Here’s an idea to make Lemmy even better: true account portability.
Right now, your Lemmy account and all your content are tied to one server. Moving instances or having one shut down means losing your digital presence. Frankly, the server controls your online identity.
But what if you controlled your identity?
I’ve opened a discussion on the Lemmy dev GitHub about integrating Decentralized Identifiers (DIDs). Think of a DID as a permanent, global ID you own, independent of any server.
Why DIDs are a game-changer for Lemmy:
- Real Account Portability: Move your entire account – posts, comments, followers – to any new instance seamlessly. Your identity travels with you.
- More User Control: Your online presence becomes resilient, managed by an ID you control, not governed by a single server’s policies.
- Proven Tech: It works. Protocols like ATProto (Bluesky) successfully use DIDs for portable user identities.
- Full Fediverse Compatibility: We can add DIDs to Lemmy while staying fully interoperable with Mastodon, Kbin, and all other ActivityPub platforms. No breaking changes, just a powerful upgrade.
This is a big step towards a more decentralized and user-controlled fediverse. If you’re interested in more control over your digital self, check out the discussion:
[GitHub Issue: https://github.com/LemmyNet/lemmy/issues/5942]
If you’re on other ActivityPub platforms, consider pushing for similar solutions! The more platforms that adopt truly portable identity, the stronger the fediverse becomes.
As someone with DID (Dissociative Identity Disorder) please pick a different name/acronym
Hey, consider yourself lucky. People who go to Cognitive Behavioral Therapy have it so much worse
i didn’t name it that’s what its called.
Bad news champ, it’s already in mainstream use.
Fuck the mainstream
I don’t like LLMs either, but I think its harsh to just close the discussion because someone used an LLM to rephrase someone’s initial idea…
Whelp here I go again
Why not GPG!!??
I’ve been working on my own idea for what the “fediverse” should be, I’m calling it userless because I want to avoid users in the database and I wanna use GPG as the individuals identity because it already exists and can yes perfectly verify for me who created a post, I’m not sure why we need more than that.
I haven’t flushed the whole thing out yet and I plan to hand write proper docs for the protocol.
But GPG has been around since forever. I’ve been told that it’s too hard to use, it’s insecure, it’s too old. And when I use the thing I just don’t agree, there is nothing technically wrong with the product like it should be way more popular.
So Activpub needs an actor with an inbox and outbox to send and receive content. A did is a virtual actor that reroutes to a real actor and collects content across real actors. Ideally can send an activity to a did which is resolved to the current home instance. And the did stores ur profile picture a public key display names bio etc etc. U could use pgp as the key in the did if the devs want to support it as a cryptography protocol. The did is also used to sign each message similar to pgp. U simply need more functionality than what pgp provides
So Activpub needs an actor with an inbox and outbox to send and receive content. A did is a virtual actor that reroutes to a real actor and collects content across real actors.
Gpg public keys have a dedicated email address field. And if you don’t want to share your “real” email address then just make a new one. (edit) Or don’t include one.
And the did stores ur profile picture a public key display names bio etc etc.
Yeah that’s a pain point I experienced with Gpg armored packets, I couldn’t figure out a way to pack in a PFP. Even shrinking it to 64x64 made the public key file feel too heavy. So I just decided profile pics are out of scope and you should just use gravatar.
U could use pgp as the key in the did if the devs want to support it as a cryptography protocol. The did is also used to sign each message similar to pgp. U simply need more functionality than what pgp provides.
I 80% agree. I do wish PGP armored packets had extra fields and if that’s an RFC that could be sent to the Gnupg maintainers then gpg would be absolutely perfect but I haven’t gotten around to figuring that out. All things considered since GnuPG already exists and it’s already installable everywhere and it already works I figured I could just roll with it for userless atleast. I want to use GPG for all user authentication related concerns.
A did is a virtual actor that reroutes to a real actor and collects content across real actors
Where is that virtual actor hosted? If it’s centralized, I feel like it defeats the purpose of user-centric identity control. If it’s user-hosted, that sounds like GPG with extra, even more inconvenient steps.
Its both. It can we a json file served from some webserver. It can be a peer hosted thing where a bunch of instances host it on your behalf. It can be something that exists on your designated identity server. It can be a transaction on a blockchain. And as long as the software knows how to resolve it they all work.
Having to figure out hosting, no matter if it’s self, peer, or whatever else hosting, kinda makes this proposal DOA I think. It’s kinda using a jackhammer for a problem that’s already been solved by a screwdriver.
how would one find someone’s DID public key/ DID documents? wouldn’t it have to be hosted on some single trusted server?
No thats the whole point of a DID. Its an existing standard that has been established to manage decentralised identity. Their exists multiple ways to handle it so a did is did:source:id where the source can be many different things blue-sky uses a group of trusted identity server, but u can use a selhosted file, the blocckchain all sorts of things. Hell u could even use bluesky u could have the same login for ATproto (bluesky) and activpub (lemmy)
ah yeah that makes sense
yeah, that’s doable, I would do it like this: DIDs could just be cryptographic signing keys, and your client could just sign all your posts, and send it to any server, which will federate that. same with the upvotes/downvotes(timestamps will have to be signed so a server could not just replay an upvote or downvote if you change your mind) in this case, servers will only be useful for naming(and keeping the bio and public signing key) and relaying the messages to other servers. what’s described is pretty much that.
DID already exist they are a Decentralised IDentiy (DID) it is a keypair and user data so usernames, profile, bio, and a list of accounts across different instance that allows associating post comments likes etc.
Yeah I don’t think this is gonna get anywhere when the easiest alternative to controlling your account is to just host your own Lemmy instance, and you can do that literally right now with no changes to Lemmy or the protocol.
It’d be nice for ActivityPub to support optional GPG signatures for those that want to have that level of control. That would get you all the identity verification that this new fangled did stuff gets you, with the added bonus of GPG being a reliable, existing, proven technology that people already know how to support.
Did also allows portable identity so ur home instance is whatever instance u feel like. Did has been tested and proven reliable its in use by lots of different applications.
This could be easily solved with domain name and certificates
what by having all users exist on a centralised server? That sounds like vendor lock in which is exactly what federation was trying to avoid.
