Are Fediverse Platforms Secure Enough For the United States 🇺🇸 Government‽
Over on Threads, @wedistributemedia@threads.net asked an interesting question as to why the United States 🇺🇸 government is communicating to the Fediverse via @potus@threads.net & @whitehouse@threads.net instead of using their self-hosted server.
This question is something I would like to know as well, although it appears as if @hello@social.wedistribute.org answered their question in a recent blog post.
Here are my thoughts, based on my limited experience working for both tech startups and government. [...]
Aside from choosing an official platform to stake operations on, there’s also the matter of finding an ideal third-party vendor. Currently, managed Fediverse hosting services are still in their infancy, and I’m not sure they’re up to scratch for what a government entity demands: comprehensive compliance requirements, service-level agreements, user training and onboarding materials, and promises pertaining to security upgrades and threat mitigations.
There may also be requirements for custom development, for example, integrating federal single sign-on, such as ID.me or something similar. There would also need to be a deployment strategy for various users, departments, and bureaus. It may be possible for an existing government IT provider to adopt Mastodon or another platform and develop everything needed here, but it’s much harder for any business started in the Fediverse today. (We Distribute)
Sean Tilley (@deadsuperhero@social.wedistribute.org) makes some valid points in this post, & to my knowledge, there are only two ActivityPub platforms used by members of the United States 🇺🇸 government:
- Mastodon: According to a report by @danielschuman@mastodon.social on First Branch Forest, a small number of Congressional leaders are already using Mastodon. This could indicate that Mastodon has been approved by the United States 🇺🇸 federal government for use by public officials.
- WordPress: Yes, many government websites are already powered by WordPress. Also, Automattic (the company behind WordPress) already has an Enterprise WordPress VIP option that is already pre-approved by the Federal government.
What About Other ActivityPub Platforms‽
I am unsure if any other Federated open-source platforms are able to be Federally compliant.
The only other open source software that might be able to pass a federal audit is probably Minds, although I will try to confirm that later on by asking @jack@minds.com, @ottman@minds.com &/or @john@minds.com later on.
Although many Fediverse developers may shrug at the idea of working with the Federal government, securing contracts (which can be worth millions) to help governments establish a presence in the Fediverse might be something to consider (as Fediverse developers would boast a distinct advantage over larger rivals like Google & Meta).
👨🏾💻 by @darnell@darnellclayton.com 🔛 @darnell@darnell.day
🕺🏾 Follow my adventures upon: 🐘 Darnell (One) 🦁 Darnell (Movies, Opuses, Entertainment) 📸 Darnell (Out Of Office)
🦹🏾♂️ WordPress Workarounds: 💻 Darnell (TeleVerse) 🌍 Darnell (Africa) 👨🏾🎨 Darnell (Creative Outlet)
🥷🏾 Other Hideaways: 🧵 Darnell (Threads) 🔞 Darnell (Hard News) 🐬 Darnell (Flipboard)