Are they? Or are they federated? I was under the impression that it worked like the rest of Matrix, which operates on ActivityPub, which is a federated network.
I know encryption is run locally, but do the posts also only exist among users’ devices? Or is storage centralized/federated?
When I say decentralized, I mean something like BitTorrent, not Lemmy, Matrix, or Mastodon where there are admins managing instances where data is copied.
As part of the community configuration you have a list of mods
Sure, and what happens if one of those mods’ accounts gets hacked? Can these attackers add a bunch of other mods to “take over” the community? Can they remove existing mods?
what if the instance admins suck?
Then use another instance. The admin changing significantly isn’t all that likely since they have a financial stake in keeping the instance running to their satisfaction. It costs money to run an instance, it doesn’t cost money to mod a community.
then people will leave and find alternatives
Sure, and that exists with lemmy as well. But one nice feature lemmy has is namespacing, where you can have multiple similar communities with the same name on different instances, and they can serve as fallbacks to others. Names matter, and they matter a lot more than I think they should, but they do matter.
If !rust@programming.dev sucks, I can move to !rust@lemmy.ml or !rust@lemmy.world or whatever. On Reddit, if /r/rust sucks, I’d move to /r/rust_programming, /r/rust_official, or /r/rust_dev or something (not sure if any of those exist), and it’s not exactly clear which I should pick, and new users will likely still flock to /r/rust and blame the Rust community for the online community with an official-sounding name sucking.
There’s no easy solution here, but I think namespacing does help, as does having the option of appealing to an admin if a high level mod account is compromised or something.
I think the solution has something to do with users voting and being able to override mod actions, but I’m not sure how to structure that in a way that’s unlikely to get manipulated. Perhaps requiring new mods to be approved by a majority of existing mods is an acceptable solution, which should reduce the risk of a hostile takeover. But I’m not a security expert, so I’m not sure what I may be missing.
Regardless, I’m going to work on this decentralized lemmy idea as a hobby at least as long as it holds my interest. I sincerely hope someone beats me to it.
Matrix does not use ActivityPub, it has its own protocol.
Sure, and what happens if one of those mods’ accounts gets hacked? Can these attackers add a bunch of other mods to “take over” the community?
Yes. Or it depends on permissions. There have been some ideas for voting-based controls over things like adding and removing mods.
The thing is that you can extend this to what if the instance admin account gets hacked? It seem better to have one point of failure (the mods) rather than two (mods + admins).
what if the instance admins suck?
Then use another instance.
You can’t do this if the community is tied to one instance. This is my point, right now you need to trust the instance admins, and sort of the mods. I think it would be better to just have mods. This means that there is a clearly defined source of control over the room rather than two levels.
Names matter, and they matter a lot more than I think they should, but they do matter.
You can still have names like this. The way Matrix does it is actually pretty clever. There is an internal ID for a room which should be mostly invisible to the user. But there are also local aliases. So for example you can have #rust:matrix.org. But if the matrix.org admins decide that that room is not a good target they can update the alias to a different room. These names are controlled by the instances but the room itself is not. I think overall this is a good strategy, trying to have one centralized directory is a recipe for fighting, disagreement and bad results. Pushing the directory responsibilities away from the core protocol makes a lot of sense to me.
I don’t think it is a perfect system but it works fairly well. Plus at the end of the day most users are going to come from whatever rust-lang.org points to. Or what they find in their search engine.
Are they? Or are they federated? I was under the impression that it worked like the rest of Matrix, which operates on ActivityPub, which is a federated network.
I know encryption is run locally, but do the posts also only exist among users’ devices? Or is storage centralized/federated?
When I say decentralized, I mean something like BitTorrent, not Lemmy, Matrix, or Mastodon where there are admins managing instances where data is copied.
Sure, and what happens if one of those mods’ accounts gets hacked? Can these attackers add a bunch of other mods to “take over” the community? Can they remove existing mods?
Then use another instance. The admin changing significantly isn’t all that likely since they have a financial stake in keeping the instance running to their satisfaction. It costs money to run an instance, it doesn’t cost money to mod a community.
Sure, and that exists with lemmy as well. But one nice feature lemmy has is namespacing, where you can have multiple similar communities with the same name on different instances, and they can serve as fallbacks to others. Names matter, and they matter a lot more than I think they should, but they do matter.
If !rust@programming.dev sucks, I can move to !rust@lemmy.ml or !rust@lemmy.world or whatever. On Reddit, if /r/rust sucks, I’d move to /r/rust_programming, /r/rust_official, or /r/rust_dev or something (not sure if any of those exist), and it’s not exactly clear which I should pick, and new users will likely still flock to /r/rust and blame the Rust community for the online community with an official-sounding name sucking.
There’s no easy solution here, but I think namespacing does help, as does having the option of appealing to an admin if a high level mod account is compromised or something.
I think the solution has something to do with users voting and being able to override mod actions, but I’m not sure how to structure that in a way that’s unlikely to get manipulated. Perhaps requiring new mods to be approved by a majority of existing mods is an acceptable solution, which should reduce the risk of a hostile takeover. But I’m not a security expert, so I’m not sure what I may be missing.
Regardless, I’m going to work on this decentralized lemmy idea as a hobby at least as long as it holds my interest. I sincerely hope someone beats me to it.
Matrix does not use ActivityPub, it has its own protocol.
Yes. Or it depends on permissions. There have been some ideas for voting-based controls over things like adding and removing mods.
The thing is that you can extend this to what if the instance admin account gets hacked? It seem better to have one point of failure (the mods) rather than two (mods + admins).
You can’t do this if the community is tied to one instance. This is my point, right now you need to trust the instance admins, and sort of the mods. I think it would be better to just have mods. This means that there is a clearly defined source of control over the room rather than two levels.
You can still have names like this. The way Matrix does it is actually pretty clever. There is an internal ID for a room which should be mostly invisible to the user. But there are also local aliases. So for example you can have
#rust:matrix.org. But if thematrix.orgadmins decide that that room is not a good target they can update the alias to a different room. These names are controlled by the instances but the room itself is not. I think overall this is a good strategy, trying to have one centralized directory is a recipe for fighting, disagreement and bad results. Pushing the directory responsibilities away from the core protocol makes a lot of sense to me.I don’t think it is a perfect system but it works fairly well. Plus at the end of the day most users are going to come from whatever rust-lang.org points to. Or what they find in their search engine.