social.veraciousnetwork.com is part of the decentralized social network powered by Mastodon.
Veracious Network hosted in central Ohio, US is comprised of folks interested in gaming, technology, science, and open source. 18+ content allowed (only with content warning included)

Administered by:

Server stats:

59
active users

Learn more

Question:

How can Fediverse be more "private" while also not ruining the experience for those who like things the way they are?

There's already a way to make your posts private so that there's no way for anyone to see them without your permission.**

Could there be another way without destroying discoverability?

I can't think of any, but I'm obviously not the sharpest tool in the shed.

Obviously Mastodon needs to start by removing the RSS feed or make it an option to turn off. As it stands, most people don't even know it's a thing because it's not documented.

Thoughts?

**Besides admins and moderators. They can see everything if they want to, including DMs.

@BeAware "How can the fediverse be more private"...

Hang on, let us exchange GPG public keys before we proceed. ;)

@cdp1337 @BeAware

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Well, that sounds like a good idea :)
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRyIN0gFN9zYWzDHVl/t9Q2Af9hYQUCZm2/sgAKCRB/t9Q2Af9h
YUUEAP9HLcjmxZcCf+uqAfRHCTF+Pwb+VkmDyWeEG8kqdP0RWQD9Gc+Paqoy+l+D
V9CS89guNju+q3iCId5TnNh7U9gbVw8=
=7b54
-----END PGP SIGNATURE-----

@Larvitz @BeAware

-----BEGIN PGP MESSAGE-----

hQIMAz/xeSfb2GPLARAAvok7PE5LzLgQKS4bFdRyVbrpYikRuygzb4X8qPUvJfOx
pKvHf1ltGbrzmhHznosIwVyZdU9TGJlB8q83H/SofS8EcABeSTfTObhbYCGjIVle
73iPcoa46xq+IYLP5Gh6lkAjyBUUUSCJz9+p+O7rE/bcthuyUYgKm9pEXXj9+jWg
yaIk4HHcoLkmbdJPea5wtRV0GJHxKxerCwmOYbLn8qJAwWRPX2uHEfI/L5ufm8aU
DBQFKsBcPCrr0l/5mCSA7CoRc40gyjvg+X69lVMHmF6NalAsTaEBN8yLl6qCidGH
TgT/YxeQhAfnq5a06ve6ssqa9hBnR3tBhOcEOFr/XceKmlBJT/Yo0yRzeYzO+6FW
/hxFeWD8KCL6A2l9Ww15ovGVLYEzyKO+li2ESghlrt84i3BFPo3xFDkgovjzlFi6
1PT5m09LBcxpTC9bpnEwvoTAK/77IsdK5XbiAMGs5kvFqpNWiAGjHtnEp0hGBRdK
EVw6zBxb3VY1JlDowGLwgYVmmOsg91D9kN4KH9ZyDQ1VYF4Xu6BVfXlAkdfhDmOK
eRpp5hnUcjQL3M9jHLfL559ZvaYIYMFYu0OWn+eWta5AEIbf8l9Tw/Hj99fCu3wD
WyNpsCa2UuQH6ezMpmKJnPu3o7gB5Lhz6Ak1N4DWy9wUO6MxvbLq17BdHCQYLhPS
fQGq5H/vjkDc0mdUnSu8N5fmjAAjxYlcIu6A/vyDP1vrlVMtMVqZeDrhfcFKm+tk
Az8BBWHXuZR7Van5xi1gu4ILB1hmLb8jmvKAtqAlKsSn072mT20uRgKo/spwQrLj
GjhFuG0T66XlvdNkNKXQhhSUkI81vq7KTu8cDVI/
=/NT0
-----END PGP MESSAGE-----

@cdp1337 @Larvitz tbh, I'm dumb as hell and don't know how PGP signing works....😳😂

Charlie

@BeAware @Larvitz In short, each key is in 2 parts; the public and the private.

I (as a third party), can take your public key and use it to encrypt a message that only the matching private key can reveal.

You can also use multiple public keys to encrypt a message, so you can chat with multiple recipients at once.

Signing works on a similar premise, where you can sign a plain text message with your private key, and me (again as a third party), can use your public key to verify the plain text message was not altered.

The main unfortunate part is access to the private key; email clients like Thunderbird support it natively and transparently, (sending/receiving encrypted messages "just works"), but Mastodon being a web application, doesn't have access to your private key, so a desktop app would be required (or a browser plugin would be needed).

@cdp1337 @Larvitz ahh. I see.

Unfortunately, with my ADHD, I feel like I might get confused on which key goes where and who's key is whose. If that makes sense. I'd have to use it with an app that allows me to just see names or usernames and the like...

@BeAware @Larvitz Oh yeah, when I encrypted that message to Larvitz, I just entered their email as the recipient.

Unfortunately I'm not aware of any desktop clients for Mastodon which have native support for this, but that would be an amazing feature for one!

@BeAware @cdp1337 I couldn’t even export my private key accidentally, even if I wanted. It was generated and lives on an OpenPGP Smartcard and cannot be exported from there (by design!). To decrypt the message @cdp1337 wrote me, I had to insert the card and enter its pin in order to let the smartcard decrypt the message.

Of course, GPG keys can also be stored on the computer within files and nowadays there are USB based solutions like the Yubikey and the Nitrokey, which implemented the same protocol but I still use my old GPG cards. (My primary use-case is that I use them for SSH Public Key authentication to my servers and to sign rpm packages for software, I built)