WHY PRIVATE MESSAGING OMG. That's fucking awful. Nobody needs E2EE haphazardly slapped on the protocol for a false sense of security with private messaging. You want encrypted private messaging? Go to literally any other platform fedi is not the place for that. I am actually pissed, there's no way in hell that I would want to administrate something like that. I have seen countless examples of Matrix home servers going wrong within this community due to a lack of moderation tooling. We're not talking just a couple racists we're talking about child sex trafficking, csam distribution... Ugh. That pisses me the fuck off. Rich text posts are a nicety to have, I'd really like for things to adopt markdown and not mfm (fuck mfm imo it's okay but it's not a markdown and it's definitely not something that's viable long term. it's a gimmick). I guess I missed their "mission" page. Now I'm even more furious, because none of this is going to help the fediverse be widely adopted.

We are at a turning point. Running an instance is a lot of fucking work, we lack moderation tooling (yes, every software currently out there has some sort of flaw when it comes to mod tools. Akkoma has some bulk moderation tooling but is also lacking in other areas). The last fucking thing we need is encrypted dms to be used as a tool for harassment. We already suffer enough with how you can't disable replies in a post. It is awful that this is used as a vector for harassment in combination with setting visibility to restricted modes (such as follower only, so that only the original author can see the bigoted comment and the fanbase of the bigot can also jump in). What the fuck were they thinking? This is some actual shit. Fuck .

this is horrid. I am so glad I defederated them. Fuck that. All of it. This is not the type of "help" administrators such as you and I need. What we need is the ability to have legal counsel, something like the EFF to represent us. There’s so much unknown legally about having a fediverse instance. Starting with things like the media proxy. If it’s on your domain but pointing elsewhere is that still you hosting the content? This is important in places like Germany in which federated media can contain hate symbols such as swastikas. How about things like the requirements for running adult oriented communities? Of course they’d never touch on that. Meta and Automattic just ban them outright because it’s too much work. How about things like working on the underlying server implementations?

I have drafted gitlab issues that touched on major problems within the fediverses' current implementation far more useful to read than whatever this shit is. activitypub.software/TransFem-… Right here. Right fucking here. How about instead of implementing E2EE we standardize rate limit headers for fediverse software so that instead of literally exploding instances with THOUSANDS OF REQUESTS at once we maximize throughput by using a leaky bucket abiding by the ratelimits given. That would do so much more than any of these other shitty proposals to the network. Talk about fixing some federation issues, and making it easier for smaller instances to federate media and other stuff without being overloaded to death forcing operators to move to hyper scale level hardware to run a small 100 user instance. Jfc. It is actually horrifying that I have given more advice to the fediverse that starts the ball rolling on conversations than the SWF such as talking with @hazelnoot@enby.life about server side modules and getting iceshrimp.NET to implement them. Fuckkk I hate this

How about we brainstorm a way of doing signatures in a way that allows each instance to act as a relay. If I am on instance A, I write a post my instance has to send it out to B & C. If C is in fucking Europe, while B is on the coast a lot closer to Europe than me in Central US... why can we not just have my instance send a post to B, and B forwards it to C to minimize latency. I get that what you want for this to happen is an initial key exchange. ie instance A talks directly to instance C to exchange keys so C can verify the notes have not been modified or altered during transit... There's so many things about the fediverse that need to be addressed in order to reduce the large amounts of traffic between instances. I get that is a hard problem to solve, I have talked about this with other people but you're looking at MULTI BILLION DOLLAR INTERNATIONAL CORPORATIONS so if anyone has the money to shove towards an entire dedicated team of cryptographic researchers to accomplish this it would be them.

No, of course we're going to just get fancy markdown nobody asked for. I can display Wordpress blogs perfectly fine. I've seen the blogposts, they render in my client absolutely fine. Sure they're a bit long, but they don't just break my instance or my client. God forbid we look at things like shared inboxes (TO THIS DAY NOT EVERY INSTANCE SOFTWARE SUPPORTS IT!! THIS WAS SUPPOSED TO HELP REDUCE NETWORK TRAFFIC TO MORE MANAGEABLE SIZES). my god there's so many much low hanging fruit even prior to big alteration to how instances federate. you don't have to sit there hiring a team of cryptography experts to implement basic rate limiting on /inbox. content moderation tooling is something you can provide via a variety of ways. One of which... @hazelnoot@enby.life made a program that attaches to the database called "modshark" and it's used as our automod. I am writing a C# library for misskey api with the emphasis on client development & a bot framework (as additional optional dependencies you can install) to help make mod bots and other contraptions. this is awful.

im not sure you'd really get much out of relaying. discovering which instances are online and their ping between each other would be immensely complex and fragile, and the benefit of 100ms faster inbox deliveries isn't that appealing when job queue delays can be more than that. it also partially breaks the only moderation tool we really have today (defederation) in allowing defederated instances to see our public posts

I mean, the way to deal with job queues is ratelimiting. Right now we just have exponential backoffs but then they're limited so you end up with the same problem of like oh, the instance gets hammered 9 hours later. Meanwhile if you had instances abiding by each other's rate limit (instead of literally FLOODING requests until they get 429 or another status) you remove that burst of traffic and turn it into a trickle of manageable traffic.

hence why there is not a gitlab issue written by me about the relay stuff (because i think that is not really necessary) and more about the rate limit, shared inboxes and other approaches to minimize load. we also need to consider that at scale, cryptographic operations do start becoming expensive as you run out of entropy for generating keys (we have what, 30,000+ instances in the fediverse and that number is only going to grow)

Like we're already testing our luck with TLS on some of these instances that easily get >10,000,000 AP requests per day.

@puppygirlhornypost2 @erincandescent @mia @hazelnoot I don’t think that’s a particularly big issue?

cryptographic RNGs don’t just run out of entropy because they get reseeded periodically. this happens automatically [ref: docs.openssl.org/1.1.1/man3/RA…].

the cpu time for TLS/pk ops, sure, that’s a concern. but not that

honestly, wrt e2e, I’m more concerned that we’re going to get a design that’s objectively worse than soatok’s well thought out draft.

soatok.blog/2024/09/13/e2ee-fo…

@puppygirlhornypost2 @erincandescent @mia @hazelnoot holy shit just give soatok $250,000 to spend a year doing this.

like. do we want matrix. I suspect we’re just going to get “Messages can't be decrypted by receiver (session key missing)” social whatever foundation edition, now with more Automattic Matt funding

it depends on the hardware. Modern hardware? Sure that’s not a problem but older hardware does tend to run out of entropy faster than it can replenish it. Of course the last time I heard this being an issue was like 2014 so

so it’s literally just misinformation stemming from behavior encountered on a poorly written implementation. got it. I figured that was the case because I would have hit it when we got spikes of traffic in those numbers due to scrapers molesting our instance. But also to be fair, there exists the concept of long lived http connections that handle multiple requests, we are not talking about each individual request being its own tls negotiation. So for all intents and purposes even if there was entropy depletion, we have resources to mitigate it. you can also just use hardware rng such as cesium sources or whatever the fuck are in those accelerator cards apart from broken promises (do people actually use the TLS accelerator cards I feel like those are a meme)

okay, that is fair I was forgetting the pure amount of requests a certificate authority would be under (from cert renewals to other things).

I would hope that they have safeguards in place considering they’re one of the biggest certificate authorities