@Elucidating TootCrypt's desktop reference app stores keys in Ring 0 (kernel) where possible, and runs in highly privileged contexts, using stable accredited libraries. That makes it immune to whole classes of web-based attacks, and doesn't need to sandbox itself from the browser. It assumes everything from the instance is untrusted, and can easily sanitise the defined APIs, instead of having to sanitise an entire web application.

The reductionist message "demand open source software" strikes me as a poor message that has been misunderstood. it was never meant as a call to insist that you are entitled to have everything for free.

it was telling you to lever your status as a consumer of commercial products to demand fairer and reciprocal relationships from corporations who were pushing that relationship in to the abusive, not telling artists and creators you deserve access to all their stuff at their expense.

@superbranch Which single spec for this federation do you feel exists?

Just had a chat with another "technologist" (haha) with decades more experience than me about the ins and outs of Mastodon's issues. From technical to social to federated to individual to admin to dev to moderator. Many hours of discussion of all the elements.

We agreed that some form of federal moderation committee is likely a must, as is a standards committee (for dev interoperability).

It's just unsustainable that everyone is essentially communicating primary by shouting over fences.