Are Fediverse Platforms Secure Enough For the United States ๐บ๐ธ Governmentโฝ
Over on Threads, @wedistributemedia@threads.net asked an interesting question as to why the United States ๐บ๐ธ government is communicating to the Fediverse via @potus@threads.net & @whitehouse@threads.net instead of using their self-hosted server.
This question is something I would like to know as well, although it appears as if @hello@social.wedistribute.org answered their question in a recent blog post.
Here are my thoughts, based on my limited experience working for both tech startups and government. [...]
Aside from choosing an official platform to stake operations on, thereโs also the matter of finding an ideal third-party vendor. Currently, managed Fediverse hosting services are still in their infancy, and Iโm not sure theyโre up to scratch for what a government entity demands: comprehensive compliance requirements, service-level agreements, user training and onboarding materials, and promises pertaining to security upgrades and threat mitigations.
There may also be requirements for custom development, for example, integrating federal single sign-on, such as ID.me or something similar. There would also need to be a deployment strategy for various users, departments, and bureaus. It may be possible for an existing government IT provider to adopt Mastodon or another platform and develop everything needed here, but itโs much harder for any business started in the Fediverse today. (We Distribute)
Sean Tilley (@deadsuperhero@social.wedistribute.org) makes some valid points in this post, & to my knowledge, there are only two ActivityPub platforms used by members of the United States ๐บ๐ธ government:
- Mastodon: According to a report by @danielschuman@mastodon.social on First Branch Forest, a small number of Congressional leaders are already using Mastodon. This could indicate that Mastodon has been approved by the United States ๐บ๐ธ federal government for use by public officials.
- WordPress: Yes, many government websites are already powered by WordPress. Also, Automattic (the company behind WordPress) already has an Enterprise WordPress VIP option that is already pre-approved by the Federal government.
What About Other ActivityPub Platformsโฝ
I am unsure if any other Federated open-source platforms are able to be Federally compliant.
The only other open source software that might be able to pass a federal audit is probably Minds, although I will try to confirm that later on by asking @jack@minds.com, @ottman@minds.com &/or @john@minds.com later on.
Although many Fediverse developers may shrug at the idea of working with the Federal government, securing contracts (which can be worth millions) to help governments establish a presence in the Fediverse might be something to consider (as Fediverse developers would boast a distinct advantage over larger rivals like Google & Meta).
๐จ๐พโ๐ป by @darnell@darnellclayton.com ๐ @darnell@darnell.day
๐บ๐พ Follow my adventures upon:
๐๐พ @darnell@one.darnell.one ๐ (Mastodon)
๐๐พ @darnell@darnell.moe ๐ฆ (Misskey)
๐๐พ @darnell@darnell.ooo ๐ธ (Pixelfed)
๐ฆน๐พโโ๏ธ WordPress Workarounds:
๐๐พ @darnell@darnell.tv ๐จ๐พโ๐ป (TeleVerse)
๐๐พ @darnell@darnell.africa ๐ (Africa)
๐๐พ @darnell@darnell.co ๐ง๐พโโ๏ธ (Creative Outlet)
๐ฅท๐พ Other Hideaways:
๐๐พ @darnell@threads.net ๐งต (Threads)
๐๐พ @darnell@darnell.xxx ๐ (Hard News)
๐๐พ @darnell@flipboard.com ๐ฐ (Flipboard)