@feld I thought it would be obvious to everyone how important client-side signing and portable objects are. But I hear mostly crickets when it comes to those FEPs and the problem in general.
It would seem that a lot of people actually like control over other people's stuff. As an admin, I absolutely hate that our users have to depend on us to even enable follower migration in the first place, while content migration is not even a thing.
@feld My hope is that the keys they have to introduce for E2EE DMs will basically make it a no-brainer to use them for signing posts as well.
@feld Not an unlikely scenario, I agree. This is a problem space where it makes even more sense to look at e.g. Nostr for solutions.
At the same time, Nostr could learn a thing or two from federated systems to improve performance and UX. I always said it'll somewhat resemble a federated system eventually, for various reasons.
@feld Client support for proper private messages is actually terrible on Nostr right now, because the thing that all clients support (NIP-04) literally leaks all your metadata to everyone. But yeah, at least the keys have to be managed already.
@feld That is, if both of us run our own XMPP server, and they connect with TLS, then the two of us sending unencrypted messages is more private than NIP-04.
@raucao @feld It's not about control, it is about resources. Some developers may want to implement these FEPs, but that requires a lot of effort (especially if you're among the early adopters), and they can't commit to it. Other so called "protocols" are paying developers, so stuff gets done much quicker.
@silverpill @feld My point is that architectural basics *that* important should be on the roadmap of e.g. the Mastodon company, and prominent AP authors and proponents should be calling for them.
@silverpill @feld I agree that it's way too much to ask from just any casual contributors, or sole implementers of small projects.
I mean, I pondered this myself, and that idea didn't get far when I played it out in my head.