In my opinion, there are two big things holding Lemmy back right now:
-
Lemmy needs DIDs.
No, not dissociative identity disorder, Decentralized Identities.
The problem is that signing up on one instance locks you to that instance. If the instance goes down, so does all of your data, history, settings, etc. Sure, you can create multiple accounts, but then it's up to you to create secure, unique passwords for each and manage syncing between them. Nobody will do this for more than two instances.
Without this, people will be less willing to sign up for instances that they perceive "might not make it", and flock for the biggest ones, thus removing the benefits of federation.
This is especially bad for moderators. Currently, external communities that exist locally on defederated instances cannot be moderated by the home-instance accounts. This isn't a problem of moderation tooling, but it can be (mostly*) solved by having a single identity that can be used on any instance.
*Banning the account could create the same issue.
-
Communities need to federate too.
Just as instances can share their posts in one page, communities should be able to federate with other, similar communities. This would help to solve the problem of fragmentation and better unify the instances.
Obviously there are plenty of bugs and QoL features that could dramatically improve the usage of Lemmy, but these two things are critical to unification across decentralized services.
What do you think?
EDIT: There's been a lot (much more than I expected) of good discussion here, so thank you all for providing your opinions.
It was pointed out that there are github issues #1 and #2 addressing these points already, so I wanted to put that in the main post.
You can create a one-person instance and hold your identity there.
If you what you want is for every server to hold your identity, you have to trust all servers. I think that an evil admin would be able to impersonate any user from any instance if that were the case. How do you delete your account? Can an any admin delete your account everywhere? Which one is the real "you"?
I would assume the same way any other system with untrusted nodes works: with the client authenticating by use of a cryptographic signature on everything they submit.