I agree that everyone should own their account, but I don’t think there is a feasible way of defending against server admins.

This would be like trying to defend against your hardware manufacturer or against Microsoft on a Windows PC.

And even if the signing is somehow safely implemented, you run into an entirely different set of problems.

Who checks the certificate? All federated instance servers? Then how do they verify that they can trust that certificate? You can’t set a certificate in the user profile, since this can be overwritten by admins.

You could have an external service that links certificates and user accounts, but now you need to trust those admins, too.

Should users check it themselves? Do you really care, if this comment and the previous one were both written by the same person? Of course, if you and I both know each other, we could exchange certificates and verify them manually. But at that point I might as well give you my E-Mail, Discord, different instance Username, Facebook profile, whatever and I can simply tell you that the admins of my instance started acting malicious.

Think about it this way: If you don’t trust you E-Mail Provider, why would you sign up on that server? You’re trusting the admins there too, and E-Mail content is a lot more sensitive than a few public messages.