so beyond the Mastodon developers' apparent nonchalance re: user privacy, it also kinda grinds my gears that your identity is tied to a single instance

like, is there any barrier barring a sysadmin from completely taking over a user's account? it seems like that would be a pretty big security consideration for a federated social media platform 😐

· · Web · 1 · 1 · 3

I guess the "right way" to do this is to have some sort of PKI that authenticates twoots coming from an account and makes it possible to publish an account change announcement (or whatever the right terminology is for the Mastodon API) after a takeover has happened

which introduces its own headaches, to be sure, but if it's an optional feature then I don't think those issues are any worse than allowing each instance's sysadmins to run amok?

Sign in to participate in the conversation

A collective effort to offer federated social media to anarchist collectives and individuals in the fediverse. Registrations are open. is made by anarchists and anti-colonialists, for the social movements and for liberation!