I find this news disconcerting coming from such a large instance so early on. Many of the criticisms of Lemmy I’ve been fighting against on Reddit have had to do with defederation and the possibility of getting cut off from your favorite communities on your main account. I handwaved that away as being extremely unlikely save for the exception of NSFW or extreme political content. But this news has taken me quite by surprise. Perhaps I should have seen it coming given the community Beehaw is trying to foster.
This really makes me wonder what will happen to instances that make this decision. Will their communities diminish in favor of the more accessible ones? Will this decision hurt Beehaw in the long run? What does this mean for the Fediverse in the near future when fighting against its detractors has been such an uphill battle?
Thoughts?
This kerfuffle is not only hurting Beehaw, but also Lemmy as a whole, and even Kbin. Before Kbin’s cloudflare stuff, my Fediverse news feed experience was fantastic. Being able to read, post, and comment from anywhere is a really neat feature, and I’ve since found that I can post to Lemmy communities from Mastodon. Now we’re back to splitting everything up again.
Hot take: I think Fediverse won’t truly take off until logins are decoupled from instances. Get rid of the unique logins per-server and it won’t matter where you go, how active a server is, or who has a grudge against you for whatever reason. You’ll lose access to a space, sure, but you won’t have to move to another server and create yet another account on someone else’s server with no guarantee that you can remove or export your data…
I wonder how separating logins from instances would work from a programming standpoint. People’s accounts need to be hosted on servers somewhere, so it raises some really interesting questions when the topic of defederation and drama like this comes up. For example, the Beehaw admins are running a server somewhere. If we decouple accounts from instances, then my assumption is that we’re randomly assigning accounts to servers. So that leads to the possibility of the Beehaw admins hosting an avowed fascist on their server by the design of Lemmy as a whole. I’m sure they would probably take issue with that. Beyond that, who has the control to ban spam/abusive/illegal accounts from the platform as a whole? If someone is going around posting child porn or something else illegal, surely we need to have a way to remove them from all of Lemmy. If it’s the server owner where the account was assigned then that raises some really weird questions about their control.
Another theoretical structure for this would be having two types of servers - user servers and community servers. Then users can still choose their server admin, but it would be divorced from any restrictions a community server puts up against other servers. But then what happens when an avowed fascist creates their own user server and won’t ban troubling accounts? Then that raises questions of whether a community can ban a user server, which kind of brings us back to square one…
We almost had decentralized logins with OpenID. I remember the push. It started seeing more widespread usage in the spaces I visited at the time, and even Google is/was an OpenID provider. Facebook and their “Login with Facebook” nonsense took things backwards when other vendors wanted to be a
data trackerlogin provider, also.With the ban evasion scenario you mentioned, having something like OpenID would give you an immutable ID number that can be used anywhere. Bans and blocks would go according to that ID, and evasion would require a new account. I think that would be a good middle ground for data privacy. It does make law enforcement’s job harder, though. Which does take us back to square one when it comes to removal of content, especially illegal content.
I am actually reaching the end of my knowledge on the subject in the following, so if anything after this is flat-out wrong with the technologies listed, I’d love some corrections.
If we go purely theoretical with existing tools, a blockchain would ideally assign those unique IDs. That’s a username and account creation date. GPG to sign each request (the second factor), and the entered password with the signature would decrypt an encrypted blob on IPFS with the requested information, similar to how Storj DCS stores data in encrypted buckets. Enter the wrong password, you get an empty bucket. Password recovery becomes an issue at that point, but one really should be using a password manager, passphrase, or hardware key these days, anyway.
Or use it as a feature and increase overall privacy by using a different password for each unique data blob shared with a service you’re authenticating with. It won’t matter, because your ID won’t change. For law enforcement, that does make things exponentially more difficult, maybe if you store the successful login attempts on the blockchain with the metadata that they claim to obtain from companies, it might work? There does have to be a balance between transparency and privacy.
A blockchain does seem like overkill for that, though. Having a unique Username might be good enough, since you don’t really want to have multiple users with the same display name anyway. Otherwise, things might start getting a bit confusing, especially if they’re both in the same instance.
Feels like a simple method would be a login provider that is related to the government. The gov have the best way to identify you and prove that you are who you are. That’s how you would get one unique ID that cannot be evaded by simply creating a new account.
Although, if you get banned from a community, there would be no way to get back in it because your gov id would be banned. Maybe the ban appeal could be more official instead of a letter to a random mod and hope you get an answer, hell, why not judiciarice the whole ban appeal thing so that you do have real recourse if you ever get banned for no good reason, a bit like when you get fired from a job.
Food for thought…
Although you end up having new issues with trying to sync up the user accounts across the list, and username conflicts, never mind a small server possibly having to keep up with a big list of users. Lemmy already has issues where the registration process will silently fail if the name you’re trying to register isn’t available, with no more indication than a throbber that just sits there and spins forever.
Maybe something like how Lemmy does communities? A user can first register from a server, but the account gets shuffled around if they join another community.
It won’t take off yet because it is still in it’s infancy.
Don’t expect this to be a full on Reddit replacement or Reddit like experience because Reddit has existed for 15 years or so.
Things will grow, mature and get better the more people use the platform.
Either that, or allow a really easy fediverse wide migration ability. What’s wrong with KBin and CloudFlare?
I want to clarify my position before going into the rest of this - I like Kbin the most because it feels much nicer as an end-user.
There’s nothing wrong with Kbin and Cloudflare. The Cloudflare issues prevented Kbin.social from federating properly with Lemmy instances, harming its potential growth and community reach. Due to those federation issues (which only got resolved last night on .social it seems), I’ve had to make 3 more accounts on 3 different servers (fedia, lemmy.ml, and blahaj) in order to get the experience that I had a few days prior with only this account and a kbin.social account. That’s 4 server operators that have my information in order to access two services, instead of just the one. I’m kind of done with that.
There’s likely going to be another reddit migration in two weeks when the bigger third party apps officially shut down, which means I’ll have to juggle websites again when shit starts breaking under load. These issues in my opinion, are a deal-breaker for many people, including myself. I’m tolerating it for the time being because I spent almost 15 years on reddit, and they deserve their Digg moment.
why lemmy.ml and blahaj? Aren’t they the same federation-wise?
undefined> why lemmy.ml and blahaj? Aren’t they the same federation-wise?
They are identical as far as I know. I went to blahaj first because it was smaller and the page loaded faster than .ml at the time of registration. There was a period that I couldn’t see anything from .ml on blahaj or Kbin but could from .world and couldn’t pull anything from .ml when searching so I registered there in case they defederated.
Also, you show up as “undefined” when I direct reply to your comment. Not sure if this is a bug.
undefined> Also, you show up as “undefined” when I direct reply to your comment. Not sure if this is a bug.
This always happens here as well, when I cite some text from a comment. Probably just one of the many bugs.
The closest thing to login being decouple is hosting your own instance.
A universal login system would be either:
An absolute nightmare of security
Or just a centralized service with extra steps.
The fix to the issue here is just implementing account migration.