In Europe the age of consent is variable but 16 is common, and it can be a bit jarring when you see the reactions of Americans to anyone under 18.

Many Americans would be surprised to learn that it varies by state in the USA as well, and the relationship described in the OP wouldn’t be a crime in many states.

I don’t think 18 would be any less creepy in this scenario. Creepy doesn’t always mean immoral, but it’s usually exploitative for a 48 year old man to date a teenager, and it’s reasonable that OP is concerned about it.

In the original sense of exposing people to vaccina (cowpox virus), it is not. In the modern sense, it’s an attenuated vaccine.

It’s a racism problem, which one might argue is people being stupid as fuck.

Everyone sucks here.

she took off my condom without permission

Removing a condom without consent during sex is sexual assault. You’re absolutely right to break off a relationship or go no-contact for this. In many jurisdictions, you could press criminal charges.

I even called an old coworker to ask if she had her citizenship because I was trying to avoid child support.

That’s not OK even if you’re very scared.

That’s mostly true; it’s optimized for wide dissemination of information, and the idea of keeping a specific person from seeing information that’s shown to the rest of the world isn’t very compatible with that. It doesn’t really work on Reddit or web forums that are visible without logging in either since a person you’ve blocked can still view your posts anonymously.

A bit more looking brings me to the ActivityPub spec. Your server should tell the blocked user’s server about the block, and the blocked user’s server shouldn’t allow them to interact with your posts or comments (that doesn’t mean they shouldn’t be able to see your posts or comments).

The thing is, in network protocol documents, should means the behavior is optional. Fediverse software doesn’t have to support blocks at all according to the protocol.

The only way to do that in a federated system would be to effectively make blocks public. That has its own disadvantages.

You can write software to filter on arbitrary criteria with ActivityPub, or email, or IRC, or virtually any other protocol. My point is that ATProto is designed to actively encourage it, and the flagship implementation does so. Subtle hints in interfaces have a big impact on how people, including developers use software.

When a substantial fraction of users are actually using an appview with that trait, that will be great.

It’s a difference in vision, but I don’t like BlueSky’s vision here.

Combining the Reddit-like and Twitter-like experiences in one place is a little awkward, but following a blog or a Youtube-like from a Twitter-like isn’t. Having the option to switch to a more optimal appview is great, but realistically a lot more people would follow a blog from BlueSky than would use their BlueSky identity to sign into WhiteWind.

I’m no expert on the subject, but it’s my understanding that mobile networks are being deployed much more widely in the global south than wired telephone lines, and they’re usually internet-capable.

I thought phone numbers and traditional telephone service would be dead by now. Instead, purely internet-based communication services often use them as an identifier.

It is likely most other software will be able to consume them.

This highlights what I believe to be a poor choice in the design of BlueSky’s AT Protocol; ActivityPub software is usually liberal in what it accepts and displays, while ATProto enforces schemas (“lexicon”).

Meta does not try to hide its ownership of Whatsapp; it actively cross-promotes its other services in the Whatsapp UI.

It does not have the option to encrypt group chats last I checked, and even the one-to-one encryption is not particularly well-liked among security experts.

This isn’t about casual chats with friends and family, but political activism against the actions of a country. People doing that should be willing to put at least a trivial amount of effort into security.

Several people in the comments suggest Telegram, which doesn’t even encrypt group chats. Signal is likely the best option if the group is under 1000 members.

That’s a distinction without a difference. It’s clearly risky to rely on that company for important communications.

I assume for bribes of some sort from Google

This one is stick, not carrot: apps are generally required to use Google’s notification system to be allowed in the Play Store.

Signal gets notifications without GMS. I think battery use and latency are a little higher. Molly, a fork can use UnifiedPush for better results.

Which nullifies the point of certificates having an expiration date (limited window for exploiting a compromised certificate, possibility of domains changing hands), not the point of validating the signature (tie responsibility for apps to who owned a domain on a specific date, allow third parties to create blacklists of bad developers).

How? Expiration doesn’t grant an unauthorized party access to the private key.

Another option is to allow otherwise-valid signatures after expiration. It’s generally still possible to check them.