this post was submitted on 09 Jun 2023
3 points (100.0% liked)
Lemmy
12576 readers
2 users here now
Everything about Lemmy; bugs, gripes, praises, and advocacy.
For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
We need to build some kind of SSO that allows Lemmy users to authenticate with the same account on any instance, but will appear as if you're still using the instance you registered on. That way you could just login to another instance if your 'home' instance goes down for whatever reason.
https://github.com/LemmyNet/lemmy/issues/2930
I like the sound of this, just unsure how this would be able to authenticate an account on behalf of a home instance that's down, in a trustworthy way.
I'm not familiar with the inner workings of Lemmy and the Fediverse, so the following is based on similar implementations I'm familiar with...
SSO implementations usually require the website the user originally registered on (home instance) to confirm the account is real and authenticate it, and in most cases a new user account is automatically created using the SSO authentication details (this would prevent the user from appearing as if they're using their home instance).
To achieve what you want, I think we'd need some kind of way to export the user account and any signing keys used to prove the user is who they claim to be in the fediverse, and then re-import those to another instance. I'm not too sure if SSO would be able to achieve it if the home instance is down.
On the flip side, I'm pretty sure SSO with a Lemmy instance that is active could work. While it would bring a lot of benefit to less tech-savvy users, and a lot of convenience to us when we're given a threadiverse link to another instance, from a technical perspective I think that would be a challenging implementation. Users would need to be careful about having their credentials phished on a malicious instance too
Since we're a decentralized federated network, it would stand to reason that the SSO implementation would also be so. Maybe something built on top of DHT shared by every instance, which just stores user key hashes to verify they are who they say they are. That way there would be no issue with central authentication authority and all instances will go by the hash table for user auth.
Quick check and here's what mastodon has been doing on the issue https://github.com/mastodon/mastodon/pull/16221
> Federation means it’s almost meaningless which instance you register with, and as integration between instances and other Fediverse apps gets better it will just become more and more meaningless.
IMO, this couldn't be further from the truth. Different communities have different priorities, principles, and technical requirements, and will take different approaches to controversy. Some communities are low-profile and laid back. Others are magnets for abuse and may require additional moderation, and even technical changes, like disabling image embeds (as one example) to mitigate harassment. Some are filled with avid shitposters, while others insist on the utmost degree of civility. Some have advanced requirements for operational security. Some want to protect broad access to the network at all costs, while other would rather accept a couple blocks rather than ban their own members. Some might be focused on video and require an instance that can handle the additional bandwidth and storage requirements.
Who hosts your instance is important. The jurisdiction your instance is housed in is important. If a community requires special accommodations for accessibility or other reasons, that is important. If you need moderators / admins who understand your native language, that is important. If an instance wants to go above the technical level and do things like verify users (kinda like journa.host) that makes an important distinction from your typical instance.
In the beginning, we won't know who's trustworthy, but this is the Internet. There will be controversies, and we will see how various admins respond to these controversies. Over time, they will gain reputations, both good and bad. It is best if somebody who already has a good reputation, like a respected mod from another community is able to operate the new home for that community.
For now, it probably doesn't matter where you end up, but as time passes, it is good to keep an ear to the ground and see how things develop. Eventually you will find a solid niche. This is a problem even the fanciest join-xyz-fediservice website can't really solve, but it is meaningful.
The one thing that I don't like is that you can't change your home instance. I signed up for Lemmy without knowing anything about it, and I mean I knew absolutely ZERO about how it works. Therefore, I just clicked on a random instance because I didn't even know what an instance was, and I signed up. So what if I joined the wrong one for me? What if it turns out to be shit? I Guess I could just sign up for a different one with a different login, but wish there was an option to jump to a new one with your same login if you wanted to.
For now, if it turns out to be shit, you can just join a different instance. Perhaps leave a note in your old bio which directs people to your new account.