Security isn’t about protecting everything from everything. It’s knowing what you’re protecting from what (and what you’re not protecting). That’s why we use threat models.

An analogy: you don’t protect food from the environment; you protect different types of food from different factors of the environment. You might design a heat lamp to protect the freshness of your dinner but a freezer for your ice cream. What you don’t do is design a heat lamp and assume it’ll protect your ice cream also.


Do you know of any threat models for anything in the fediverse?

@bhaugen On the fediverse, in its current incarnation at least (if we’re talking about ActivityPub), there is no expectation of privacy. Everything is public. I don’t know if there’s a formal threat model of ActivityPub in the spec (it’s been a while since I looked at it).


I don't see any mention of "threat" in the spec. But I assume you know that @cwebber is working on AP-related code that is aimed partly (but not only) at privacy:

Threat model? Sorta informal, list of problems...

Sign in to participate in the conversation is a cooperatively-run corner of the Fediverse. The instance is democratically governed by its members, who generally share an interest in the co-op model, but topics of discussion range widely.

If you are interested in joining our community, please review our Bylaws and Code of Conduct. If you agree with them, you may apply for membership on our instance via this link

Our instance is supported by sliding scale contributions of $1-10/mo made via Open Collective. You must have an active Open Collective account to apply for membership; you may set one up here