• @OpenStars
    link
    English
    512 days ago

    Oh that sucks. Tbf the entire concept of the Fediverse is an enormous security nightmare regardless: someone was telling me how a person could spin up an instance and share a picture also served up from their machine, then maliciously correlate the incoming IP addresses from the latter of people who viewed it vs. make interactions (voting or comments) in the former to identify you irl. But at least that takes some technical effort, and there seems no reason not to put additional obstacles up to make it harder.

    Unfortunately the Lemmy developers seem to have little incentive to add features that are primarily for Westerners who e.g. don’t agree that an authoritian admin and/or mod is always correct regardless of the facts. And Westerners don’t seem in that much of a hurry to make alternatives - although K/MBin exists already and Sublinks is coming as well. If we want better, we would need to put in the work to make it happen.

    It’s still a thousand times better than Reddit:-). Except I no longer recommend Lemmy to people that I meet irl - I can’t keep doing that in good conscience anymore, until there is an instance that defederates Lemmy.ml. Yes the new person could block many people and even whole instances, but it seems a little similar to recommending that someone use Arch Linux - like, really!? Hopefully the concept of the Fediverse will improve someday soon and I can do that once more, bc I really do want to.

    • Flax
      link
      fedilink
      English
      612 days ago

      Honestly, I think the future of fediverse advocacy for now should be recommending a specific instance and not explaining the federation part until they are using it

      • @Blaze@reddthat.comOP
        link
        fedilink
        English
        412 days ago

        It’s the present already.

        People want a URL, give them a few if they really want to choose.

        Federation should stay behind the scenes

      • @OpenStars
        link
        English
        212 days ago

        Agreed - as Blaze always says, save the why and how it works (under the hood) for later and for now just show them the goods.

        And when a major instance defederates from Lemmy.ml I will start recommending that exact instance to people.

        Or, an admin at sh.itjust.works mentioned the possibility of automatically applying a user level block to it for all new users, along with a bot message about how to remove that block. As discussed above, it would be far from perfect (e.g. someone mentions that the genocide going on in Ukraine is bad and gets hit by many downvotes with no clue where they came from bc they are not shown notifications from the people who may reply to say how it is actually good though, bc Russia is the one doing it…), but indeed it would be better than now.

        • Flax
          link
          fedilink
          English
          211 days ago

          Hard agree. A while ago, Feddit UK nearly lost it’s domain and I was a hard advocate of carving our own identity without using terms such as “Reddit”, “Lemmy” or “Federation”. Basically have our unique identity. As right now all I have told about it see it as a reddit knock-off.

          • @OpenStars
            link
            English
            111 days ago

            I would actually not go that far - I respect the devs enormously for having written the code and shared it with the entire world. If someone else wants to write new code - K/Mbin and Sublinks come to mind - then sure replace Lemmy for those instances that run that, but e.g. Lemmy.World is definitely a Lemmy and I’m okay with that.

            I’m also okay with Fediverse - should I not be? I suppose an alternative is something that implements the ActivityPub protocol, but why not the Fediverse?

            Basically I am okay with anything so long as people don’t stumble upon it unawares.

            But I do see your point that we can’t just say that we are a Reddit knockoff, even though that’s literally what we are. It should be the start of additional description. So far I call it “social media” - where people share and talk, bc that seems about right. “Link aggregator” doesn’t do much for me, and suggests more of a purpose to read news stories rather than make our own posts.

    • @Serinus@lemmy.world
      link
      fedilink
      English
      412 days ago

      An IP address alone does not identify you. It might identify your general area.

      Any other website works the same way. I can go buy a domain, set up a plain html site, and view the IP of anyone who visits the site.

      What kind of features are you looking for?

      Whoever you’d recommend is already exposed to the lemmy.ml people or worse, it’s just through Facebook or Instagram or Reddit. At least here they’re a little self-contained.

      • @OpenStars
        link
        English
        112 days ago

        I don’t go to Facebook, X, Instagram, or Reddit. Some people that I talk to irl also don’t follow social media. Why should they - what does it offer then? To those people I have been recommending Lemmy in the past, and now I don’t do that anymore. I would like to though.

    • @muntedcrocodile@lemm.ee
      link
      fedilink
      English
      112 days ago

      I think content really should be served on a p2p basis recon it would improve robustness and reduce load on servers also would stop the whole ip vote association. I believe thats how peertube serves its videos but i dont see why it can’t be extended to serve all media

      • @OpenStars
        link
        English
        312 days ago

        I presume that would have security issues of its own:-), and this is just a guess but it might look more like traffic that some ISPs may want to ban, if implemented like that?

        I haven’t done anything remotely piratey for decades but people say that there are forums that way. I’m not intending to conflate P2P with the likes of TOR that is merely one implementation of that, just saying that apparently the implementations exist.

        • @muntedcrocodile@lemm.ee
          link
          fedilink
          English
          412 days ago

          The security issues are minimised compared to havibg a centralised instance. And yeah some ISP may block/rate limit thats why net neutrality is so important.

          • @Serinus@lemmy.world
            link
            fedilink
            English
            312 days ago

            Heh, P2P absolutely does not minimize security concerns, especially of your IP being revealed.

            Remember how people got DDoSed all the time because of Skype?

            • @muntedcrocodile@lemm.ee
              link
              fedilink
              English
              112 days ago

              It means that each actor can only expose themselves to a subset (more peers less people) of the total network. As opposed to the current situation where u can collect information on more people as a singular actor. But yes you do expose yourself to the peers you connect to.