I suspect the fedi-collective has more negotiating power in this moment than it realizes. We may as well make some asks, see how Meta responds, and they in turn will see how the public, the media and the regulators respond to them in this bold new era of pervasive Big Tech skepticism.
With a #DID derived from a secret key you can truly own your identity. Unfortunately, key rotation is not supported, and if you lose your key, you lose everything. This can be partially mitigated with distributed key generation techniques that make key recovery possible if only M of N shards are available, but they are complicated.
Servers can rotate keys, but they can also suddenly disappear, and again you lose everything.
Blockchain-based systems support key rotation and don't have a single point of failure (if done right). Sometimes they are called "servers with superpowers". However, popular ones are not suitable for the job because writing to them is very expensive and their clients need powerful computing devices and a lot of storage.
Is there a way around that? Yes. Blockchains can be very lightweight and they don't actually need a cryptocurrency, miners or stakers in order to work. There is a simple consensus algorithm known as Proof of authority, and one of the Fediverse competitors, Bluesky, seems to be planning to build such system:
>We are actively hoping to replace it with or evolve it into something less centralized - likely a permissioned DID consortium.
They are afraid to say the B-word, but "permissioned consortium" is exactly what it is. Of course, their identity #blockchain doesn't have to be the only one in existence. I think in the future we might see quite a lot of "identity cooperatives" of different shapes and sizes. Perhaps even a universal client, curl for identity, can be developed.
@silverpill while I’m clueless about this stuff at the low level, it seems to me like did-plc is Good Enough for a starting point that works today.
It is transitory by design, so whichever next-stage direction the Bluesky devs take it in can be diverged from if it doesn’t align with the requirements for #NomadicIdentity in the fediverse.
I’m afraid that if we wait around another year++ for the perfect solution to come along, Good Enough alternatives will be deeply entrenched by that time.
> Digital Identities aren’t something unique to the fediverse and it’s not something Mastodon could stop if they wanted to. Nomadic identity is coming to the internet. The only question is who is going to own your identity. VISA/Mastercard, your government, Google, Microsoft, or you.
Oh, Zot! Nomadic Identity is Coming to ActivityPub: This could change the Fediverse forever
Years before there was Mastodon and even ActivityPub, there was Mike Macgirvin who created the Zot protocol, which Hubzilla runs on. One of Hubzilla’s most amazing features (apart from also integrating with Activity and the Fediverse, and having cha ...continues
Mike Macgirvin, the long-time developer that brought us #Friendica, #Hubzilla, #Streams, and the #Zot protocol, is bringing his most powerful concept to the rest of the #Fediverse: Nomadic Identity.
@jupiter_rowland@hello After a cursory investigation, I get the impression that nomadic identity is in its infancy:
it seems to be tied to Hubzilla and (streams)
it doesn't seem to have a spec
it seems to be implemented only in PHP
I'm happy to be corrected!
It's hard to know whether nomadic identiy is a tiny niche thing that'll stay that way or something that's going to be huge. Of course, I hope for the latter.
Nomadic Identity is a concept pioneered by Mike Macgirvin, a longtime builder in the Fediverse. If you’ve ever used Friendica, Hubzilla, or Streams, you’ve used software written by this guy.
Got Zot — Mike Macgirvin on building your own apps and protocols
An interview with the brilliant mind behind the Zot protocol, MagicAuth, and Nomadic Identity.
One of the big problems in federated social systems involves permissions, identity, and data. We can sum this up in three parts:- Permission Management – If I visit a friend’s site to interact with something, there typically isn’t a way for me to do anything while I’m over there. I have to go back to my server.
Identity Management – Okay, I have a way to validate that I’m really me. What do I have as a fallback if that fails?
Data Portability – What happens to my stuff if my server goes down? Can I move to another servers and get my statuses, messages, and interactions back? Could I even just do it temporarily, to keep my followers, while my server gets sorted out?
From the end user’s side of the house, everything boils down to how their identities are coupled to their instances. ActivityPub-based systems like Mastodon do a pretty decent job with letting people migrate from one server to another, letting users pull in remote statuses from a URL, and letting users decide who is allowed to see or reply to their posts. It’s a far better situation than what came before ActivityPub.
At the end of the day, though, what is currently provided in the ActivityPub side of the network is somewhat limited, compared to what the Zot protocol brings to the table with Nomadic Identity. Let’s dive into the three different components: OpenWebAuth, Channel Relays, and Data Migration.
OpenWebAuth
OpenWebAuth used to be called “Magic Auth”, because of how seamless the experience is. Instead of only being able to manage things from your social dashboard, you can jump from one part of the Fediverse to another, and your permissions will be granted automatically. It all happens in the browser.
The way this works is relatively simple: your browser accesses a token inside of a cookie. That token references your Digital Identity in the Fediverse, verifies it, and a handshake is performed. Afterwards, anything you were given permission to access unlocks and becomes visible on the page.
A really old video of Hubzilla doing it. I’m navigating from my site to Andrew’s.
OpenWebAuth solves one of the most frustrating UX problems the Fediverse currently has: dealing with remote content that you discovered somewhere else.
Channel Relays
Channel Relays are the second major piece of the puzzle here. Using a common ID, you can associate separate accounts across the network with one another. Each relay is verified through an Authorization process, and then each relay is tethered to one another like so:
Using your credentials, you can log into any one of these three relays, and post to your followers. If the server my work account is on suddenly goes down, I can still log in to my family account or blog, and keep interacting like nothing happened. I’m still in contact with my followers, and if I want, my relay accounts can replicate statuses posted from elsewhere.
A few clear benefits emerge from this:- Network Resilience
Censorship Resistance
Ease of Migration
In fact, this mechanism is so good, it feeds directly into the next use-case: Data Migration.
Data Migration
So, we already have two pieces: multiple identities can be connected together across a network, logging into one can allow you to post from another, and a person can decide, at any time, which account will serve as their primary.
Because all of these things are set up, the act of moving your stuff becomes relatively trivial. All of your accounts are aware of each other. If you switch to a new primary, you can trigger an update to all of your existing conversation threads and comments to switch the author, and replicate the data on your end. Thanks to the way that Nomadic Identity is set up, those verified parts of your identity can perform those kinds of actions, whereas no other account can.
Why is This Important?
As we continue to think about how to further develop the Fediverse and give people more robust tools capable of doing more things, we have to consider the plumbing that holds it all together. Identity Management is one of those pieces of plumbing that’s surprisingly shaky, and requires serious consideration.
Digital Identities aren’t something unique to the fediverse and it’s not something Mastodon could stop if they wanted to. Nomadic identity is coming to the internet. The only question is who is going to own your identity. VISA/Mastercard, your government, Google, Microsoft, or you.
Mike Macgirvin
As Threads, Tumblr, and other big social networks come into the space, developers need to think about the stakes. The user migration flow is decent for moving from one server to another, but it’s relatively brittle, and currently only updates a reference from one account to another. The network lacks meaningful ways for people to pull their posts, messages, and media from the place they left.
The biggest takeaway here is that these are mature, time-tested mechanisms that could add extra layers of user agency and control to the Fediverse.
I think it's interesting in obvious ways and risky in some less obvious ones (that have less to do with "O NO BILLIONAIRES" or "O NO LIBERTARIANS" and more to do with placelessness), but we'll see.
I hope good things emerge from/grow on top of this framework.
[I recognize that mentioning this is widely considered to be an invitation to explain capital like I am a tiny baby. You could also not.]
@ggpsv I’m arguing that #threadiverse platforms like Lemmy, kbin et.al. is where we should go for place, which will include Mastodon once it implements Groups.
I don’t have any sense of place on Mastodon, as it is chiefly oriented around people. I can’t easily visit Erin’s mas.to or your social.coop.
But root identity provisioning needs to be extricated from all of the above, in favor of the #nomadicidentity which Bluesky has gotten 80% figured out already and working in practice.
Seeing lots of discussion around Firefox marketshare, would be interested to hear what features / functionality people thought Firefox could implement that would make a big impact?
Same as Mozilla partnered with Mullvad for VPN, they could partner with the likes of Ory or Zitadel for ‘Firefox Login’, based on regular OAuth/OIDC rather than the custom stuff that’s been going on.
Let me add a more open and user-respecting alternative to the Google/Facebook/GitHub socials login of my app, and give me a reason to advocate for ‘Firefox Login’ to be added to my favorite services.
From there you can work towards a #nomadicidentity wallet baked into the browser.
One feature I miss from #Twitter is explanations for ongoing trends on the platform. It saved me the research step to know what chronically online quirk is now “it” and avoids misunderstanding one thing for another.
It was nice for quickly getting an overview of a currently discussed topic before going through a wall of posts and not understanding anything which really helped with my #ADHD.
I’m kinda playing with the idea of switching instances, but I’m holding back because I don’t wanna lose my posts here.
I wish #Mastodon supported #NomadicIdentity like #Firefish (and maybe #Catodon as well?), but those two supporting it wouldn’t help much in my case as I’m not sure they would work with @ivory and don’t seem to offer any mobile clients besides Feditext which is in beta.
Firefish did claim to support the Mastodon API so it should work with Ivory, right?
There’s a major convergence of OAuth/OIDC support across #fediverse applications, #Matrix is going all-in on it as its root default, and other social web protocols are tagging along as well.
Like the separation of church and state, it seems prudent to keep the management of our digital identities separate from our social network servers.
Domain-based OIDC accounts with web sign-in, especially when self-hosted, serve the function of a minimum-viable #nomadicidentity
I want my root digital identity and follow-contacts stored in a Solid pod, letting me log into all fediverse platforms via Solid-OIDC.
#ActivityPub & #Mastodon et.al. should just provide the send/receive pipes, relegating the job of primary identity provider to the ID-centric protocol that is Solid.
I really can't help but look at this whole blocklist drama with some amusement tinged with exasperation.
Anyone who has done remotely any reading on #P2P systems and #federated systems just has that flaw jump to their eyes when the state of #ActivityPub implementations is seen, and in general how no importance is given to #AsynchronousCommunication communication in the spec and nearly as little to P2P use.
Basically, what did you expect? Of course it'll devolve into petty fiefdoms.
@smallcircles As far as the #Fediverse goes, I think that proper #P2P is unlikely to get implemented by many, but #NomadicIdentity can be and indeed has already been before.
Popularizing it is another matter, and the issues inherent on hosting & communicating with anything that is primarily reliant on the #clearnet and doesn't have explicit expectations of transport diversity don't make things easier either.
Like, everyone outside of Mastodon must issue a #CW if they use
bold type
italics
a code block
a bullet-point list
or anything like that because it irritates those who are still used to the #Fediverse only being old-school Mastodon. You know, just like #LongPosts with over #500Characters.
@jupiter_rowland I will have to look into this more... #nomadicidentity is pretty important, to the point that moving elsewhere might not be the way to go until Mastodon supports it fully... but I might create something on Firefish and link to it when I do long posts. I've been looking for something that's not Medium, as I don't support Twitter's billionaire former owner, but do want to do some of what it does.
/microblogmemes is a great #lemmy community, but there’s something really off about sharing a post from one #fediverse app to another via a screenshot.
@mike with #NomadicIdentity and/or mainstream OAuth support, a universal protocol for Private Groups might be less important, because at least I could still log into any fedi instance with my fedi-ID to access its private contents.
Wow. I just learned that my instance is going to close. No shade on the administrator — stuff happens. I'll move.
But an instance outright shutting down really exposes the hazard in posts being left behind when you move. Unless I archive and rehost them, everything I've written here will be lost.
Even if I do archive and rehost them, anything that linked to stuff I wrote here will be broken.
@interfluidity
Yet another example of why we need true #NomadicIdentity, like what Mike Macgirvin proposed 10-ish yrs ago for ActivityPub & subsequently built into #streams. (Just read a post about that but now can't put my hands on it.)
Confession: I talked to a VC interested in the fediverse today. Second time this has happened. Their perspective:
Fediverse is hostile to VC (yay!)
Doesn't see investible opportunities in fediverse (possibly bad)
Thinks the server-based identity system is a dead end
I made clear, of course, that the past decade of my career has been devoted to attempting to displace VC as the primary mode of financing, ownership, and governance of tech.
@ntnsndr I do agree with the last point. But I think #NomadicIdentity is even less VC-friendly, since it’s fundamentally about removing the moats of service providers.
@liaizon as long as I get #NomadicIdentity I’m good. I don’t need the fediverse to be a reliable storage of my data; that’s what my website/blog is for.
I think of my fedi posts as letters I send out into the ether.
I suspect the ideal size of an #ActivityPub server to be around 100-200 people. It’s very possible to scale way past that size, though it becomes exponentially harder to do in a responsible & calm manner with every 10x 100x 1000x multiplier of co-tenants.
Let’s not fight our current state of evolution as a tribally oriented species. We don’t make very good hive-minds of our collective consciousnesses yet, but the #opensocialweb glue of the #fediverse will get us there eventually.
@laurenshof for me specifically, the 150 people is everyone involved in a ‘social enterprise’ project.
Using that server as primary host (although I’d love for that not to be a big deal with the introduction of #nomadicidentity ) makes sense to anyone whose content is primarily regarding that project.
In any case, solving for 5 vs 200 users is roughly the same thing as far as technical design constraints go.
The real sticking point in implementing portable accounts/ nomadic identity in the ActivityPub branch of the #fediverse - like what Zot and AT Protocol offer - is its implications for how moderation works.
"The hard part however, is the social one: we collectively need to agree that the identity resolution layer is infrastructure and not somewhere moderation actions should take place."
All these talk about #BlueSky and complaints about #Mastodon this, #ActivityPub that, #Fediverse this, and #Decentralisation that, are mostly questionable(?) since many haven't seriously looked around the fediverse. It's like saying burgers are bad because you've tasted McDonald's yet there are better burgers from #Jollibee.
The problem stems from the fediverse ending up unofficially represented by a very limited-feature software and most are not willing to do their due diligence (one would think they'll check out the forks at least). Before championing about the new kid on the block, before claiming that the fediverse is this and that, look around first.
What you've known as the fediverse, so far, is only based on what happens to be the software with the least feature set. Mainline Mastodon will get better, but it is what it is currently, as far as comparison with similar fediverse projects.
No one is saying you are not allowed to complain, just look around first before you make claims about the fediverse.
Also, no one is saying #ATP shouldn't exist. By all means develop it! Innovation and improvements come from seeing ideas come to fruition instead of staying as theories. Having different branches of development is better than getting stuck in one particular way of doing things, or line of thinking. It's all good and I think anyone will agree it is much welcomed.
Here's a #challenge: Since you have time to research a non-fediverse network, why don't you explore what the fediverse really has to offer, with the same effort and enthusiasm? Mastodon is not the fediverse, so you can not judge the fediverse based on it. That's like saying China is Asia, and you judge Asians because of mainland China.
Take the challenge, then publish the results of your journey. Good evening, and Shalom!