I’m new to fediverse. For a long time I assumed it would be possible to have a single identity separate from the ActivityPub instance I’m using and tried to figure out what am I missing. Recently, I figured out that it was not the case. People generally have multiple accounts for interacting with different aspects of fediverse. It still bothers me a bit. So I did a search and found this note from 2018 that summarizes my thoughts very well.
I’m wondering if there are others thinking about this, or having multiple accounts has been accepted as the “correct” way of interacting with fediverse?
I think separating identity from the instances would really be a step forward, but as I said, I’m new to this and maybe there are things I don’t understand?
deleted by creator
I use identity to mean “account” here. Like a Google account that can be use both in Gmail and YouTube.
deleted by creator
I’m really surprised it’s not been done already. It should be trivial to do federated authentication with your original instance on any other, and then your account data can be synced just like content is.
having multiple accounts has been accepted as the “correct” way of interacting with fediverse?
No. You are right that there should be a better separation between your identity and the servers that you use to connect/interact with the fediverse. It just so happens that the existing solutions have been “good enough” for the majority of people, and there are many other issues (content discovery, reputation, server scalability…) that seem to be more pressing than that.
However, there are some other projects which are on the way to make it possible for people to use one server but have their identity separate. Mitra uses Ethereum wallets as a way to login to the server, while Takahe keeps separate domains for the server and the user’s actor ids, which would let you, e.g, sign up with your own id to any server. This would essentially turn ActivityPub servers into a commodified provider, and people could migrate between servers transparently.
Thanks for the explanation and the links. It’s good to hear that there are people working towards this goal.
Yeah, I was endlessly confused that I couldn’t use my social.technics.de account to login anywhere but Mastodon, as I’m pretty sure I had been promised. I suppose I eventually just accepted that I’d misunderstood some aspect of the concept but it did slow down my switch to the Fediverse considerably.
I was super confused by that too.
It’s worth noting, however, you’re often able to post the link to a post on another Fediverse platform into the search bar of a Mastodon instance and interact with it from there. I was able to do that for a Pixelfed post.
It seems my first message was not delivered, so here it is again (Sorry if it gets double-posted, I will delete the second one if the first one shows up, eventually):
I’m not sure whether AP has such a mechanism as an instance independent identity (to my knowledge: It does not).
The Fediverse, however, has: In the Zot (in Hubzilla) or Nomad (in (streams) ) protocol, identity can be moved or cloned between instances. Both (Hubzilla and (streams) ) are compatible with AP, so you can use this ID with most AP platforms - as long as they do not implement a non-standard AP version: Some people call what Mastodon implemented “Mastopub”. But even then, this is more a problem for the other platform’s side like Mastodon, usually the Hubhzilla devs make it work on their platform). Both also have a wide range of functions, so there is hardly and function you cannot participate in using Hubzilla ( (streams) is a bit more limitied for ease of useability, but still offers most relevant functions).
On these Zot/Nomad platforms, the login for the instance is not your identity. In fact, you can have multiple identities tied to your login. Also, the identity is not your webbie - The webbie is rather an attribute to your ID, like a primary key ID in a database. In fact, it’s rather a link to your ID, so you change have multiple multiple webbies with your ID in parallel. This effectively means, I can login into multiple instances with various accounts, and still access the synchronized content for the independent ID (which is secured against fraud with a personal and foreign key/hash).
This has been named “nomadic identity” (I prefer portable identity, but I wording is not the key here). All connections / following / subscription within the Zot and Nomad protocol are handled via the ID, not via the webbie. Even non-capable platforms can connect to your primary webbie (which can be freely chosen and shifted…), and the protocoll implementation will deal with all requests to any of the webbies - as long as they exist. When you delete an account or instance, all AP connections are lost (as they, on their side, only know the webbie). All Zot/Nomad connections maintain the connection (as they address the ID which exists independent from / across all instances).
As I understand it, the Nomad protocol is a transitional step from Zot closer to AP, to demonstrate how AP would be capable to do the same, using the most recent protocol definition. So Mike (the main dev) tries to inspire the AP world to implement this on other platforms.
This was sent from my Hubzilla ID to Lemmy. I do maintain a Lemmy instance out of curiosity, but I prefer to use Hubzilla for everything. I could register a Mastodon, Pleroma, Funkywhale, or whatever ID on another instance. But what for…?
BTW: Hubzilla is even compatible with the diaspora* and GNU social protocol, even though at least diaspora seem to not support any compatibility efforts on their side. Hubzilla has been programmed around most of their quirks to make it work, although the do not care. (streams) ditched this burden and focussed on compatibility to Nomad, Zot, and AP.
Mhm, you could just add a link to your homepage to your bio which could help associate your various accounts to yourself.
Myself I had used several accounts to access several instances on mastodon, but soon after I realised that I could just follow tags and users across instances anyway, so why keep them alive.
Having several instances of Mastodon is probably not that big of an issue. I would expect one of them to win over time. But it’s not straight forward to use a Mastodon account when interacting with lemmy, PeerTube, PixelFed, etc. If I could get the identity (my handle) from a single place (like some neutral non-profit) and could use it on everything, that would be better. But I guess that’s not happening any time soon.
I’m in the same boat. Would be good to have the ability to have a single identity that works across the fediverse. As a first step if you have your own domain anyway, it’d be cool to alias that to different underlying Mastodon/Kbin/Pixelfed/etc. accounts. It’s possible to some small extend using the “Webfinger” protocol: https://philna.sh/blog/2022/11/23/alias-your-mastodon-username-to-your-own-domain-with-jekyll/
I think being able to migrate your identity from one instance to another is a core requirement to fulfilling the promises of federation. The idea is to be able to freely leave a bad instance, but all you can do now is completely start over on a new instance, losing all your posts and followers. That’s way worse, and not how it should be imo. No big instance has gone rogue yet afaik, but as soon as one does this will be a major issue!
To really accomplish that we would have to create a mechanism for a user to own their own identity, e.g. in form of some sort of secret key file. This would introduce a huge number of usability issues though! Handling key files is really hard, so that’s probably not an option in the near future.
What we definitely should add is some sort of instance single-sign-on, so you can log into another instance by having your original instance authorize the login attempt. This should then allow the new instance to use your original account (for subs and posts), and also migrate that account to the new instance (update handle on all your posts, migrate your followers, …). This would be a bit worse than owning your identity, because your original instance could just refuse to authorize any SSO attempts, but it would still be a big improvement imo.
Maybe we can also just combine the two, so instance SSO and being able to download an identity key as backup.
What we definitely should add is some sort of instance single-sign-on, so you can log into another instance by having your original instance authorize the login attempt.
In Hubzilla / (streams), that existing functionality is called “remote login” (or technically “OpenWebAuth = OWA”) - and it’s the prerequisite to share access-controlled local content with connections - Unfortunately, this work only with Hubzilla/(streams) identities, because AP does not support this…
It would be a blast if this mechanism could be transferred to the AP world (after all, it’s freely available open source…) and let us share the local content functions with our AP connections…
Idk how I feel about easily migrating accounts from one instance to another or even having my password pass between instances on activypub. If it’s easy to migrate an account then it would be possible for an admin of a rogue instance or even just a rogue admin of a perfectly fine instance to take your account. One thing I learned since joining is these accounts are kind of disposable. Personally I only have 2 on 2 different instances one of which is lemmy.world which is/has grown a whole bunch in the last few weeks. Personally idk how that kind of growth is sustainable on this kind of platform and I’m not shocked they are running into issues. When an instance explodes the way lemmy.world has they need to make an extreme investment into the server side of the instance to keep things running smoothly and that doesn’t stay cheap or easy for very long.
If it’s easy to migrate an account then it would be possible for an admin of a rogue instance or even just a rogue admin of a perfectly fine instance to take your account.
This is the case right now. Admins of your instance have full control over your account. They can remove it or lock you out at any point if they want to.
Remove yes but not transition it to a new instance. But this is one of the reasons I’m using a temp email and unique username and password for each account that isn’t tied anywhere else. More things are easy to gather together knowledge wise compared to say reddit.
Remove yes but not transition it to a new instance
I don’t see how this is worse than completely removing or taking over your account.
I guess its really not in the big scheme. Idk just makes me nervous counting on so many people to store and manage my password in a smart way but I don’t know a lot about Lemmy or activitypub so maybe that’s all handles outside of instance admin control.
Remember that this is how every service you sign up for works. What’s special about Fediverse services is that they synchronize posts between the instances, other than that they work like any other website or app.
Yeah that’s true. Just feels different when it’s a company and not potentially some random person in their basement.
If you have ever been cyber stalked, you may prefer to have anon avatars, names etc. Having been stalked I prefer to have the option.
Most of us are pretty innocuous but trolls, scam bots, agenda pusher, junk sellers, etc are not something I want …
Be safe.
Maybe I wasn’t clear enough in my wording. I didn’t mean to say everybody shoukd/must have a single account. And separating identity from content doesn’t necessarily enforce it. Think about crypto wallets. They provide some sort of an identity, but anybody can have an infinite number of them. Now, I’m not saying crypto wallets should replace fediverse identities. I don’t even have one. But, I could log into all fediverse instances with a single account, that would make things much easier for everybody:
- New comers would just get an identity without stressing over which instance to pick for a handle
- People who care about their privacy would just create as many identities as they like
- People who want the convenience of having a single account would get it
- Those who want a different account for each of their interests (gardening, music, politics) could still do that easily
Nothing prevents someone from following you on your instance. Knowing the sum of your interests gives me more information than the sum.
So, to avoid having your profile being made and exploited, you could split account by interests.
As an example: Someone interested in videogaming and driving Ferraris has a lemmy account he uses to posts on both subjects. Some mar*keting bot wil report “This guy certainly has a high budget for his videogames. Let’s sell him expensive racing games with exclusive Ferrari logos & goodies”. If that person had one account for video games and another one for ferraris, he’d be protected from that.
But yes, everybody should feel free to use a single wide use account.
I don’t think what you say contradicts with what I said. If we separate “identity providers” from “content hosts” a person could easily go get as many accounts as they like (just like getting many gmail accounts) and then use them to log in to any content networks they are interested in. I didn’t suggest that everyone should have their own instances of anything.