It was a few months ago and I don't recall the details but I tried installing both, and Pleroma's intall process was noticeably easier. So it's just my experience.
Mastodon also has this reputation on its own platform.
no, we really don't. Not every tool needs to be equipped for private discussions. ActivityPub and OStatus are used for Twitter-style communication. Those aren't high security communication services.
They turn into security problems in aggregate. For example, the threat to me from actors slurping up social media data to nudge/manipulate people at a large scale is much larger than the threat to me than someone reading my group chats to my friends or a lot of other personal info that is generally considered more private and more in need of high security.
If my personal twitter-style communication got out it would be worse to me than my more private messages, but it is worse to me personally if all the twitter style communication gets out than only my more private messages.
You have to account for manipulative big data risks in your analysis, thinking only about your personal data is an outdated approach.
Yes, and this was known to the main developer. There were easy ways to make it at least private if the other server was trusted, but they chose to not implement them.
this doesn't make much sense. The very easy way to add AP-level privacy to ostatus was to just use a different salmon endpoint for private messages. This way, messages would never have federated to servers that don't respect privacy settings (by accident. if the server leaks on purpose, that's a different story).
This solution was discussed at length with mastodon devs before the implementation of the private messages. It was ignored. Now we have a situation were Mastodon is likely to switch off OStatus soon, leaving behind all those projects that don't have the dev resources to rewrite their core federation systems every few years.
The Ostatus/AP dual stack is also pretty hacky and not even valid according to the AP spec, although it's getting better all the time.
Privacy on the level of AP would have been very easy to add, by just using a different salmon endpoint for private messages. This was discussed at length back then, but Mastodon still chose to implement the leaky-by-default changes. There's nothing in AP that can't be done using OStatus, with very very minor extensions.
In OStatus 'salmons' are messages sent from one server to another that contain posts. They are signed, so the receiving server knows if it can trust it.
If person peter@example.com mentions bob@differentsite.org, a salmon is sent from example.com to differentsite.org containing the message. The endpoint that this is posted to is the 'salmon endpoint'.
Using a second endpoint for privacy enhanced messages would have the way to go. Old servers wouldn't ever receive private messages, while new servers that understood the extensions could have kept 90% of their old code and infrastructure.
Oh that's nice, thanks for the explanation. I'm currently working on a social network and I like the idea of being able to connect with other ones via open standards. I need to do more research on implementation.
there's #social on freenode, although it's not very active. You might have more luck asking your questions on #pleroma on freenode (another Ostatus/AP server) or on the mastodon discord.
This is something that was always a problem on Mastodon, but you can use other fediverse servers like https://social.sakamoto.gq/main/all to look at the network, they show things publicly.
