Viewing a single comment thread. View all comments

2

quandyalaterreux wrote

Yes, as his employee Joshua Lund says,

An aspiring censor could also "easily connect to the broader network" and masquerade as a federated server in order to discover others. This process could even be automated.

Federated services also require an identifier, and this identifier usually indicates where the user's account is located and how to connect with them (e.g. user@domain.com). As people share these identifiers, the aspiring censor can just keep adding new entries to the blacklist.

Federated services also offer no by design solution to metadata.

3

md_ wrote

Non-federated protocol: you only have to ban one IP

Federated protocol: you have to keep banning IPs

Non-federated protocol: your mobile phone number, which is associated with your real name, is your ID

Federated protocol: your account on a server is your ID


I don't see how is non-federated better. Best case scenario, they are equally bad.

2

quandyalaterreux wrote

Federated protocol: you have to keep banning IPs

That's something very easy for censors. I mean just look at the Tor Project's bridge distribution, even though there are loads of non-public bridges, China is able to keep up and block virtually all of them. But, domain fronting works in China.

Non-federated protocol: your mobile phone number, which is associated with your real name, is your ID

Federated protocol: your account on a server is your ID

I agree, a phone number isn't the best thing, but a federated protocol is worse since you're giving more metadata by associating your account with a particular instance (e.g. user@domain.com).

I don't see how is non-federated better. Best case scenario, they are equally bad.

I think Moxie did a pretty convincing case against it: https://signal.org/blog/the-ecosystem-is-moving/

1

md_ wrote

I linked to that post already, I am familiar with it, and I am not convinced that centralisation is desirable.

but a federated protocol is worse since you're giving more metadata by associating your account with a particular instance (e.g. user@domain.com).

I'm not sure why you keep bring that up as a grave issue. The one aspect of XMPP that is a privacy concern is how the roster is maintained by default.