• RobotToaster@mander.xyz
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    1
    ·
    9 months ago

    Given that the admin of any instance with a single approved follower can see the contents of the community, this idea feels like placebo privacy. The false sense of privacy could be counterproductive.

    The only way I can think to federate with something resembling true privacy would be to use PGP or similar. Encrypt the data with the user’s private key, send it to and store it on remote instances encrypted ,and decrypted in JS on the user’s computer. That would require users to mange private keys which they would no doubt lose, and be a lot of work for a pretty niche feature.

    • Die4Ever@programming.dev
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      9 months ago

      And then a user copy-pastes all the content onto pastebin or something lol

      I guess the more important part might be only allowing posts/comments/votes from actually approved users, this should be good enough for that purpose

      Anything more than that just use a local-only private community

    • starman@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      9 months ago

      Or maybe let’s name the feature restricted community or something similar, instead of private community, to not make that fake sense of privacy

      • ElectroVagrant@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        9 months ago

        I think this would likely be the simplest solution and is worth considering especially since similar concerns have been raised with Mastodon over their naming of messaging specific people (“private”/direct/mentioned only/etc.).

        Exclusive may be another good term instead of private.

    • modulus@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      9 months ago

      I can think of alternatives. For example, the server could keep the user’s private key, encrypted with a passphrase that the user must have. So key loss wouldn’t be an issue. (Yes, passphrase loss might, but there are lots of ways to keep those safely already, compared to key material which is difficult to handle.)

  • maegul (he/they)@lemmy.ml
    link
    fedilink
    English
    arrow-up
    3
    ·
    9 months ago

    Awesome to see!

    Can’t help but think that there’s gotta be a relatively straight forward to hack this over ActivityPub though? I’m not over whatever security there is in the protocol, so that likely does not mean much at all.

    But how hard would it be for a server to convince a normal lemmy instance that it is doing all the right things in terms of following/subscribing to a private community when it’s actually displaying it publicly?

    For that reason I wouldn’t be surprised if some would prefer, for the sake of caution, to run a private community in local only mode too. Not that a federated private community isn’t useful … it totally is, even if there is a risk.