• Hotzilla
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Fediverse adds level of complexity on it, like you mention.

    Malicious Lemmy instance could man-in-the-middle by providing it’s public key in behalf of the user in other side. Normally this can be mitigated by CA, but CA doesn’t fit very well in decentralized system.

    You could add AES with users own password, but problem is that same malicious instance could also steal users password.

    IMHO false sense of privacy is worst than knowing that stuff is unsecure. Again in my opinion fediverse is comparable to yelling in town square.