I noticed that there were some accounts that were hijacked by the instance owners. All the posts from that user were then edited to say what happened.
This kind of surprised me, I figured instances could delete posts, but not edit them. So how much control do they have?
I assume they can’t see my password (hopefully). Can they post in my name? Do they have all the access to my posts to foreign instances that they do over local posts?
Edit: thanks for all the responses everyone! I’ve wanted my own instance for a while, but maybe I’ll get on it now
Public/private keys are already part of the ActivityPub validation mechanism. Every user/community/server has their own unique keys.
Your public key is:
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6yo7z/lmj/W1G5+/FnIg\nVqqLWq/h5MU88eUB6DaJkEqaz0hTslG21MaMT0KmgAnef0PwvchnPDryIUKXHY6z\nk34KakBUpgZWbGEeqm0r4YdRVHU5a+l8Rbb4lH5pp0I1IdiGftMYuYcON92V8F8H\n4VRKMNe8kCwk8VbVovigqrNW288juqAeXNG9xanNE3a5Bjke6+HlG0fa1lU2xoIL\nevpqA85Xf/sd0qhrk4gt4Lqcwp7bNt6liDNubAnWRjeDbL8hmbkz/D047Ffw/zD8\nfdfkgPepF2YshvtuudhdKaAfM4fG0X+L+D0ujHdQZUMj89lRRRxT0TmzQniIyHJj\nAQIDAQAB -----END PUBLIC KEY-----
I found it using this command:
curl -H "Accept: application/activity+json" https://lemmy.dbzer0.com/u/DavyJones
This key is stored and under the control of your server admin, of course. It mostly exists to protect other people from impersonating you in the federated network.
There’s no reason why you couldn’t just wrap the messages you post in a PGP signature, though.