Home | Notifications | New Note | Local | Federated | Search | Logout

Note Detail

Reply to @phnt@fluffytail.org
feld@feld@friedcheese.us (2026-04-15 01:29:09)
@phnt @benpate good question. I think the reality will be more like

- flawed implementation, terrible rollout

- Mastodon and maybe Pixelfed support it (seems like something dansup would jump on)

- all the logic has to be in the client (or frontend)

alright. Now we've got an app store with a ton of shady looking fedi clients (we're that popular guys).

How long before any of those are modified to exfiltrate your keys? How long before the first incel server admin that wants to spy on some female account so they backdoor the FE to steal their keys next time they login?

As soon as one of those events happens, now trust is gone. So Mastodon has to restrict access to this feature to the official Mastodon app and the official Mastodon servers.

UHOH SPAGHETTI-O
---Reply---
silverpill@silverpill@mitra.social (2026-04-15 01:34:54)
@feld @phnt @benpate It doesn't seem to be an issue in the Matrix ecosystem where people often self host web clients.

---Replies---

feld@feld@friedcheese.us (2026-04-15 01:37:36)
@silverpill @phnt @benpate harder to target users on your own homeserver when you don't have a public timeline where you can spy on your users to pick a victim based on their public posts/profiles.

most of the activity on Matrix is private or at least in group chats. The fediverse is public by default.

Phantasm@phnt@fluffytail.org (2026-04-15 01:38:56)
@silverpill @feld @benpate Because the way Matrix does it is kinda flawed and makes inserting malicious devices easy-ish. OMEMO is the second extreme they can go to. 

This ActivityPub becoming a kitchen sink protocol is getting really weird. First it was trying to make C2S usable and now E2EE barely anybody asked for. When are we going to get emoji reactions standardized?