mastodon.ar.al is one of the many independent Mastodon servers you can use to participate in the fediverse.
This is my personal fediverse server.

Administered by:

Server stats:

1
active users

Aral Balkan

I needed a pick-me-up so I took a break from the back-end stuff to make a logo for Domain¹ :)

(The main page for public instances will have a very different design before launch – one based on the prototype we created while working with the City of Ghent a few years ago.)

¹ codeberg.org/domain/app

@aral For some reason this reminded me to check whether your #SmallWeb work supports #EndToEndEncryption. Turns out it does! https://codeberg.org/kitten/app#end-to-end-encrypted-kitten-chat

Doing the encryption on a client app instead of inside the browser client served by the server could be more secure, right? Like a WebExtension client or a dedicated app. Only for content encryption though, your hoster always knows the metadata of your posts, right?

pleroma.what.repleroma.what.re

@fahrstuhl Yep, that could be something that’s layered on but Small Web places are not for folks with threat models that include state-level actors.

A malicious server host or one that is compromised (likely by a state-level actor) can serve a modified client to phish your secret, etc.

Instead of a browser extension that handles the encryption, if you’re going to use an extension, you could use it to verify the source matches what you expect via a hash.

@fahrstuhl But again, if your (or someone else’s) life is going to be at risk, this is not going to be for you. Use Signal or some other end-to-end encrypted messenger (and hope that whatever app store you downloaded the client from hasn’t been similarly compromised and you’re getting the binary you thought you were. Again, it all depends on your threat model.)

@aral The hash-verification extension makes a lot of sense.

And yeah, fair, Signal is probably the best bet but I keep thinking about the case where Facebook handed a mother’s and daughter’s private messages about an abortion over to law enforcement. Which are kinda state-level adversaries but I hope with less power to force your hoster to manipulate your server software. That hope is probably wrong…