mastodon.ar.al is one of the many independent Mastodon servers you can use to participate in the fediverse.
This is my personal fediverse server.

Administered by:

Server stats:

1
active users

Security isn’t about protecting everything from everything. It’s knowing what you’re protecting from what (and what you’re not protecting). That’s why we use threat models.

An analogy: you don’t protect food from the environment; you protect different types of food from different factors of the environment. You might design a heat lamp to protect the freshness of your dinner but a freezer for your ice cream. What you don’t do is design a heat lamp and assume it’ll protect your ice cream also.

@aral

Do you know of any threat models for anything in the fediverse?

Aral Balkan

@bhaugen On the fediverse, in its current incarnation at least (if we’re talking about ActivityPub), there is no expectation of privacy. Everything is public. I don’t know if there’s a formal threat model of ActivityPub in the spec (it’s been a while since I looked at it).

@aral
I don't see any mention of "threat" in the spec. But I assume you know that @cwebber is working on AP-related code that is aimed partly (but not only) at privacy: gitlab.com/spritely/golem/blob

Threat model? Sorta informal, list of problems...

GitLabREADME.org · master · spritely / golem · GitLabGolem is a demonstration of how to distribute content over ActivityPub securely over peer to peer networks.