Mastodon's federation introduces UX challenges.
One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.
Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).
Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?
@fj I just learned that there's nothing stopping me from registering https://mastodon.cloud/@fj and pretending to be you. That's not really a technical challenge (the domain is implicit part of the username) but sounds like usability hell.
@martijn_grooten Sure but it will still appear as "fj@mastodon.cloud" on people's clients. Domains just don't show up when you're on the same server as the other person, then they are implicitly assumed.
@fj Yeah, I don't think mentions are going to be very confusing. But imposter accounts? But maybe Mastodon isn't meant to be widely used; for a geeks-only social network, it's probably fine, and the decentralisation is a neat idea.
