My friend Evan Henshaw-Plath wrote recently about some concerns with ActivityPub. I want to go over his concerns one by one and give some assessment of how accurate and important I think they are. Rabble’s words in italics; my responses in just normal text.
User identities are tied to a server. This is only partially true; your user identity is tied to a domain, not a server. But most servers only handle one domain, and most people don’t move their domains between servers. We have a section on domain portability between servers on the ActivityPub Data Portability report.
Using domains is also how much of the Internet works. Email addresses are tied to a domain; Web sites are tied to a domain. You can move the domain between different implementations transparently. It’s a really robust architecture that has stood the test of time for almost 50 years.
Users can’t migrate between servers. Partially true. Rabble covers the essentials; you can move followers and not much else. It’s also possible to move your “stuff” between identities; that’s most of what our Data Portability task force is working on.
On a single server, it is impossible to change your username! Somewhat true. ActivityPub identities are URLs like https://social.example/user/vtles1XgZkPUEulBsFmRX . That identity URL is immutable; you can’t change it. Some implementations include a username in that url, like https://other.example/user/evanp. With that kind of server software, it’s true, you can’t change the username.
Also, we use a standard called Webfinger that maps an identity string like username@domain to an URL. You can read about it in the ActivityPub Webfinger report. Some servers use that string, instead of the ActivityPub ID, as the unique ID for a remote user. That’s discouraged, but if someone does that, changing your user ID will make you no longer findable for those other servers. I think as we stabilize our use of WebFinger, some of these usages are going to get better.
Fediverse servers have total control over your account and data. True. This is the “federation” part of the fediverse. It’s how Web sites and email work. Don’t use a fediverse server without a good trust relationship with your server admin; ideally someone you have a business relationship with, or your employer, or your university. Same goes for email!
It also means that if you control your own server, you have total control over your account and data. That’s a feature, not a bug.
Another option is using a cooperative server, like cosocial.ca or social.coop. A cooperative is a legal structure in which members pay for and manage their own service. I think cooperatives are awesome.
The fediverse is a network of fiefdoms, each server admin having total control over their users. This seems about the same as the previous statement, but OK. I think the key strength of the fediverse here is that we can have dozens of different models for server governance — coops, enterprises, city libraries, family servers, individual servers. That level of experimentation is a feature, not a bug. Governance is not baked into the protocol.
Each kind of fediverse server is isolated. This one is just plain wrong. ActivityPub is based on an open data standard called Activity Streams 2.0 (AS2) which models social data. There is an extensive standard vocabulary that can represent Web content like text, images, video and audio, and the social graph, but also well-known social interactions like check-ins, events, and groups. More importantly, Activity Streams 2.0 is extensible, meaning you can add properties to existing types, or whole new types of objects or interactions. And every ActivityPub server is built to handle AS2.
What is true is that we have had a lot of servers that only handle a subset of the AS2 vocabulary, and reject content they don’t know how to handle. This is mostly due to mimicking the siloed social networks; we’ve gotten used to thinking of different social networks for different kinds of content. I think this is changing, especially as new kinds of content hit the network. Developers are just learning how to effectively handle extension content with fallback representations. I look forward to this improving over time.
The fediverse has no privacy; there is no system of end-to-end encrypted messaging. The first part is false; you can mark your posts as followers-only, or directed to a single person, or a group of people. Servers enforce this privacy. You can also mark that you don’t want your public posts to be indexable or your public account to be discoverable.
However, the second part is true; we don’t have end-to-end encryption. So, if you send a private message to someone on another server, you message can be read by both your admin and their admin. It’s stored in the clear on both servers. This is also how email works, as well as most direct messages on commercial social networks. However, it’s something worth working on. I’ve sketched out an architecture for end-to-end encryption over ActivityPub, and I’ve got a proposal out to work on it for Summer of Protocols. I think it will be good to level this up!
The fediverse has no system for micropayments. This is true. The fediverse is also first and foremost for social networking — connecting to friends, family, colleagues and neighbours. Most of these interactions are not mediated by payment; in fact, payment cheapens those interactions.
However, there are other relationship types on the fediverse — supporting creators, journalists, or publishers. The main way to do this today is with paid subscriptions; for example, you can subscribe to evanplus@prodromou.pub to get access to premium content I publish. You have to send me US$5 out-of-band or I won’t approve the follow; that’s the state of play right now on the fediverse.
I think in-band payments are kind of cool for this kind of work, as well as for marketplaces — buying and selling services or goods over the fediverse. I think the easiest structure is adding payment URLs like a PayPal account, or blockchain wallets like a Bitcoin Lightning address.
Lastly, and most importantly for me, the culture of fediverse server admins and developers is vindictive. I don’t think this is the case; I love the culture of the fediverse, which is playful, conversational, and collaborative.
I think there are a plenty of good points in Rabble’s critique, but there’s one way that I think he’s extremely wrong. There is still a lot to do in the ActivityPub ecosystem, but we have the architecture and extension mechanisms to make them possible. It’s totally not required to go start a whole new social protocol to build those things in from scratch. In fact, it’s a real mistake; it’s far better to work from the existing standard and build on it. Open standards like ActivityPub have a legitimacy that ad hoc systems like Nostr can never have, and it’s the reason that there is so much interesting development going on in the ActivityPub world.
Got #Kitten’s¹ secret generation working in the browser as part of the last piece of the puzzle I’m working on right now for deploying #SmallWeb² places via #Domain³.
Your secret is the key to your identity on the Small Web (or at least to some aspect of your identity you wish to portray or explore at a given Small Web place). It’s an ed25519 private key base256 encoded and presented using a well-known set of emoji.
Right, I’ll leave you with a cute bunny someone drew (naughty cute bunny artist did not rewind though, tsk, tsk). Back to working on Kitten and Domain tomorrow so your timelines will be blissfully empty of pixel sketches :)
’night ’night all – and thank you to all the folks who contributed pixels to our shared ether of Draw Together over the weekend for restoring my faith in humanity a bit :)
As an "independent source" it was used by politicians, students, and many everyday people alike.
It was used for #publications & #documentaries, and triggered some inquires where I assisted in shaping national & international political statements. It's been fun & fulfilling 🙂
In today's siloed internet its usefulness is gone. No more days with 5.000 unique visitors & multiple email inquires.
Overfishing.org contained both an introduction to the issue of #overfishing, and #teaching resources. See attached some evergreens (low resolution, DM me for high res).
Website der "Letzten Generation": Behörde räumt Fehler ein
Im Zuge der Durchsuchungen bei Mitgliedern der "Letzten Generation" haben die Behörden auch deren Webseite beschlagnahmt. Die Generalstaatsanwaltschaft München räumte nun ein, dabei einen Fehler begangen zu haben. Von Marcus Engert.
Dear #friends, I want to #verify the #domain#technotramp.com in the fediverse environment, but due to #IPFS where I can't #change the #content (to avoid changing the IPFS #address), I'm not comfortable with the #way the #html#code is inserted. I am looking for a way to verify the domain using a #TXT record. Exactly what was discussed half a #year ago for example #here:
Can anyone explain in non-techy terms how to switch which domain is my main domain please?
My hosting is through Verpex. The domain linked to the hosting I want to keep for a little while but I want my new domain (AlexisBushnell.com) to be linked to the hosting, so when you go to AlexisBushnell.com it brings up my website.
I do not want to redirect - I want the new domain to be the actual domain.
Our hoster for linkstack.de has breached contract with us and seemingly has gone underground, causing the instance to be unavailable.
We currently have no access to the domain, but we were able to rescue the data and set up a replacement instance on https://de.linksta.cc until we get the domain back.
If you want, you can export your data to another instance or use the replacement in the meantime.
This morning I woke up and one of the first things I did for the day, after getting my coffee of course, I renewed the AllThingsTech.social domain for another year!
It's crazy to think that we've been here for close to a year already and it's domain renewal time.
@beardedtechguy and I are very proud of what #AllThingsTech has become to this point and look forward to doing a lot of new things in the future!
Woot woot! My team is officially on Mastodon. We'll be posting on suspicious, malicious, and just plain curious things in DNS. Follow us @InfobloxThreatIntel !
Coming soon: it’s going to be trivial to deploy a different app on your Small Web server. Useful if you’re a dev and you’re playing around with different apps.
(Also, notice the speed at which deployment happens. I’m one step away from implementing this in Domain using pre-warmed Kitten instances – called toasty kittens – thereby bringing the time it takes to deploy your own Small Web place down to a handful of seconds.)
It now takes ~10 seconds to set up your own Small Web¹ place using Domain².
This was closer to one-minute last week.
Been working towards this for six years… That’s ~10 seconds to get up and running with your own Small Web place at your own VPS server and at your own domain name.
Can owning your own place on the Web be as simple as setting up a Facebook account? Yes. Likely simpler. And this brings us one step closer to that goal.
"Our online spaces are not ecosystems, though tech firms love that word. They’re plantations; highly concentrated and controlled environments, closer kin to the industrial farming of the cattle feedlot or battery chicken farms that madden the creatures trapped within." https://www.noemamag.com/we-need-to-rewild-the-internet/
KI-gestützte Phishing-Angriffe verändern die Landschaft der Cyber-Sicherheit radikal. Erfahren Sie hier, wie Sie den Betrügern trotzdem einen Schritt voraus bleiben. 🔗 https://bit.ly/3UTsTRC
Gründer wissen es bereits: Ein #Startup braucht die richtige Domain, das ideale Webhosting und ein effektives Toolkit. Doch wo soll man anfangen? Unser neuester Blogartikel hält die Antworten bereit: jetzt lesen!