Mastodon's federation introduces UX challenges.
One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.
Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).
Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?
@fj I just learned that there's nothing stopping me from registering https://mastodon.cloud/@fj and pretending to be you. That's not really a technical challenge (the domain is implicit part of the username) but sounds like usability hell.
@martijn_grooten Sure but it will still appear as "fj@mastodon.cloud" on people's clients. Domains just don't show up when you're on the same server as the other person, then they are implicitly assumed.
@martijn_grooten next step for Mastodon is to put all the usernames in a distributed ledger run by all the Mastodon servers to have a unique blockchain of usernames. #BlockchainAllTheThings #WhenAllYouHaveIsABlockchainEverythingLooksLikeANail
