I don’t understand how this will help deep fake and fake news.
Like, if this post was signed, you would know for sure it was indeed posted by @lily33@lemm.ee, and not by a malicious lemm.ee admin or hacker*. But the signature can’t really guarantee the truthfulness of the content. I could make a signed post that claiming that the Earth is flat - or a deep fake video of NASA’a administrator admitting so.
But the signature can’t really guarantee the truthfulness of the content. I could make a signed post that claiming that the Earth is flat.
important point, but in a federated or distributed system, this signed posts/comments may actually be highly beneficial for when tying content directly to an account for interaction purposes. I have already seen well-ish known accounts seemingly spoofed on similar looking instance domains.
distribution of trusted public keys would be an interesting problem to address but the ability to confirm the association of a specific account to specific content (even if the account is “anonymous” and signing is optional) may lend a layer to of veracity to interactions even if the content quality itself is questionable.
edit: clarity (and potential case in point - words matter, edits matter).
Sure, but that has little to do with disinformation. Misleading/wrong posts don’t usually spoof the origin - they post the wrong information in their own name. They might lie about the origin of their “information”, sure - but that’s not spoofing.
Misleading/wrong posts don’t usually spoof the origin - they post the wrong information in their own name.
You could argue that that’s because there’s no widely-accepted method for verifying sources—if there were, information relayed without a verifiable source might come to be treated more skeptically.
No, that’s because social media is mostly used for informal communication, not scientific discourse.
I guarantee you that I would not use lemmy any differently if posts were authenticated with private keys than I do now when posts are authenticated by the user instance. And I’m sure most people are the same.
Edit: Also, people can already authenticate the source, by posting a direct link there. Signing wouldn’t really add that much to that.
I don’t understand how this will help deep fake and fake news.
Like, if this post was signed, you would know for sure it was indeed posted by @lily33@lemm.ee, and not by a malicious lemm.ee admin or hacker*. But the signature can’t really guarantee the truthfulness of the content. I could make a signed post that claiming that the Earth is flat - or a deep fake video of NASA’a administrator admitting so.
Maybe I’m missing your point?
(*) unless the hacker hacked me directly
important point, but in a federated or distributed system,
thissigned posts/comments may actually be highly beneficialforwhen tying content directly to an account for interaction purposes. I have already seen well-ish known accounts seemingly spoofed on similar looking instance domains.distribution of trusted public keys would be an interesting problem to address but the ability to confirm the association of a specific account to specific content (even if the account is “anonymous” and signing is optional) may lend a layer
toof veracity to interactions even if the content quality itself is questionable.edit: clarity (and potential case in point - words matter, edits matter).
Sure, but that has little to do with disinformation. Misleading/wrong posts don’t usually spoof the origin - they post the wrong information in their own name. They might lie about the origin of their “information”, sure - but that’s not spoofing.
You could argue that that’s because there’s no widely-accepted method for verifying sources—if there were, information relayed without a verifiable source might come to be treated more skeptically.
No, that’s because social media is mostly used for informal communication, not scientific discourse.
I guarantee you that I would not use lemmy any differently if posts were authenticated with private keys than I do now when posts are authenticated by the user instance. And I’m sure most people are the same.
Edit: Also, people can already authenticate the source, by posting a direct link there. Signing wouldn’t really add that much to that.