I came here for the same reasons as most of you and chiefly among them was to escape the corporate embrace of common social media platforms.
But how much trust can we place into Lemmy, Mastodon, and/or other various integrated Fediverse platform instances?
I’m all for open-source and transparency which the devs seem to provide, although providing source code and routinely audited source code are entirely different concepts.
Similarly, the high availability of source code may lead to malicious instances, actors, and/or back-end modifications that would favor specific instances resounding consequence throughout the Fediverse.
So I ask simply: How much faith do you have? (Please provide supporting documentation links supporting your answer because I’m genuinely interested.)
EDIT: I literally removed a semi-colon character ‘:’
What do you mean by “trust”?
Do I trust that vanilla Lemmy code doesn’t contain something nefarious, such as code that detects political positions it doesn’t like and reduces their visibility? Sure. It would be hard to hide something like that.
Do I trust that major servers aren’t secretly running software that manipulates content? Mostly yes. I think it would get noticed since there are lots of vanilla servers to compare behavior to.
Do I trust that all the software is well-designed and bug-free? I write software for a living. No software is bug-free and most of it isn’t well-designed.
Do I trust that everyone who runs a fediverse server isn’t an asshole? Absolutely not. Any jackass can run a server. I run a Mastodon server (on which all users are me).
How can people join your mastodon?
I also choose this guy’s Mastodon server
They can be my really close friends or family and ask me for an account, which I would actively discourage (join something well-run like .world) but eventually allow if they really wanted to.
deleted by creator
deleted by creator
This is a social media website. If you don’t trust it, no one is making you use it.
I came here for the same reasons as most of you
Ah, so you’re tired of Reddit’s manipulation of mods and users?
Understood and agreed.
Nobody is making any of us use The Software™, my question concerns your decision. Trust is an entirely separate concept and varies greatly depending on the audience.
BTW, It’s not just Reddit. ;)
deleted by creator
Similarly, the high availability of source code may lead to malicious instances, actors, and/or back-end modifications that would favor specific instances resounding consequence throughout the Fediverse.
Historically availability of source code has prevented that sort of thing since forever. Plus you can’t favor a specific instance, that’s the beauty of the protocol. It’s like saying google can favourite a specific email provider, they can’t, if suddenly Gmail stops receiving or sending emails to random domains people would just switch boats because you can register on any of the other email providers that don’t do that. Gmail can collect your data and all, but all data on Lemmy is public, so there’s no need to mess with the source code to gather data.
So what are you worried about? Mods moderating content in ways you don’t like? That will happen on any platform that allows moderation, and you don’t want to use one that doesn’t (plus it has nothing to do with the open source nature of the server, and you can jump to another community with different mods). Maybe you’re worried that malicious software will run on your phone? That’s more likely to happen with a closed source software, if you’re truly paranoid about these things you would have a full open source phone with a custom OS without google components flashed into it, I can see that you’re not on that level since you still don’t understand that open source is needed for transparency. Or maybe you’re worried the server itself will host malicious content? Any server can do that, servers that host things people write will always be able to host malicious content, it’s not hard to link to an external website or provide malicious scripts or files, just don’t click on random links or download random things from strangers online and you should be mostly fine.
Historically availability of source code has prevented that sort of thing since forever. Plus you can’t favor a specific instance, that’s the beauty of the protocol.
Availability of source code and actual auditing are entirely different.
It’s like saying google can favourite a specific email provider, they can’t,
They very well can as a private platform. For the record, google does favor specific vendors through their Google Partnership program and similarly through search results as recently found through court proceedings.
but all data on Lemmy is public
It’s also managed by a single source of truth, ie. databases… correct?
So what are you worried about?
I’m not worried about anything. I asked a question to a forum which seemed to superficially accommodate questions, my bad.
Mods moderating content in ways you don’t like?
I literally don’t care about moderated content, censorship, or whatever.
Maybe you’re worried that malicious software will run on your phone?
Nope.
I can see that you’re not on that level since you still don’t understand that open source is needed for transparency.
Yes, I’m lower than you. Teach me.
Or maybe you’re worried the server itself will host malicious content?
Counter question, how many straws are you grasping at here?
Realize how many questions you levied and that I was actually kind enough to take the time to answer most of them even if possibly rhetorical.
You insulted me and I’m okay with your opinions that I’m ignorant, “not on the level”, or whatever. I literally just asked a question.
EDIT: I failed to proofread and had a redundancy collision.
First of all I never insulted you, I said you’re not on the level of paranoia to be using exclusively open source software on your phone, if you were you wouldn’t use open source as a negative term (btw I’m also not on that level, I’m writing this answer from a third party closed source client on a stock Android phone). I apologise for the misunderstanding and rereading my answer I can see why you would take it as an insult, but let me assure you it was not, I only meant to say you’re not too paranoid about other software that’s running on your phone so you shouldn’t be about this either.
Availability of source code and actual auditing are entirely different.
Indeed they are, but auditing is only possible on open source programs, therefore on the worst case scenario, i.e. no one ever audited the code, it should be at least just as safe as a closed source alternative. Plus I was answering to a point you made which specifically stated that code availability might lead to malicious instances, which is completely contrary to all historical information we have, which is why the most critical pieces of software for security (SSL, TLS, etc) are all (100%, no exceptions) open source.
They very well can as a private platform. For the record, google does favor specific vendors through their Google Partnership program and similarly through search results as recently found through court proceedings.
Yes, but I was specifically talking about emails, if gmail refused to send/receive emails from addresses @yahoo or @microsoft people would not use it. Remember that the fediverse is similar to email, where different servers talk to each other, if one server refuses to play nice and blocks content it’s by definition worse than the others that show you that content, therefore there’s no incentive to keep using that server and users would migrate away.
It’s also managed by a single source of truth, ie. databases… correct?
Noz it’s managed by multiple sources of truth, each server has their own database of the content they serve and/or have cached. Being worried about a server altering the data is like being worried Google will alter the content of the emails you send/receive, possible? Yes, but the moment someone discovered it (and it would be very simple to discover) no one else would trust that server and would instead use another.
I’m not worried about anything. I asked a question to a forum which seemed to superficially accommodate questions, my bad.
But your question was about how much trust to put in it, which implies you think there’s a reason to be worried and not put trust in it, and I’m trying to figure out what is your worry, what exactly is it that you think you shouldn’t trust.
Counter question, how many straws are you grasping at here?
As many as I could think, because honestly I can’t understand what is it that you have a problem with trusting, so I was bouncing ideas on things people might not trust (mods, malicious code, etc).
Realize how many questions you levied and that I was actually kind enough to take the time to answer most of them even if possibly rhetorical.
Yes, because I don’t understand what is it that you have a problem with trusting, content? Server code? Client code? There are many things you could have an issue with trusting, and I honestly want to understand which one is it.
You insulted me and I’m okay with your opinions that I’m ignorant, “not on the level”, or whatever. I literally just asked a question.
Again, I’m sorry for the miscommunication, it was never my intention to insult you.
Who cares? If baddies subvert the backend, the worst case scenario is that I get lower quality memes.
I care slightly more about clients. Those run in sandboxes on your phone or browser, so they’re probably fine-ish too.
🤷
Teach me your ways. I want to learn.