Security isn’t about protecting everything from everything. It’s knowing what you’re protecting from what (and what you’re not protecting). That’s why we use threat models.

An analogy: you don’t protect food from the environment; you protect different types of food from different factors of the environment. You might design a heat lamp to protect the freshness of your dinner but a freezer for your ice cream. What you don’t do is design a heat lamp and assume it’ll protect your ice cream also.


Do you know of any threat models for anything in the fediverse?

@bhaugen On the fediverse, in its current incarnation at least (if we’re talking about ActivityPub), there is no expectation of privacy. Everything is public. I don’t know if there’s a formal threat model of ActivityPub in the spec (it’s been a while since I looked at it).


I don't see any mention of "threat" in the spec. But I assume you know that @cwebber is working on AP-related code that is aimed partly (but not only) at privacy:

Threat model? Sorta informal, list of problems...

Sign in to participate in the conversation

A Fediverse instance for people interested in cooperative and collective projects.