[Re-listening to the Silmarillion awakens in me the desire to be creative]
Are there many designers here? I'm sure there're some although I haven't found many yet.
Since whole interface concepts require a lot of time and energy, I shall post under this tag small features that could be. The ones I'm too shy or too lazy to submit as issues. :)
To open closed doors, I shall start with keys.
Many users here cram in fingerprints and post external links. Yet if one uses Fediverse daily, why send me to Keybase, why not encourage me to grab their public key directly from the social profile one uses most often? Uploading it would take a second.
@lightone Having a convenient way to sign and verify posts with PGP would be so great.
@alex they are. But it is a server-side key, which only provides internal authentication.
What I mean is, 'your', client-side PGP key.
@alex yes, the private key should be stored client-side.
Uh... What exactly makes you think of this network being entertainment-oriented?
@alex that's the thing about options: if you don't want, you don't have to.
One of the most frequent criticisms to the Fediverse is that it lacks a proper identity verification process.
Relying on the established PGP process and infrastructure is THE way to solve it without having to resort to central authority, in my opinion.
My idea was much less ambitious - adding the ability to upload public key(s) and conveniently share them (keeping them up to date would be on the user). That way I could grab your pubkey any time (quickly, easily, no need to go anywhere) and perhaps be encouraged to send you a private direct message.
This looks cool!
One of the reasons people post fingerprints instead of full keys is that for non-trivial setups the key would have to be updated frequently. For example each change of expiration, adding or revoking subkeys would need to be propagated to the server manually. Unless they implement some kind of sync or have a keyserver endpoint (this is basic HTTP post) to update the key from the command line.
There is also some overlap with the Web Key Directory protocol that is now ubiquitous among OpenPGP software (e.g. GnuPG and ProtonMail support it). It maps e-mail to keys, e.g. gpg --locate-key firstname.lastname@example.org would fetch the key from the following URL: https://kernel.org/.well-known/openpgpkey/hu/pf113mfnx1f3eb1yiwhsipa91xfc7o4x?l=torvalds (WebFinger handles are similar to e-mail addresses).
(More details at https://metacode.biz/openpgp/web-key-directory ).
Oh, btw, I did an alternative to Keybase but decentralized: https://metacode.biz/openpgp/proofs demo: https://metacode.biz/openpgp/key#0x653909A2F0E37C106F5FAF546C8857E0D8E8F074
@wiktor What you're saying is true! Perhaps my layman's assumption that for many users frequent updates won't be needed... is wrong. Then again, people don't always update info on keyservers either. But people seem to take more care in updating their social network's profiles, somehow =) In fact, this very issue of a Fedi user linking to server which did not happen to have their key (was deleted, the user didn't realize it) is the reason why I thought of this interface addition.
@aspie4K Thanks! This idea came before Mastodon's main dev announced future plans to add E2EE to direct messages. If/when this happens, this idea will probably be outdated. Although, since some people continue using PGP, I still think it might be useful to have an input in Mastodon specifically for some public key or similar (long) information that doesn't fit nicely into the profile fields.
@mike Were the private keys saved on the server side in that implementation? For it's unlikely we shall ever see the day when all will have their own hubs. I gave up on the idea of federated networks "private out-of-the-box". Too complex, relying on too many factors (implementations, addons, etc). But if some people still like to use pgp for creating messages (locally) and then exchanging them inside Fediverse, I see the benefit in making the process (of key exchanging) more convenient for them.
@mike Interesting! A pity I was not in Fedi when RedMatrix was in use. Well, we can't have reliable E2EE in federated environment, but we have other small improvements over centralized public networks :)
@mike This is not now part of master branch? Or else I can't find what I'm looking for in Settings (top left). Since explaining the shortcomings to a grandmother would be a challenge, I'd still regard Fedi as mostly public. Must admit what interests me in Hubzilla right now security wise is 2fa :) The last time I checked (at the time of Friendica adding same feature) the respective addon in Hubzilla seemed to have an issue (https://framagit.org/hubzilla/core/-/issues/1344) and was disabled on the hub I use.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!