This is an opportunity for any users, server admins, or interested third parties to ask anything they’d like to @nutomic@lemmy.ml and I about Lemmy. This includes its development and future, as well as wider issues relevant to the social media landscape today.

Note: This will be the thread tmrw, so you can use this thread to ask and vote on questions beforehand.

Original Announcement thread

  • plasticmonkey@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    3
    ·
    1 year ago

    How come I can natively log into my Lemmy apps on iPhone / iOS, but with every single Mastodon app, it opens a Safari window to try log in?

    (Reason: I blocked the browser, and just want to use the apps I specifically chose as daily drivers, still testing out Lemmy + Mastodon apps.)

    • TheSaneWriter@lemmy.thesanewriter.com
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      That’s called OAuth2, it’s a security feature. By logging into the official UI and that UI returning a login token, potentially malicious mobile apps are prevented from stealing your login credentials. For Lemmy the majority if not all of the current mobile clients are safe, but if a malicious one sprouts up it could use native login to steal your credentials and store them on a malicious server.

      • plasticmonkey@lemm.ee
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        1 year ago

        Thanks so much for explaining. But why is it that Mastodon has that 0auth on every app, and Lemmy doesn’t? They both apps from the fediverse, just strange for them to be acting so differently.

        • mrlavallee@lemmy.world
          link
          fedilink
          English
          arrow-up
          11
          ·
          1 year ago

          Even though they are both fediverse they still are quite different and one of the important differences is that lemmy does not support oauth so apps don’t have that option, as for why all mastodon apps use it: it’s because of the security benefits to the user and (as a lemmy app developer) implementing auth is hard lol

          • plasticmonkey@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Oh okay, so does that mean that Lemmy is less secure and more prone to outsiders stealing login info, than with Mastodon? I ask as 0auth seems to be quite important based on some of the comments.

            • mrlavallee@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              1 year ago

              It does not mean that lemmy is less secure, but yes, it means that malicious app developers will have a much easier time stealing login credentials because entering them inside the app is already the norm. However this is definitely a feature that can be added so it does not mean anything bad long term

              • plasticmonkey@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                1 year ago

                Thank you for explaining. :-)

                So that would mean that there are no 100% secure Lemmy apps, that do have 0auth or something to ensure that bad developers don’t steal login information?

                EDIT: Added second part

        • Matt@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          1 year ago

          There’s no rules for the Fediverse, all it means is that they utilise the ActivityPub protocols to be able to federate with other websites that also use it (there’s others, but basically irrelevant now).

          Mastodon requires OAuth2 for apps to get access to your account because it was designed that way, and Lemmy wasn’t, it’s as simple as that. Any platform can be part of the Fediverse (including Reddit, Twitter, Facebook etc if they really wanted to), which also means that platforms can also do anything they want.

          • plasticmonkey@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Ah, write it off to my ignorance, still new to the Fediverse. Thanks for explaining, I just assumed that they would work the same, but also was wondering if it was an iOS thing, or a newer version of developing apps. As all the Lemmy apps are newer than the Mastodon apps, with the Rexxit influx. :-)