Login

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.ar.al is one of the many independent Mastodon servers you can use to participate in the fediverse.
This is my personal fediverse server.

Administered by:

Server stats:

1
active users

mastodon.ar.al: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.9

Public
Aral Balkan

Security isn’t about protecting everything from everything. It’s knowing what you’re protecting from what (and what you’re not protecting). That’s why we use threat models.

An analogy: you don’t protect food from the environment; you protect different types of food from different factors of the environment. You might design a heat lamp to protect the freshness of your dinner but a freezer for your ice cream. What you don’t do is design a heat lamp and assume it’ll protect your ice cream also.

Public
bhaugen

@aral

Do you know of any threat models for anything in the fediverse?

Aral Balkan

@bhaugen On the fediverse, in its current incarnation at least (if we’re talking about ActivityPub), there is no expectation of privacy. Everything is public. I don’t know if there’s a formal threat model of ActivityPub in the spec (it’s been a while since I looked at it).

Feb 18, 2019, 04:03 PM·Public
1boost·0favorites
Public
bhaugen

@aral
I don't see any mention of "threat" in the spec. But I assume you know that @cwebber is working on AP-related code that is aimed partly (but not only) at privacy: gitlab.com/spritely/golem/blob

Threat model? Sorta informal, list of problems...

GitLabREADME.org · master · spritely / golem · GitLabGolem is a demonstration of how to distribute content over ActivityPub securely over peer to peer networks.
ExploreLive feeds
About