Skip Navigation
YSK: Your Lemmy activities (e.g. downvotes) are far from private
  • Aye, my proposal was a trade off between privacy and convenience for non technical users ( it's only as bad as a non federated social media site).

    The best balance here would be a client on the user device that manages the keys for you, and an API in lemmy for accepting and sending encrypted messages.

    As a side note, I thing PGP is more or less superseded by AGE

  • YSK: Your Lemmy activities (e.g. downvotes) are far from private
  • Tbh it would be trivial to just salt and hash the usernames (for keying the votes), no need to encrypt or involve the users password. The salting and hashing would be handled by the users home instance ( which presumably the user trusts ) so building a rainbow table would be non trivial for an attacker ( assuming the home instance keeps its salts secret ).

  • Do you guys think this is the start of something bigger?
  • I feel like there is a higher barrier to entry for lemmy, it needs to be lower friction in the sign-up process, people don't want to have to work out what instance they should sing up to to make an account!

  • InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)WA
    Waltzy @lemdit.com
    Posts 0
    Comments 7