Mastodon's federation introduces UX challenges.
One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.
Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).
Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?
@fj Once I get around to it, i'm going ot be looking to see if Ostatus supports gpg signing as part of it's data format. It would be really useful to tie into something like keybase or some other third party keysigning oracle.
Doesn't solve the fact that html can be edited, but it does make some sense.
Hopefully MITM mutation attacks will simply be de-federated once the attack is found, but I agree we need a better way to surface shenanigans.
