Here’s an idea to make Lemmy even better: true account portability.
Right now, your Lemmy account and all your content are tied to one server. Moving instances or having one shut down means losing your digital presence. Frankly, the server controls your online identity.
But what if you controlled your identity?
I’ve opened a discussion on the Lemmy dev GitHub about integrating Decentralized Identifiers (DIDs). Think of a DID as a permanent, global ID you own, independent of any server.
Why DIDs are a game-changer for Lemmy:
- Real Account Portability: Move your entire account – posts, comments, followers – to any new instance seamlessly. Your identity travels with you.
- More User Control: Your online presence becomes resilient, managed by an ID you control, not governed by a single server’s policies.
- Proven Tech: It works. Protocols like ATProto (Bluesky) successfully use DIDs for portable user identities.
- Full Fediverse Compatibility: We can add DIDs to Lemmy while staying fully interoperable with Mastodon, Kbin, and all other ActivityPub platforms. No breaking changes, just a powerful upgrade.
This is a big step towards a more decentralized and user-controlled fediverse. If you’re interested in more control over your digital self, check out the discussion:
[GitHub Issue: https://github.com/LemmyNet/lemmy/issues/5942]
If you’re on other ActivityPub platforms, consider pushing for similar solutions! The more platforms that adopt truly portable identity, the stronger the fediverse becomes.
Whelp here I go again
Why not GPG!!??
I’ve been working on my own idea for what the “fediverse” should be, I’m calling it userless because I want to avoid users in the database and I wanna use GPG as the individuals identity because it already exists and can yes perfectly verify for me who created a post, I’m not sure why we need more than that.
I haven’t flushed the whole thing out yet and I plan to hand write proper docs for the protocol.
But GPG has been around since forever. I’ve been told that it’s too hard to use, it’s insecure, it’s too old. And when I use the thing I just don’t agree, there is nothing technically wrong with the product like it should be way more popular.
So Activpub needs an actor with an inbox and outbox to send and receive content. A did is a virtual actor that reroutes to a real actor and collects content across real actors. Ideally can send an activity to a did which is resolved to the current home instance. And the did stores ur profile picture a public key display names bio etc etc. U could use pgp as the key in the did if the devs want to support it as a cryptography protocol. The did is also used to sign each message similar to pgp. U simply need more functionality than what pgp provides
Gpg public keys have a dedicated email address field. And if you don’t want to share your “real” email address then just make a new one. (edit) Or don’t include one.
Yeah that’s a pain point I experienced with Gpg armored packets, I couldn’t figure out a way to pack in a PFP. Even shrinking it to 64x64 made the public key file feel too heavy. So I just decided profile pics are out of scope and you should just use gravatar.
I 80% agree. I do wish PGP armored packets had extra fields and if that’s an RFC that could be sent to the Gnupg maintainers then gpg would be absolutely perfect but I haven’t gotten around to figuring that out. All things considered since GnuPG already exists and it’s already installable everywhere and it already works I figured I could just roll with it for userless atleast. I want to use GPG for all user authentication related concerns.
Where is that virtual actor hosted? If it’s centralized, I feel like it defeats the purpose of user-centric identity control. If it’s user-hosted, that sounds like GPG with extra, even more inconvenient steps.
Its both. It can we a json file served from some webserver. It can be a peer hosted thing where a bunch of instances host it on your behalf. It can be something that exists on your designated identity server. It can be a transaction on a blockchain. And as long as the software knows how to resolve it they all work.
Having to figure out hosting, no matter if it’s self, peer, or whatever else hosting, kinda makes this proposal DOA I think. It’s kinda using a jackhammer for a problem that’s already been solved by a screwdriver.