I have made a post about some Mastodon instances being associated with malware and explaining what I found: github.com/mastodon/mastodon/d

I think it can be interesting for people who are #mastoadmin + would love to have people from #cybersecurity have a look and share any feedback. Thanks.

their business model does not really require a low false positive, quite the opposite actually. most commercial AV are slimeware and borderline malicious scaremongering subscription scams.

@yes @evelyn True, the problem is that the majority of people have AV installed and have no knowledge. So, they assume the AV knows best. Can become tricky to get more people to start using small decentralised communities.

and yet again user education is lacking... a common theme.

Who determine what is and what is a useful service?

Another theme that keeps popping up is ppl on Fedi using (#)GriftHub.

Also as s part of a holistic movement towards , all instances should strive to federate over Tor or I2P.

We posit that federation over should be default because Tor don't like lots of traffic (eg. they don't recommend torrenting over Tor etc).

@hugo @evelyn

@dsfgs @hugo @evelyn i2p is too slow, use lokinet, https://lokinet.io/ it was made by an i2pd contributor.

Hi Nanachi,

I2P is fast a lot of the time. This is why bitcoin and torrenting is using I2P and why we think its perfect for Fedi. Fediverse really doesn't even need to be blindingly fast anyway, but it will likely be somewhat fast.

@hugo @evelyn

yea hi,

i2p is "fast" (50kbps per connection absolute max) yes, but suffers from bottlenecks, the scaling factors in i2p are relatively dismal. they have done a great job removing one shot elgamal from the protocol but the real issue is i2p integration is more invasive vs even .onion, lokinet uses dns as its primary "api" and as long as your resolver settings are set zero modifications are required to use it. i cannot suggest people suffer the pains of setting up i2p or onion connectivity when lokinet is a thing. but that it just me.
you are right, fedi does not need to be fast , it needs to be easy. lokinet seems so much better on that front vs everyone else.
one of the most useful things lokinet brings is hybrid mode on mainline fedi, if you have a clearnet domain you can still talk to .loki without needing a .loki domain, you just need lokinet dns on your instance, on the other end for .loki only they just need to pick an exit node for outbound federation to clearnet instances with lokinet dns. all of it turnkey, no mods required in any of fedi's stack. much easier to gain network effect with that vs everything else.
Sign in to participate in the conversation

To support this server and the OMN project https://opencollective.com/open-media-network