this post was submitted on 25 Dec 2023
236 points (86.9% liked)
Memes
45132 readers
3258 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don't think that'd work, with Lemmy being a federated model, not a fully decentralized one.
How do you handle the actual login? Does that mean every server has access to your password hash? Or do you overhaul the account system to use something like a private and public key, with the user needing to store and transfer the private key to every device they use?
And what happens if two people register with the same username on two instances that aren't federating? Do they somehow need to still communicate with all other instances in the network they operate in, to prevent that from happening? Because the alternative I see is the login being random in some way or tied to the instance, in which case you still lose the impression of a single service.
If I'm not mistaken, right now anybody could host a non-federating Lemmy instance, if they just wanted a small private community in this style. To my understanding, that's the idea behind federation, and a founding concept of Lemmy - it's not a giant service distributed across trusted servers, but a network of smaller communities that communicate with limited trust.
There are no instances anymore with this system, it's the data hosting that's decentralized, the front-end looks like a centralized website so you would go to Lemmy.com instead of whatever instance you signed up on.
Imagine Reddit but there's no central authority and instead of using a service like AWS it's just people providing storage space and bandwidth and they can decide not to host content from certain communities on their server, but from the user's point of view they wouldn't know where they're pulling the data from.
So no, you couldn't have two users with the same username. The user database could easily be shared by all storage providers or the database could be randomly split and you would have to mention what part of the database your info is stored on when logging in. When creating your account (where it checks for doubles on the whole username list hosted on all servers) you're given a random third credential that you need to mention when logging in so the service knows which servers host that part of the user database (all info including the database would have triple redundancy).
Right now a website's data might not be stored on a single server so that's already how things work, the difference is that all the different servers are owned by the same company (like Amazon or Google). In the backend the servers communicate together to provide the data to the users so it feels like everything is hosted in the same place.
TL;DR: The best way to fix things is to make it work like it does for any other websites but to only decentralize the hosting instead of also decentralizing the communities.
Sounds like what you want basically is not Lemmy.
It also raises some pretty big issues, like who gets to moderate communities? Right now you make a community on a specific instance, you follow that instance's rules, so the instance host has authority over the community. If you disagree with the instance's rules, or with the way the community is ran, you can make a community on another instance, or even make your own instance with your own rules.
And from the other side, there need to be people with the authority to remove communities, and remove people/posts across different communities. Right now that's the responsibility of the instance hosts, to my understanding - content is hosted on a primary instance, and stored through federating instances, so the primary instance has a responsibility to keep it clean of illegal material. Who would have this power and responsibility if instances aren't differentiated? Sounds like the best case is giving trustworthy people an excessive amount of power, and the worst case is the entire network being shut down due to distributing illegal content and being effectively impossible to moderate.
You also didn't address the issue of passwords - currently it's a pretty big deal when hashed+salted passwords leak, considering those passwords compromised... The comparison with AWS is flawed - when using AWS, you're trusting them, because it's a big company with a reputation to keep. The situation seems very different when it's random enthusiasts with highly differing views, and without a central authority to verify them (though there are probably too many to verify anyways)
And you propose that anybody can join the network and receive users' passwords? On top of that, you're proposing that you need to also know the "server" your data is stored on and supply that with logging in? Sounds like a really annoying friction point for the user.
I really feel like you're approaching this from the wrong direction, suggesting Lemmy should abolish the very structure it's built on for one you'd like more, but I think it could be possible to make the experience nicer without going to those extremes.
Maybe it'd be possible to let multiple instances have authority over an account, without changing its home instance, so that if your original instance goes down, you can keep the same account. And to reduce friction from communities being made across multiple instances, some way for communities themselves to federate/combine would be nice, and is probably being considered by people smarter than me.
I know it's not how Lemmy works, what I'm saying is "There's a big issue with how Lemmy works, here's how I think decentralization should be approached instead." Having terabytes of information possibly disappearing because one person gets in a car accident on their way to work isn't an improvement vs a centralized system hosted on AWS.
Communities would be moderated by their creator, server admins could decide not to host content from any communities they don't want to host, if no server admin wants to host your community then you're free to host it on your own server or to fix the problems with it.
There's illegal content on Lemmy right now, even instances that don't want to host it need to clean up their images folder because of it, so it's not as if the way it works right now is any better for that and it's not as if there's no instance admin ready to host that content.
User credentials can be stored securely. Do you think your instance admin has a text file with your password written in plain characters?
The third credential I was suggesting is just one solution so not all servers have to have a "master database" with all user info stored, split the database and let the users know they need to remember they confirm their login through database X or Y. I'm sure much more intelligent people could come up with another solution.