Security isn’t about protecting everything from everything. It’s knowing what you’re protecting from what (and what you’re not protecting). That’s why we use threat models.
An analogy: you don’t protect food from the environment; you protect different types of food from different factors of the environment. You might design a heat lamp to protect the freshness of your dinner but a freezer for your ice cream. What you don’t do is design a heat lamp and assume it’ll protect your ice cream also.
Do you know of any threat models for anything in the fediverse?
@bhaugen On the fediverse, in its current incarnation at least (if we’re talking about ActivityPub), there is no expectation of privacy. Everything is public. I don’t know if there’s a formal threat model of ActivityPub in the spec (it’s been a while since I looked at it).
@aral
I don't see any mention of "threat" in the spec. But I assume you know that @cwebber is working on AP-related code that is aimed partly (but not only) at privacy: https://gitlab.com/spritely/golem/blob/master/README.org
Threat model? Sorta informal, list of problems...