Fatal flaw with Mastodon

What use social media if know not with who one is communicating?

oops

Many who have tried Mastodon have complained, out of service.

But they are missing the point of a distributed service. If one node down, then go to another and register there. A list of nodes is provided.

But herein lies the fatal flaw.

I attempted to register at Mastodon Social. Not possible. I tried two more, no confirmation e-mail. Third time lucky, I registered at Octodon Social.

For consitency, same user ID as on twitter, Medium and wordpress.

• @keithpp → https://twitter.com/keithpp
• @keithpp → https://medium.com/@keithpp
• @keithpp → https://octodon.social/@keithpp → keithpp@octodon.social

Except there is a problem, a fatal flaw, this ID is not transmitted across the network.

Anyone can register @keithpp at any other node.

I could register at every node, several hundred nodes, soon several thousand if not tens of thousands if not hundreds of thousands, I will then own, but each one would be different unique ID, even though they are all registered to me, using @keithpp for ever single one.

I would have to log in to every single node to use, to send or read messages.

If other people have registered @keithpp then who are we communicating with?

Christina y Paulo / Paulo Coelho

On twitter, only one Brazilian writer Paulo Coelho, author of The Alchemist, only one unique twitter account

• @paulocoelho → https://twitter.com/paulocoelho

but many fake accounts masquerading as Paulo Coelho.

But imagine the nightmare of Paulo Coelho on Mastodon, potentially several hundred accounts

• @paulocoelho

which one the real one?

It has been suggested there may be many example of Keith Parkins. This is true, but enitirely misses the point of unique IDs.

Matthew Cropp has written

Yet there can only be one mattcropp@mastodon.social. In Twitter, similarly, there can be only one mattcropp@twitter.com, but the domain is implicit rather than explicit because Twitter/medium/insta/etc. are monopolistic by design and thus non-interoperable with other domains. If this is the case, then it is not a structural problem with Mastodon at all, but actually has great pedagogical value, as it encourages users to see social network identities as they actually are, rather than in the truncated form presented to us and normalized by the platform monopolies.

I agree Matthew Cropp.

Only one

• mattcropp@mastodon.social

same as only one

• keithpp@octodon.social

which makes it unique.

We do not exist as

• mattcropp@octodon.social
• keithpp@mastodon.social

But disagree with the conclusions drawn.

But that is not what people will see, irrelevant of what is displayed.

And what is displayed, is truncated, thus would look the same across different domains.

And it is to introduce unnecessary complications.

They will see

• @mattcropp
• @keithpp

They will not look at what makes it unique.

And that is what they will use to address a message to, or to see who a message is from.

What if more than one of these?

Does the system then ask which one we want?

And if it did, would people know?

This simply renders to all practical reason, unusable.

And if I register all, which would be impracticable, I would have to check all for messages, send messages from all as each would have different set of followers.

This has to be fixed.

If it cannot be fixed due to the way Mastodon is structured, then it is unusable.

That is why I am recommending network is suspended until this is fixed.

What Matthew Cropp has described is not a distributed system, it is isolated islands with weak links.

To function, it has to function as a network, a self-adapting network.

What happens if one node is down, temporary or worse still, permanent?

This is a nightmare.

I am surprised it was ever allowed to arise.

We have to know who we are communicating with.

As an aside, a niggling issue, the failure to display, as does twitter, where a link goes. Important, assuming that was why the link was posted, to encourage to visit.

We have an underlying more fundamental issue, which ellipses the fatal flaw.

How do we know who any digital entity is?

Provenance is one.

If I existed before Mastodon, then what I say is me, is me on Mastodon.

And my provenance goes back to when few people had heard of the internet, let alone knew what it was.

But ultimately need some form of crypo-secure ID verified by humans.

For example a signed pgp key.

The PGP public key fingerprint, obtained through a tamper-proof medium (fax, telephone conversation, publication in a book or journal et cetera), can be used to verify the validity of a key.

A printed personally signed copy of my PGP public key fingerprint can be obtained direct from myself — a nominal fee of 150 faircoin is levied for this service.

My PGP public key fingerprint can be viewed by using the command

pgp -kvc "Keith Parkins"
Type Bits/KeyID    Date       User ID
pub  1024/B09CC89D 1996/04/22 Keith Parkins <10 GU14 6QJ England>
            Key fingerprint = 2A 66 6A 8F 91 42 48 C8  48 98 38 AD 2F D3 45 08

The only truly secure way to obtain a PGP public key is direct in person from its claimed owner or via a trusted emissary.

Mastodon Social