1
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 24 Sep 2024
1 points (100.0% liked)
News from fediverse
0 readers
14 users here now
founded 9 months ago
@trwnh@mastodon.social nice writeup! Just glancing, so without getting into detail, I think I agree.
This is perhaps my own bias in all of this, but it's interesting that one of the most-consistent aspect of Fedi implementations is their reliance on Webfinger.
I worked on that part because I didn't think the data format stuff really mattered that much, and at worst was going to be stifling. It was excluded from AP for political, http fundamentalist reasons, but [imho] is essential to the networks functioning.
@trwnh linking, which as you point out is key โ to people โ depends on regular people being able to share their names. I learned a long time ago that most people aren't good at groking the HTTP part of links, because the structure of links is actually really complex. When you mention xmpp and email, the identifier is the thing that makes both of those networks work.
For me, "fedi" or "AP" or the social web or whatever we want to call it has always been about making personal identity linkable.
@blaine i'm wondering to what extent fedi would implement webfinger if mastodon didn't require it
i think if i had to really pick a format for identity then it would be a weak preference for FQDN, but having your id be a pretty-url is also okay i guess. but one other thing that i think would be cool is being able to find your contacts via webfinger if they choose to make themselves findable by other means! so you could do wf?resource=tel: or ?resource=mailto: and still get back useful info...
@trwnh@mastodon.social fun fact, webfinger actually supports URLs and [in theory] phone numbers!
The key (and this is a social science and cultural insight, not technical) is that when you ask someone's "name" or "address" they need something that's unambiguous, personal, and opaque in the sense that it works everywhere (online / distributed, it needs to be globally unique, too) or they won't use it.
Bare domains aren't ideal because (1) they're expensive and (2) management is hard.
@blaine@mastodon.social tumblr made it work so idk if it's "ideal" per se but they definitely had a cultural thing going for quite a while with "dot tumblr dot com" even being a meme at some point
it can't be too hard to manage tbh, the modern version of this is atproto handle services that do nothing but allocate you a subdomain for use on bluesky
@trwnh@mastodon.social yup! My long-standing argument is that "jesus of nazareth" is the same thing in a social context as an email address / webfinger address, and that "[person] in [context]" is something that's seared into how we do social cognition, whether it's "[name] [family name]" or "[family name] [name]" โ i.e., the format per se doesn't matter so much as the recognition that names-for-humans are different from http-style links with e.g. paths and query strings, etc.
@trwnh the "trick" with webfinger is that it's a way to go from a "name" to an authoritative context (the authority for "x@y.xyz"' is "y.xyz" and the authority for "blah.com" is "blah.com"; the challenge with phone numbers is that it's impossible to infer the authority for +1-416-867-5309 / telcos don't provide a lookup system). That's really it; the rest is a cultural thing.
@blaine there might not be an authority for a phone number but i think it can be handled more like a combo of "local dns resolver" + "registry of phone number". sure in many cases with identifiers that have an authority component you can just use their webfinger if they have one, but i think it would also be cool to be able to use your own webfinger and "proxy out" as needed, in the same way that dns does it
@trwnh@mastodon.social lolsob. This is/was the whole point of webfinger ("It's DNS, for people") but the mastodon implementation kind of missed that part. But it's trivially possible to do that.
My ideal is to have one "personal address" [per life context, e.g., work, family, social, etc] that points to different stuff I'm sharing in different contexts, with tagging to indicate in which contexts it the various feeds/etc might be useful. e.g., a tech-focused mastodon feed, a pixelfed feed for family, etc.
@trwnh .. and *critically* for what I think you're saying, there's nothing preventing linking from a webfinger profile to e.g. a wiki or a webpage of any sort, or another identifier like a phone number or a signal account. Again, this is all stuff that informed the original design of webfinger, over 15 years ago now ๐
@blaine yup, more or less. the only difference i'd make is that instead of having multiple feeds for mastodon/pixelfed/etc i'd rather it was all done via the same identity
one of the things that i wish were implemented broadly is support for
streams-- arbitrary collections that you could post into and other people could follow. to my knowledge no one other than google+ has done it. and, well... we know how google+ went...@trwnh@mastodon.social oh, totally. To be clear, the way I imagine it is that to end users, it all looks like a single identity, and which feed/stream is negotiated based on the context you're using the identity. So, e.g., my main public profile might be "blaine@bcook.ca", and if someone tried to follow me on mastodon, they'd get my "short text notes" stream, and if someone else tried to follow me from pixelfed they'd get my "square format insta-like-social photos" stream.
@trwnh@mastodon.social for sure; lots of ways to deal with the phone number lookup thing, but "security is hard" in that context ๐
aside: I did a little work a couple of years ago on a thing I was calling "NNS" (the "Name Name System") around how we might use modern cryptographic assertions to step back from the relatively "centralized" mode of DNS (and by proxy, webfinger and atproto's approach), but then IPFS etc imploded and the funding/interest dried up. There are some similar efforts out there, too.
@trwnh@mastodon.social @blaine@mastodon.social wait aren't 0 and 1 authorities ? if it starts with 2-9, it's a number in the same area code as you're dialing out from, starts with 1 diff area code, starts with 0 diff country code...
@trwnh@mastodon.social @blaine@mastodon.social i guess authority isn't the word for that but there's relrefs and absolute refs at least. not sure i follow the proxy out metaphor tho
@by_caballero @trwnh this would work except for the specific way that number portability is implemented. ๐ At least historically, and very likely still today, the "database" used to map phone numbers as assigned by exchange blocks (i.e., to a given carrier) to phone numbers that have been ported to a different carrier by the customer (under number portability laws) was a set of spreadsheets synchronized by FTP at intervals. Access to said "databases" is entirely contractual.
@blaine@mastodon.social @trwnh@mastodon.social uuuuugggghhhhh i wish i could unlearn that hideous namespace governance
@by_caballero @trwnh so _in theory_ PSTN operators could provide a lookup system, but it'd be jank af at best, and more likely it would be a horrendous unfixable security disaster.
@blaine @by_caballero i was thinking more that you could declare a tel: as one of your "aliases" at your authoritative wf and then it percolates through the rest of the system
@trwnh@mastodon.social @by_caballero@mastodon.social since tel: is extremely fraught, especially nowadays with insane phone spam etc, a Signal/WhatsApp/etc address might be a good alternative example?
I particularly like the "established encrypted messenger" example because the wf->[rel=messenger]-> lookup could get Fedi encrypted DMs "for free."
(obviously lots I'm glossing over that make it more complicated, but in theory it'd be less complicated than many alternatives)
@trwnh@mastodon.social @by_caballero@mastodon.social (one thing to note is that it's not possible to declare an alias, e.g. a phone number in a wf or other profile, and then use that alias in reverse as a way to look up the original profile. I mean, one could do it, but with questions of identity at play it would be an incredibly very extremely bad idea to do that from every conceivable security perspective.)