FOSS dev, self-hosting fan, Matrix, degoogling, small tech, indie tech, friendly tech for families and schools. Let's own our own identity & data.

For the attention of federated systems developers, including Matrix, Fediverse and others.

It may be good to know about an issue going on with FedCM “Federated Credential Management” draft spec. Liquid Surf brings it to the attention of all federated systems fans in their blog post: Can FedCM improve the user experience of decentralized ecosystem ? . In short, the spec aims to make a slicker browser flow for the Sign-In-With-Xxx buttons.

To us who care about federated computer infrastructure, introduction of a new standard to streamline the sign-in flow might seem minor and remote, but there is a catch.

What Is FedCM?

FedCM, short for Federated Credential Management, is a new draft specification for web browsers, published by the Federated Identity Community Group and strongly driven by teams from Google. It represents an advancement in how websites manage user logins, when logging in through different identity providers (such as “Sign in with GitHub/Google/etc.”) while preserving user privacy... — Liquid Surf: Can FedCM improve the user experience of decentralized ecosystem ?

The Catch

The critical issue is, at present, the draft standard is likely to cement the monopolies of the big providers (like Google and Facebook) and leave out small providers. In short, the problem is the draft spec says the site we're logging into (called the RP) solely dictates what list of identity providers should be offered to the user. What will happen in that case? Most sites will offer only the BigTech identity providers. Read the blog post and the issue Allow IDP registration #240 for details.

What to do about it?

The proposal in Allow IDP registration #240 is, in short, not to have the RP site solely dictate what list of identity providers should be offered, but also to let the browser register the user's chosen identity providers and present those as options when a new login is requested.

Why Do We Need to Help?

(As I responded to '@thhck' in #fediverse:pixie.town)

The proposing team are saying lack of feedback from developers is holding back the acceptance of this extension.

Decentralising ID providers is key to the whole decentralised movement, including Fediverse, Matrix, self-hosters as well as the ability for independent businesses to provide comprehensive IT services without one of the tech giants playing gatekeeper.

We, all of us who care about federated/decentralised infrastructure, now need to push the draft Federated Credential Management “FedCM” standard to support “Sign In With” the user's choice of identity provider (which may be small, local, independent, hosted by one's school or enterprise or self, and so on). If this extension to the proposal does not get enough support to be accepted, we might get a standard that perpetuates the status quo of sites only offering Sign In With the giants like Google/Github/Facebook, ugh. That would be another death blow for user agency and privacy and variety.

Fedi devs, let's demo this truly user-centric version of FedCM, show us how awesome it is! Fedi fans, this might seem remote from our viewpoint but it's important for our future. Let's share this issue more widely among Fedi projects!

Meeting on Tuesday

@thhck writes today (2024-02-16) in #fediverse:pixie.town:

We will have a Solid Special Topic on FedCM this tuesday at 14h00 UTC, it would be great if people from the fediverse can join too :) Please let me know if you are interested and I'll PM you the link to the visio


As I wrote before, My smart watch is open source. Awesome!


Let's make this fun — for children in particular — and show how we can bend the device to our will because FOSS means it's truly ours, fully under our control.


  • PubHubs-moderation live demo: central.ph.s.trax.im/client
    • TODO: instructions; basically you need Yivi app with dev mode enabled and two sets of demo credentials (one as moderator, one as recipient)
  • disclosure UI live prototype: on qx.trax.im

Disclosure Flow

A moderator asks someone to disclose an attribute of their real identity. The recipient provide the requested attribute, using Yivi to attach a cryptographic proof.

In the last update I introduced a demo of attribute disclosure. I have since completed the main TODO there, making the disclosure flow happen on the recipient's account. (In the first demo the moderator's role and the recipient's role both took place in the same login session in the same account.)

This week I have been thinking about how we will need to improve the user experience, or flow, of this disclosure request and response.

Writing the dialogue boxes and associated logic by hand was tedious and buggy. Rapid prototyping would be helpful. I decided it's time for me to learn a better way. Being new to UI design and fervently open-source principled, I searched for a FOSS solution and found Quant-UX.


Quant-UX seems well suited for this task. Unlike the better known PenPot, an open source tool for detailed visual design, Quant-UX focuses on dropping UI components into place and wiring them together for a live testable UI design, with facilities for collecting feedback from user testing. While Quant-UX is a bit rough around the edges compared to a polished commercial product like Figma, having minor bugs, inconsistencies and so on, it is nevertheless powerful and usable enough. And on the positive side, I understand it can do things that Figma can't.

There is even a “low-code” sister project Luisa.cloud which promises to import a Quant-UX (or Figma) design into a real application and run it for real. I am interested to try that too, but that will have to wait.

I set about self-hosting Quant-UX to be sure of owning my own data. Now it is running on my Trax domain, at qx.trax.im. (You can try it, but be aware I'm providing it “as-is”, no guarantees at all, even if you create an account there (which I may or may not allow). Consider using the official site or hosting your own.)

Live Prototype: Disclosure Flow

I made a prototype, roughly representing the disclosure flow in the initial demo, and a wiki page about it with screen-shots and with links to the live prototype where you can click through and add comments to the screens.


View, interact with and comment on the prototype

Improvement Ideas

Some initial ideas about improvements to the flow:

  • The moderator could initiate the process by clicking an action button on a message from the intended recipient user in a hub room, or by clicking on the user's avatar or pseudonym in some list, and the relevant user would be pre-populated in the initial dialogue and not editable there.

  • The recipient user should receive a more gentle notification than suddenly seeing a pop-up dialogue of any kind. Perhaps a notification consistent with other notifications, though perhaps indicating a greater “urgency”, from which they can then access the full details of the request when they are ready.

I started adding some “comment” annotations on the UI prototype, mentioning some of these thoughts. You (dear reader) can do so too, either anonymously or after creating an account. (I have reported a bug whereby none of the existing comment annotations can be seen until you add a new comment, then they all appear.) If you add any comments there, please also contact me another way to let me know you're doing so, as I might not otherwise notice.

#PubHubs #matrix #QuantUX #awesomeFOSS


This month I have been building a PubHubs-specific feature, the ability for a moderator to ask a someone to disclose an attribute of their real identity.

When a person signs in to PubHubs hub through the Yivi verified credentials system, initially they are allocated a pseudonymous user identifier, for example @123-321:testhub.matrix.host. From this pseudonym, not even an operator or moderator of the hub can discover the user's real identity.

A moderator may wish to ask a user to confirm their real identity, to some degree. Through Yivi it is possible to ask a user to reveal a cryptographic proof [1] of one or more of their identity attributes. Some common attributes are one's real name, physical address, or email address. An attribute could also be something like “age is at least 18 years”.

First Demo Version

This demo may be seen and tested at https://testhub0.ph.s.trax.im (the hub-client alone) or https://central.ph.s.trax.im/client#/ (in the global-client). (This is a staging/testing deployment, not stable.)




1d 1d2



In this demo version:

  • the moderator is concerned about a user (pseudonym 'bad-apple3'), and starts the disclosure request
  • moderator chooses: a user, a message, a set of attributes
  • on submitting the form, a private room with the recipient is created or opened, and a request message is sent into that room
  • a Yivi signing session is started (DEMO: this signing session runs on the moderator's side; it should run on the recipient's side)
  • the recipient uses Yivi to provide the requested attributes, with which Yivi signs a (pre-filled) reply message
  • the reply, signed with the requested attributes, is received by the moderator in the private room


  • The Yivi signing session must be initiated on the recipient's client, not the moderator's. [DONE, 2024-01-30]

This version does not need or use Draupnir.

[1]: A proof that such an attribute has been attested by some mutually trusted authority.

#PubHubs #matrix


Dear Local Organisation,

As a member of this Organisation, I would like to thank you for your efforts to keep your members updated, and for periodically re-evaluating the best way to do so.

Unfortunately you have lost me by asking me to join Mr Zuckerberg's Facebook club in order to receive your information.

I would like to invite you in your next reevaluation to consider providing your primary communications through a channel that is in the nature of a public utility, not a private members club.

I will explain why and how.

(I am professionally involved in the subject area of public non-proprietary communications channels.)


  1. A personal, heart-felt tirade on why this is so wrong.
  2. Professional advice on the right way to communicate.

Facebook is Not a Public Utility

I am aware lots of people have begun to treat Facebook as if it were a public utility. Doing so is a mistake and causes deep problems. [[1]][ellis1]


As if I didn't have enough else to do with my evening, I spent it making this. Why?


Last week I began making this primitive Draupnir (moderation bot) UI, in my PubHubs work.


A non-Amazon wish list, anyone?

I once thought I was making a neutral choice to shop at Amazon, and that their wish list was a nice convenience.

Just like I one thought Google was my friend, and signed up for their “free” email. I deeply regretted that and have now deeply deGoogled.

Nowadays I recognise a greedy mega-corp when I see one, with everything wrong that goes along with that, and so I shut down my wish list there and almost completely avoid shopping there.


Are you asking yourself,

“What's it to be: Android or iPhone?”

Actually, NO! There is another way.

Time I Learned: there are freedom-respecting phones.

I'll tell you which one you need.

What's the problem?

It's not about the hardware. Well, there are certainly important issues about the hardware — and you might want to discover PinePhone and FairPhone. But I'm here to talk about about our freedom in using the product.

What's so bad about choosing either Google or Apple?

It's about who controls our use of the device after we “bought” it. Do “they” remain in control of what we do, or are we in control?


Android or iPhone — either Google or Apple delivers our messages — surely? You don't accept that?

Time I Learned: there are freedom-respecting phones.

People who do not want to depend on Google or have them control our devices are using android-compatible but not google-controlled phones, a.k.a. “degoogled phones”. We have been asking (ourselves) for several years if we can have google-free push notifications. Thanks to the developers of the UnifiedPush standard, the answer is now, “yes!”

But why?