this post was submitted on 25 Dec 2023
325 points (87.9% liked)
Memes
45729 readers
892 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don't think that'd work, with Lemmy being a federated model, not a fully decentralized one.
How do you handle the actual login? Does that mean every server has access to your password hash? Or do you overhaul the account system to use something like a private and public key, with the user needing to store and transfer the private key to every device they use?
And what happens if two people register with the same username on two instances that aren't federating? Do they somehow need to still communicate with all other instances in the network they operate in, to prevent that from happening? Because the alternative I see is the login being random in some way or tied to the instance, in which case you still lose the impression of a single service.
If I'm not mistaken, right now anybody could host a non-federating Lemmy instance, if they just wanted a small private community in this style. To my understanding, that's the idea behind federation, and a founding concept of Lemmy - it's not a giant service distributed across trusted servers, but a network of smaller communities that communicate with limited trust.
There are no instances anymore with this system, it's the data hosting that's decentralized, the front-end looks like a centralized website so you would go to Lemmy.com instead of whatever instance you signed up on.
Imagine Reddit but there's no central authority and instead of using a service like AWS it's just people providing storage space and bandwidth and they can decide not to host content from certain communities on their server, but from the user's point of view they wouldn't know where they're pulling the data from.
So no, you couldn't have two users with the same username. The user database could easily be shared by all storage providers or the database could be randomly split and you would have to mention what part of the database your info is stored on when logging in. When creating your account (where it checks for doubles on the whole username list hosted on all servers) you're given a random third credential that you need to mention when logging in so the service knows which servers host that part of the user database (all info including the database would have triple redundancy).
Right now a website's data might not be stored on a single server so that's already how things work, the difference is that all the different servers are owned by the same company (like Amazon or Google). In the backend the servers communicate together to provide the data to the users so it feels like everything is hosted in the same place.
TL;DR: The best way to fix things is to make it work like it does for any other websites but to only decentralize the hosting instead of also decentralizing the communities.
Sounds like what you want basically is not Lemmy.
It also raises some pretty big issues, like who gets to moderate communities? Right now you make a community on a specific instance, you follow that instance's rules, so the instance host has authority over the community. If you disagree with the instance's rules, or with the way the community is ran, you can make a community on another instance, or even make your own instance with your own rules.
And from the other side, there need to be people with the authority to remove communities, and remove people/posts across different communities. Right now that's the responsibility of the instance hosts, to my understanding - content is hosted on a primary instance, and stored through federating instances, so the primary instance has a responsibility to keep it clean of illegal material. Who would have this power and responsibility if instances aren't differentiated? Sounds like the best case is giving trustworthy people an excessive amount of power, and the worst case is the entire network being shut down due to distributing illegal content and being effectively impossible to moderate.
You also didn't address the issue of passwords - currently it's a pretty big deal when hashed+salted passwords leak, considering those passwords compromised... The comparison with AWS is flawed - when using AWS, you're trusting them, because it's a big company with a reputation to keep. The situation seems very different when it's random enthusiasts with highly differing views, and without a central authority to verify them (though there are probably too many to verify anyways)
And you propose that anybody can join the network and receive users' passwords? On top of that, you're proposing that you need to also know the "server" your data is stored on and supply that with logging in? Sounds like a really annoying friction point for the user.
I really feel like you're approaching this from the wrong direction, suggesting Lemmy should abolish the very structure it's built on for one you'd like more, but I think it could be possible to make the experience nicer without going to those extremes.
Maybe it'd be possible to let multiple instances have authority over an account, without changing its home instance, so that if your original instance goes down, you can keep the same account. And to reduce friction from communities being made across multiple instances, some way for communities themselves to federate/combine would be nice, and is probably being considered by people smarter than me.
I know it's not how Lemmy works, what I'm saying is "There's a big issue with how Lemmy works, here's how I think decentralization should be approached instead." Having terabytes of information possibly disappearing because one person gets in a car accident on their way to work isn't an improvement vs a centralized system hosted on AWS.
Communities would be moderated by their creator, server admins could decide not to host content from any communities they don't want to host, if no server admin wants to host your community then you're free to host it on your own server or to fix the problems with it.
There's illegal content on Lemmy right now, even instances that don't want to host it need to clean up their images folder because of it, so it's not as if the way it works right now is any better for that and it's not as if there's no instance admin ready to host that content.
User credentials can be stored securely. Do you think your instance admin has a text file with your password written in plain characters?
The third credential I was suggesting is just one solution so not all servers have to have a "master database" with all user info stored, split the database and let the users know they need to remember they confirm their login through database X or Y. I'm sure much more intelligent people could come up with another solution.
Again, I feel like you're making the wrong point in the wrong place. My understanding is that you came to a project designed with the ideals of federation, and you complain that it shouldn't be federated. That should probably be done as a fork of Lemmy, or an independent competitor.
It seems to me like you're in ideological conflict with Lemmy's developers, where you see no value in what Lemmy seeks to create. That's completely fine, of course, but I really feel like you're making your case in the wrong place.
Federation does not mean terabytes of information disappearing - to my understanding, posts, comments and votes are already duplicated across the instances. What would be lost is ownership of communities/posts, and accounts created on that instance, as well as things like image posts where the images are stored on one instance.
However, if images weren't stored as links in those posts, accounts could be fully migrated, and communities could be migrated or even just federated with other communities, nothing would have to be lost.
I feel like that structure wouldn't work, just looking at how much defederation is happening, server owners wouldn't want to be affiliated with certain content at all. It did also remind me of the fact that ActivityPub is not just Lemmy - you can also interact with mastodon and kbin on Lemmy, which is rooted in the federated approach.
True, I feel like the issue only gets worse as you blur the line between different instances more, but I have no data to back that up.
I feel like you failed to address my point, that with the current security standard, data leaks are still considered a threat to your password security. Even in the best case, getting access to hashed passwords means being able to brute force it without any rate limits. Maybe I'm wrong, but you'd need to either prove that password hashes leaking are not an issue at all, or figure out a way to provide trusted decentralized authentication server architecture, or figure out a way to store the passwords where leaks are not an issue... Or give up on using passwords and require a different authentication method, like public key authentication.
It's a bit hypocritical of me, since I mentioned smarter people than me working on something, but I feel like if you're strongly suggesting Lemmy should be majorly reworked in this way, there's some expectation for you to provide a solution, not just say that somebody will figure it out.
How does what I'm talking about prevents federation? Lemmy is federated with kbin and mastodon even though they don't work the same way...
I never said I see no value in what Lemmy created, I'm saying that the way they went about it might not have been the right one because now that there's a lot of users and many instances were created, we can see that one major flaw in the system is that the instance's admin can just decide they're done with Lemmy and all content hosted on their instance just vanishes.
If your instance crashed I wouldn't be able to see your messages until your instance was back online, that's why when you copy a permalink to a comment it's the address of their instance that you see, instances host the content posted by their own user no matter where it's posted, instances communicate between themselves to share that info so their users see what other instances users post, that's also why you might still see posts on communities of instances you're defederated from, they're posts by people from your own instance.
On the password thing, it's no worse than what's going with the current system, you're trusting the instance admins not to leak anything... Heck, splitting up the lists could be even more secure since it could be equally divided between hosts instead of having a couple of instances hosting what amounts to over 50% of all credentials... What happens if lemmy.world's admin leaks everything?
And I'm suggesting solutions, I don't have the expertise to implement them. Do you believe that all tech is developed by the person who came up with an idea? Because I sure would love to meet the person that developed my cars seats, computer, engine and suspension, that single person must be one hell of a genius!