Mastodon's federation introduces UX challenges.
One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.
Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).
Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?
@fj I just learned that there's nothing stopping me from registering https://mastodon.cloud/@fj and pretending to be you. That's not really a technical challenge (the domain is implicit part of the username) but sounds like usability hell.
@martijn_grooten @fj backgrounds from users you follow should be slightly different colors. backgrounds of users with the same name as a follow but are not that account should have a different different color too. The 'web of trust' is already handled by DNS, HTTPS, and the ability of Mastodon instance owners to unfederate with specific servers. It may come where the biggest servers are whitelist-only with an application process. or maybe 'local/trusted/federated'
@fj @martijn_grooten a plug-in for 'verified' could be made that individual mastodon servers could opt-in and add support for on their pages. a problem persists in mastodon servers that would give them out to everyone. but it would still be a baseline. 'that accounts not even verified, and practically everyone is verified on ___________'
