alt Hacker NewsThis cheap criticism of the headline doesn’t actually apply to the problems brought up in the article:
> Your PDS operator can post as you, like things as you, follow people as you, and it would be cryptographically indistinguishable from your real activity. The signatures are valid.
Your domain name owner or DNS provider cannot redirect your domain name to a different server and cryptographically impersonate you.
Replies
jacobgold • today at 3:51 PM
Your DNS provider can obtain a TLS certificate for your domain and cryptographically impersonate https://yourdomain.tld
It's not exactly the same thing but it's close.
➕ show 1 reply
Kind of. Your PDS can impersonate you but you can have higher ranked "recovery keys" that can undo/recover all the damage.
Socially whether you can explain off that your PDS acted maliciously or that it was hacked or whatever is a different story but if you keep recovery keys for your DID you can take back control and undo everything your PDS did that you didn't authorise pretty trivially. The UX for it needs to be improved but technically the process is super simple/straight forward.
And those recovery keys provide a mechanism for declaring "hey i didn't do this I was hacked" on top of specific events but nothing for taking advantage of that cryptographic opportunity has been built out yet.