@cwebber So the one thing I'm looking forward to hearing more about is a very practical question: How do we avoid every user having their own version of the fediverse collective database?

Like, ocap'd LD objects would embed authz concerns in their identifiers (URLs), right? So each user would get their own set of URLs for all the stuff they interact with?

This sounds bad for scaling? And also I suspect will break some things unless AP/AS/LD can deal with "object identity" vs "object handle.

@ben @cwebber let me repeat: assuming you trust your browser and the TLS ecosystem, u2f is not phishable.

@cwebber also, with that specific definition of MiTM, some 2fa can be.

If you trust your browser has not been compromised and the TLS ecosystem is intact, otp and sms can be MiTM, while u2f cannot be.

(U2f does a bunch of device-side crypto that incorporates the host information)

@cwebber ummm... That's not a MiTM. Like, if the code of a service is compromised, that is Game Over and you're helpless as a user.

There's steps you can take to prevent this as an operator.

I've only seen man in the middle to refer to "i control the network between you and the service." I've never seen it refer to "I've compromised the service."

@VyrCossont @cwebber I think the point is that code is internally limited so different libraries can't access data or services they're not supposed to?

So in this case, the library can't exfiltrate data because it can't network.