this post was submitted on 09 Jun 2023
333 points (99.4% liked)
Lemmy
12572 readers
2 users here now
Everything about Lemmy; bugs, gripes, praises, and advocacy.
For discussion about the lemmy.ml instance, go to [email protected].
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It feels like user accounts need to be abstracted away from instances somehow. Federation means it's almost meaningless which instance you register with, and as integration between instances and other Fediverse apps gets better it will just become more and more meaningless. It should be possible to just "Join Lemmy" and have the servers behind the scenes handle spreading the load. You should be able to login to Lemmy from Beehaw.org or Lemmy.ml or any other Lemmy instance. The way it works at the moment is kind of like content is global but accounts aren't and it feels like it should be the other way around?
We need to build some kind of SSO that allows Lemmy users to authenticate with the same account on any instance, but will appear as if you're still using the instance you registered on. That way you could just login to another instance if your 'home' instance goes down for whatever reason.
https://github.com/LemmyNet/lemmy/issues/2930
I like the sound of this, just unsure how this would be able to authenticate an account on behalf of a home instance that's down, in a trustworthy way.
I'm not familiar with the inner workings of Lemmy and the Fediverse, so the following is based on similar implementations I'm familiar with...
SSO implementations usually require the website the user originally registered on (home instance) to confirm the account is real and authenticate it, and in most cases a new user account is automatically created using the SSO authentication details (this would prevent the user from appearing as if they're using their home instance).
To achieve what you want, I think we'd need some kind of way to export the user account and any signing keys used to prove the user is who they claim to be in the fediverse, and then re-import those to another instance. I'm not too sure if SSO would be able to achieve it if the home instance is down.
On the flip side, I'm pretty sure SSO with a Lemmy instance that is active could work. While it would bring a lot of benefit to less tech-savvy users, and a lot of convenience to us when we're given a threadiverse link to another instance, from a technical perspective I think that would be a challenging implementation. Users would need to be careful about having their credentials phished on a malicious instance too
i'd also be worried that some corp would try to take control of the centralized sso mechanism and thus control the user base. imho we must avoid the instinct to centralize anything.
but potentially maybe there's a federated directory where people could register and be assigned a server to do load balancing to key problems like lemmy.ml are experiencing (?)
Since we're a decentralized federated network, it would stand to reason that the SSO implementation would also be so. Maybe something built on top of DHT shared by every instance, which just stores user key hashes to verify they are who they say they are. That way there would be no issue with central authentication authority and all instances will go by the hash table for user auth.
Quick check and here's what mastodon has been doing on the issue https://github.com/mastodon/mastodon/pull/16221
it's like email. You need a server somewhere to hold your inbox. They should make an easy way to migrate your user to another instance, though.
Some kind of aliasing
The ability to redirect your profile link to your new profile when you switch instances would be nice too. A sort of "inbox-forwarding" option, to continue the email metaphor.
IMO, this couldn't be further from the truth. Different communities have different priorities, principles, and technical requirements, and will take different approaches to controversy. Some communities are low-profile and laid back. Others are magnets for abuse and may require additional moderation, and even technical changes, like disabling image embeds (as one example) to mitigate harassment. Some are filled with avid shitposters, while others insist on the utmost degree of civility. Some have advanced requirements for operational security. Some want broad access to the network, while other would prefer a quiet corner. Some might be focused on video and require an instance that can handle the additional bandwidth and storage requirements.
Who hosts your instance is important. The jurisdiction your instance is housed in is important. If a community requires special accommodations for accessibility or other reasons, that is important. If an instance wants to go above the technical level and do things like verify users (kinda like journa.host) that makes an important distinction from your typical instance.
In the beginning, we won't know who's trustworthy, but this is the Internet. There will be controversies, and we will see how various admins respond to these controversies. Over time, they will gain reputations, both good and bad. It is best if somebody who already has a good reputation, like a respected mod from another community is able to operate the new home for that community.
For now, it probably doesn't matter where you end up, but as time passes, it is good to keep an ear to the ground and see how things develop. Eventually you will find a solid niche. This is a problem even the fanciest join-xyz-fediservice website can't really solve, but it is meaningful.
The one thing that I don't like is that you can't change your home instance. I signed up for Lemmy without knowing anything about it, and I mean I knew absolutely ZERO about how it works. Therefore, I just clicked on a random instance because I didn't even know what an instance was, and I signed up. So what if I joined the wrong one for me? What if it turns out to be shit? I Guess I could just sign up for a different one with a different login, but wish there was an option to jump to a new one with your same login if you wanted to.
For now, if it turns out to be shit, you can just join a different instance. Perhaps leave a note in your old bio which directs people to your new account.
yeah agree with you here. i was explaining this concept to my other half who doesn't understand tech but did say this approach makes a lot of sense.
User accounts can be independent of anyone else's instance. You just have to host your own.
But it's always going to be much more convenient to register your account on someone else's instance, than to set up your own. Even if instance setup was made to be as effortless as possible, and single-user instances were made to be as lightweight as possible, say you download and run a single binary onto your computer that runs a lemmy instance and everything is automatic from there, most people still wouldn't want to do that.
The idea that you should be able to log in to your account from any instance is...less practical than you might think.
The technical reasons why are hard to boil down into an easy explanation. But the very short version is that everything comes with pros and cons. Doing it this way makes it a little less convenient for users, and a little harder to make a good UX for. Doing it another way could make it more convenient, at the cost of making it very easy for a bad actor to do things like post fake content under another user's name, or could add inconvenience somewhere else, like making it so that users have to manage a private key instead of or in addition to their username and password.
I do think there's room for improvement, but I think the overall idea of logging in and interacting with content specifically via the instance you're registered with is ultimately very unlikely to change.
It would also be cool to be able to not have communities be locked to where they're created or at least make them mobile.
I’d like to see a live replication kind of thing. So if you’re on [email protected] it can merge with [email protected] and they super federate and advertise that this group exists, replicated, on four or five lemmy servers and the client tracks that every X hours and knows what the failovers are.
Solves some of the fragmentation issues and the backup/archive issues at the same time. Might even help with load balancing a bit if we have some kind of routing algo on the endpoints.
I think the best option to bridge the gap between nearly identical communities on different instances (and even the same instance) would be some kind of post tagging.
Say you post something on lemmy.ml/c/piracy but has to do with bittorrent or something. The original post can get a piracy and bittorrent tag that you can click on that to see all posts across instances with that tag. Kinda like hashtags and such on mastodon work, but on lemmy.
The thing about reddit clones is I think they try to be too much like reddit. The best thing about leaving reddit and starting new platforms is that they can really be anything the community wants it to be.
This is something that made me stop using Mastodon, too many instances with bad method of connecting them. I'd much prefer that instances aren't seen to the user (I wouldn't mind somewhere with the text "this community is hosted by X on server Y"). But seeing @username@instance is weird and many Reddit refugees won't have any idea what does it mean. I mean, the concept of federated network is complex already.
I've also encountered a lot of bugs in my short time of use which I'd like to see fixed, but I'm not sure where can I report them, or to see if they are reported already.
https://github.com/LemmyNet/lemmy/issues
Thanks!
Noo. Instances are responsible for moderating their users because if you have bad users all coming from one instance then you’ll get defederated, but instances will also defederate each other when drama happens.