I noticed that there were some accounts that were hijacked by the instance owners. All the posts from that user were then edited to say what happened.
This kind of surprised me, I figured instances could delete posts, but not edit them. So how much control do they have?
I assume they can’t see my password (hopefully). Can they post in my name? Do they have all the access to my posts to foreign instances that they do over local posts?
Edit: thanks for all the responses everyone! I’ve wanted my own instance for a while, but maybe I’ll get on it now
Lemmy needs GPG signatures!
Admins would still be able to change your key, wouldn’t they?
Sure but you can also post your public key somewhere else for people to verify.
Or instances could store public keys of users from other instances, sorta like blockchain validation.
Public/private keys are already part of the ActivityPub validation mechanism. Every user/community/server has their own unique keys.
Your public key is:
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6yo7z/lmj/W1G5+/FnIg\nVqqLWq/h5MU88eUB6DaJkEqaz0hTslG21MaMT0KmgAnef0PwvchnPDryIUKXHY6z\nk34KakBUpgZWbGEeqm0r4YdRVHU5a+l8Rbb4lH5pp0I1IdiGftMYuYcON92V8F8H\n4VRKMNe8kCwk8VbVovigqrNW288juqAeXNG9xanNE3a5Bjke6+HlG0fa1lU2xoIL\nevpqA85Xf/sd0qhrk4gt4Lqcwp7bNt6liDNubAnWRjeDbL8hmbkz/D047Ffw/zD8\nfdfkgPepF2YshvtuudhdKaAfM4fG0X+L+D0ujHdQZUMj89lRRRxT0TmzQniIyHJj\nAQIDAQAB -----END PUBLIC KEY-----
I found it using this command:
curl -H "Accept: application/activity+json" https://lemmy.dbzer0.com/u/DavyJones
This key is stored and under the control of your server admin, of course. It mostly exists to protect other people from impersonating you in the federated network.
There’s no reason why you couldn’t just wrap the messages you post in a PGP signature, though.
That could be an interesting idea. It might be needed at some point down the line