from one account to another. The network lacks meaningful ways for people to pull their posts, messages, and media from the place they left.
The biggest takeaway here is that these are mature, time-tested mechanisms that could add extra layers of user agency and control to the Fediverse.
Mike Macgirvin, the long-time developer that brought us #Friendica, #Hubzilla, #Streams, and the #Zot protocol, is bringing his most powerful concept to the rest of the #Fediverse: Nomadic Identity.
@jupiter_rowland@hello After a cursory investigation, I get the impression that nomadic identity is in its infancy:
it seems to be tied to Hubzilla and (streams)
it doesn't seem to have a spec
it seems to be implemented only in PHP
I'm happy to be corrected!
It's hard to know whether nomadic identiy is a tiny niche thing that'll stay that way or something that's going to be huge. Of course, I hope for the latter.
I think it's interesting in obvious ways and risky in some less obvious ones (that have less to do with "O NO BILLIONAIRES" or "O NO LIBERTARIANS" and more to do with placelessness), but we'll see.
I hope good things emerge from/grow on top of this framework.
[I recognize that mentioning this is widely considered to be an invitation to explain capital like I am a tiny baby. You could also not.]
@ggpsv I’m arguing that #threadiverse platforms like Lemmy, kbin et.al. is where we should go for place, which will include Mastodon once it implements Groups.
I don’t have any sense of place on Mastodon, as it is chiefly oriented around people. I can’t easily visit Erin’s mas.to or your social.coop.
But root identity provisioning needs to be extricated from all of the above, in favor of the #nomadicidentity which Bluesky has gotten 80% figured out already and working in practice.
Seeing lots of discussion around Firefox marketshare, would be interested to hear what features / functionality people thought Firefox could implement that would make a big impact?
Same as Mozilla partnered with Mullvad for VPN, they could partner with the likes of Ory or Zitadel for ‘Firefox Login’, based on regular OAuth/OIDC rather than the custom stuff that’s been going on.
Let me add a more open and user-respecting alternative to the Google/Facebook/GitHub socials login of my app, and give me a reason to advocate for ‘Firefox Login’ to be added to my favorite services.
From there you can work towards a #nomadicidentity wallet baked into the browser.
One feature I miss from #Twitter is explanations for ongoing trends on the platform. It saved me the research step to know what chronically online quirk is now “it” and avoids misunderstanding one thing for another.
It was nice for quickly getting an overview of a currently discussed topic before going through a wall of posts and not understanding anything which really helped with my #ADHD.
I’m kinda playing with the idea of switching instances, but I’m holding back because I don’t wanna lose my posts here.
I wish #Mastodon supported #NomadicIdentity like #Firefish (and maybe #Catodon as well?), but those two supporting it wouldn’t help much in my case as I’m not sure they would work with @ivory and don’t seem to offer any mobile clients besides Feditext which is in beta.
Firefish did claim to support the Mastodon API so it should work with Ivory, right?
There’s a major convergence of OAuth/OIDC support across #fediverse applications, #Matrix is going all-in on it as its root default, and other social web protocols are tagging along as well.
Like the separation of church and state, it seems prudent to keep the management of our digital identities separate from our social network servers.
Domain-based OIDC accounts with web sign-in, especially when self-hosted, serve the function of a minimum-viable #nomadicidentity
I want my root digital identity and follow-contacts stored in a Solid pod, letting me log into all fediverse platforms via Solid-OIDC.
#ActivityPub & #Mastodon et.al. should just provide the send/receive pipes, relegating the job of primary identity provider to the ID-centric protocol that is Solid.
I really can't help but look at this whole blocklist drama with some amusement tinged with exasperation.
Anyone who has done remotely any reading on #P2P systems and #federated systems just has that flaw jump to their eyes when the state of #ActivityPub implementations is seen, and in general how no importance is given to #AsynchronousCommunication communication in the spec and nearly as little to P2P use.
Basically, what did you expect? Of course it'll devolve into petty fiefdoms.
@smallcircles As far as the #Fediverse goes, I think that proper #P2P is unlikely to get implemented by many, but #NomadicIdentity can be and indeed has already been before.
Popularizing it is another matter, and the issues inherent on hosting & communicating with anything that is primarily reliant on the #clearnet and doesn't have explicit expectations of transport diversity don't make things easier either.
Like, everyone outside of Mastodon must issue a #CW if they use
bold type
italics
a code block
a bullet-point list
or anything like that because it irritates those who are still used to the #Fediverse only being old-school Mastodon. You know, just like #LongPosts with over #500Characters.
@jupiter_rowland I will have to look into this more... #nomadicidentity is pretty important, to the point that moving elsewhere might not be the way to go until Mastodon supports it fully... but I might create something on Firefish and link to it when I do long posts. I've been looking for something that's not Medium, as I don't support Twitter's billionaire former owner, but do want to do some of what it does.
/microblogmemes is a great #lemmy community, but there’s something really off about sharing a post from one #fediverse app to another via a screenshot.
@mike with #NomadicIdentity and/or mainstream OAuth support, a universal protocol for Private Groups might be less important, because at least I could still log into any fedi instance with my fedi-ID to access its private contents.
Wow. I just learned that my instance is going to close. No shade on the administrator — stuff happens. I'll move.
But an instance outright shutting down really exposes the hazard in posts being left behind when you move. Unless I archive and rehost them, everything I've written here will be lost.
Even if I do archive and rehost them, anything that linked to stuff I wrote here will be broken.
@interfluidity
Yet another example of why we need true #NomadicIdentity, like what Mike Macgirvin proposed 10-ish yrs ago for ActivityPub & subsequently built into #streams. (Just read a post about that but now can't put my hands on it.)
Confession: I talked to a VC interested in the fediverse today. Second time this has happened. Their perspective:
Fediverse is hostile to VC (yay!)
Doesn't see investible opportunities in fediverse (possibly bad)
Thinks the server-based identity system is a dead end
I made clear, of course, that the past decade of my career has been devoted to attempting to displace VC as the primary mode of financing, ownership, and governance of tech.
@ntnsndr I do agree with the last point. But I think #NomadicIdentity is even less VC-friendly, since it’s fundamentally about removing the moats of service providers.
@liaizon as long as I get #NomadicIdentity I’m good. I don’t need the fediverse to be a reliable storage of my data; that’s what my website/blog is for.
I think of my fedi posts as letters I send out into the ether.
I have re-read the magnificent article by @kissane, titled "Mastodon is easy and fun except when it isn’t". On Bluesky, she asked those people who had tried/used Mastodon and bounced off, what had led them to slow down or leave.
Couldn’t find people or interests, people didn’t stay
Too confusing, too much work, too intimidating
Too serious, too boring, anti-fun
Complicated high-stakes decisions
"I don’t know if Mastodon can grapple with the complexities of mass scale. Lots of people would prefer it didn’t—staying smaller and lower-profile makes it friendly to amateur experimentation and also a lot safer for people who need to evade various kinds of persecution. But if Mastodon and other fedi projects do take on the mass scale, their developers must consider the needs of people who aren’t already converts. That starts by asking a lot of questions and then listening closely and receptively to the answers you receive."
For many parts I agree. But despite everything, Mastodon/Fediverse is still the best place to be on social media. Let's make this even better. We have the power. #Mastodon#OpenSource#Fediverse#Bluesky#BlueskySocial
@PavelVoronezh
> the ability to back up data on one of the friendly servers
Have you looked into the Zot protocol and its Nomadic Identity? It does exactly that. Of all the fediverse software I'm aware of, only Hubzilla and Streams implement Zot. I'm pretty sure Zot apps could already do this when ActivityPub was being drafted. Not sure why this capability wasn't included in AP
I know this much is true: I cannot and should not have to rely on someone else’s ‘server instance’ as the primary keeper of my social graph, I.e. my internet address book.
My personal connections should first and foremost be under my personal control.
Only I get to decide who I’m connected to. And I decide how many of those connections are public.
I will share those connections with a server which will store and relay my post broadcast to my connects.