My comment on the #mastocensus Vis mer
https://gnusocial.de/url/3066817
@vinzv @NathanHawks @schestowitz I frankly think identities should be transferrable between instances. I mean, it sort of isn't terribly relevant to me what instance my friend is on. I just want to stay in touch with my friend.
@vinzv @NathanHawks If you look at how blockchains like STEEM do identity, they basically generate your private keys in the browser with JS based on your passphrase, which the server never sees.
@NathanHawks @vinzv I can't answer that. I mean, the two biggest players in that market are Chromium (with V8) and Firefox (with SpiderMonkey). I'm not sure what you mean by "trustworthy".
@thor @vinzv I didn't suspect any of them were open source, but I knew it was a gap; stupid question slightly confirmed but not completely.
Chromium and Firefox = Google and Verizon using open source buzzwords and methods to crowdsource part of the dev team for enterprise products we don't get to see.
These are global megacorps who've proven many times to have our worst interests in mind, yet we trust them so easily here because things *can* be scrutinized.
Browsers get too much trust IMO
@thor @vinzv
Otoh I'm always heavy on considering unintended consequences of so-called edge cases because I tend to live my life in those edge cases
But hey, you brought the topic to me and I don't even know why; I was talking about protecting user content from temperamental instance admins and then this started showing up in my mentions ;)
@NathanHawks @vinzv It came up because I tend to propose very tangential solutions to problems instead of thinking incrementally.
@vinzv @NathanHawks "Let's drop everything and do this in a completely different way." is pretty much my mode of existence.
@thor @vinzv
It's important to have people describing problems and designing solutions from that perspective to an extent so we don't lose sight of the sky, but the distance to that fancy can be lost in translation and it can lead people to feeling they "need" something they can't have yet, so it's also important to be willing to bring it back home ;)
@NathanHawks @vinzv In this case, I was thinking maybe one could do something with signatures via ActivityPub, and have some kind of "I'm on this instance too now" kind of signalling mechanism.
@vinzv @NathanHawks Feeling a need for something I can't have yet? Gee, can't say I've ever experienced that before... 😉
@NathanHawks @vinzv When you post content on Steemit, your browser signs it with your key. Mastodon is federated and more power rests in the hand of the instance owners. I always felt that instances shouldn't have more power than merely allowing you to access and submit content. Who says the instance needs to have the power to sign messages on your behalf? That's actually very old fashioned.
@vinzv @NathanHawks If an instance wanted to refuse content, it could still do that, but it wouldn't own your identity.
@NathanHawks @vinzv I feel that what many of the blockchains are doing is basically making cryptography user friendly, something the usual Internet standards process completely failed to do outside of TLS. It's about putting power in the hands of the user. There's a lot to learn from examining the technology behind something like STEEM or BitShares.
@thor @vinzv
Interesting going forward but in the short view which browser has both user-pleasing features and a trustworthy opensource JS core? This may be a stupid question