Hacker News new | past | comments | ask | show | jobs | submit login

I have only been using GNU Social for about 18 hours, but so far the decentralization does not seem to be a problem. When you have an account on one person's (or organization's) server, you can "remote follow" people elsewhere and that seems to work just fine.



How do they handle the issue of keeping usernames unique? If I were to sign up on one server with my handle, what's to stop someone from signing up on another server with that same handle to impersonate me?


Your address ends with "@SERVER" so you can't register with a duplicate prefix name on any given server.


But how prominent is the @SERVER part? Is is something that people will pay attention to? Or will they just see "mark_l_watson", assume it's you, and take whatever is being said as being said by you, even though it's not on the server you use?


What's to stop you from getting mattl@hotmail.com and pretending to be me in email?

Same thing, really.


You get an email that you respond to to finish the registration process.


No, I mean... what is the difference between a user called mattl being on two GNU social servers, and a user called mattl being on two common, gratis email servers?

I could go and make a webmail account called mark_l_watson@whatever.com and people shouldn't assume it was you.


Good point. Perhaps better to login with OpenID?


OpenID is dead, effectively.


So it's still a major problem.


No more than anywhere else. If you have your own domain name, you can host your own GNU social instance, or point people to your profile.


That's not really an answer. Repeating the mistakes of the past, especially with something as personal as social media, is a HUGE oversight that needs to be corrected post-haste.


How would you solve this? I think that GNU Social's goals are to decentralize social networks. How would you "fix" this without some kind of centralized identity verifying registry? If someone hosted a GNU social where impersonators were not purged, I think other GNU socials would exclude them from their circle of trusts in addition to purging bad users from their own systems. The centralization will most likely be rejected by the privacy and small government advocates in the community.

I believe that rather than saying your issue is not solved, the issue has been replaced with a new one: how would does GNU social's network of trust work? When a spammer starts or occupies a GNU social, what is required to prevent my host GNU social from suffering? How would a new user from a centralized social network know which GNU social is the right one to start with?

I have not read enough about how GNU social works and hope to find out how/if this issue can be resolved.


It's the correct answer for the web.

You don't get to be st3v3r everywhere, you get to st3v3r@st3v3r.com if you have that domain.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: