I’ve been staring to work on threat modeling and mitigations for this situation, both for the ATmosphere and for fedi.. Here’s an outline … feedback welcome!
A few specific questions:
-
What other threats, opportunities, and mitigations am I missing?
-
What resources (how-tos for various functionality, lists of blocklists and labelers, etc) are useful?
-
Thoughts about how to package this in a digestible way? One obvious simplification is to break out separate posts with specific recommendations for the ATmosphere and fedi (which would get a lot of the implementation-specific detail out of the overall threat model), but there’s a lot more that could potentially be done …