I’m genuinely worried it’s yet another deliberate denial of service against our ability to detect evil. I work extra hard to only pay attention to what is actually done that seems like it could stick.
Mostly I trust that good people in positions of trust (e.g. ACLU or EFF) will call out when there’s an opportunity for mass mobilization to make a real difference.
My own “we need” list, from a dork who stood up a web server nearly 25 years ago to host weeb crap for friends on IRC:
We need a baseline security architecture recipe people can follow, to cover the huge gap in needs between “I’m running one thing for the general public and I hope it doesn’t get hacked” and “I’m running a hundred things in different VMs and containers and I don’t want to lose everything when just one of them gets hacked.”
(I’m slowly building something like this for mspencer.net but it’s difficult. I’ll happily share what I learn for others to copy, since I have no proprietary interest in it, but I kinda suck at this and someone else succeeding first is far more likely)
We need innovative ways to represent the various ideas, contributions, debates, informative replies, and everything else we share, beyond just free form text with an image. Private communities get drowned in spam and “brain resource exhaustion attacks” without it. Decompose the task of moderation into pieces that can be divided up and audited, where right now they’re all very top down.
Distributed identity management (original 90s PGP web of trust type stuff) can allow moderating users without mass-judging entire instances or network services. Users have keys and sign stuff, and those cryptographic signatures can be used to prove “you said you would honor rule X, but you broke that rule here, as attested to by these signing users.” So people or communities that care about rule X know to maybe not trust that user to follow that rule.
I’m part of the problem, a tiny bit. For altruistic reasons - ok more like “I’m kinda weird, maybe this will make people on IRC like me more” reasons - I ran mspencer.net and hosted web pages for people for free. Ended up with web content for around 100 people, and they weren’t all just using it as a drop box. (Older than wikipedia.org by 199 days, woo!)
Hosted on ancient hardware, nothing even remotely approaching a modern security architecture, I eventually left it to run un-maintained until the IDE HDD died. More recently I got the data off of it. (Heads unstuck themselves while in a cardboard box for a decade? Dunno.) But I don’t know how to get everything back online in a safe way.
I’m a proper software engineer now, I can kinda see how work handles securely hosting web services. Now just throwing everything together on one box feels too lazy and insecure. But I can’t figure out a reasonable security architecture to use. I thought I had one, but I failed to account for VM jackpotting attacks. And it feels like it takes me a month to do what a competent ops person can do in a day.
But that’s a discussion for a different comment section.
Passkeys make plausible deniability more difficult. “This user name isn’t necessarily associated with my real world identity” permits some important good things.