Protocols like oauth do just fine, and accomplish the same sorts of goals:
- I click "Follow."
- Servers talk to each other.
- I get redirected to a URL with a unique hash on the other server. It tells me what I'm agreeing to and I agree.
- I get redirected back to a URL with a unique hash on the original server.
There are a lot of other protocols possible. This one doesn't rely on CSRF or other features, so it should continue working even with security features of future browsers.
Im not sure you understand the problem. How does the server with the user you want to follow know what server to talk to if all you've done is click "follow"?
In that case, you can do it by selecting your home server. That's a search drop-down. Something like mastodon.social is there by default, and for historians.social, you might need to type in 'his' <click>.
I don't feel too bad about that either. It's like oauth, only instead of just having two options (Google and Facebook, typically), you have an unlimited options if you're willing to type a little bit more.
Or like SSO on many Microsoft web sites, where I type in my work domain or email, and it redirects through my work.
