How assured am I that, for example, if @sombody@someinstance.social toots something that shows up on my timeline, the message is really from the account and instance it claims to be? What is there to prevent an attacker from editing feeds to spoof other people's identities?
This is important to me because, if I want to set up a bot to respond to someone tooting, I'd like to be assured that the toot was authorized by the account it claims to represent.
@Spike all toots are signed by the senders instence when your instance is notified by them. So it comes down to how much you trust your and the senders instance.
@geekylou So, I can trust that the instance is authentic, but not the individual. Good to know. Thanks!
@Spike sorry otherway around you if you trust the instance you can trust the user is authentic.
@Spike the gory details are here: http://www.salmon-protocol.org/salmon-protocol-summary