
Mastodon and ActivityPub - daveid
https://medium.com/@Gargron/mastodon-and-the-w3c-f75f376f422
======
jvalleroy
Will Mastodon continue to be compatible with GNU social as well?

~~~
angristan
Mastodon will support OStatus until version 2.0, so until then, yes, but if
GNU Social does not implement ActivityPub, 2.0 will break compatibility.

~~~
nightpool
No, 2.0 is not changing our support with GNU/Social. 2.0 is removing Mastodon-
only OStatus extensions that have been replaced with ActivityPub. Mastodon
currently has no plans to remove OStatus support for public posts or stop
targeting GNU/Social compatibility as a goal of the porject.

------
mintplant
Does implementing ActivityPub mean identities can be portable across servers
now?

~~~
paroneayea
Hi! I'm co-editor of ActivityPub, so maybe I can answer some things. Identity
portability could mean a few things; ActivityPub _on its own_ will let you
interact with identities on other servers (though Mastodon could do this
before its adoption of AP, through OStatus... it has better private delivery
now though). However, maybe what you mean is the ability of an identity to be
"nomadic". If you use ActivityPub with https based identifiers, you're still
tied to a single instance.

However! It will be possible for ActivityPub applications to move in the
direction of being more distributed systems... in fact I wrote a paper on this
which I will be presenting at Rebooting Web of Trust in October:
[https://gitlab.com/dustyweb/talks/blob/master/activitypub/rw...](https://gitlab.com/dustyweb/talks/blob/master/activitypub/rwot/even_more_distributed_activitypub.org)

There's a lot of ideas in that paper, but the one that applies to a nomadic
identity is Decentralized Identifiers support, or DIDs:
[https://w3c-ccg.github.io/did-spec/](https://w3c-ccg.github.io/did-spec/)

DIDs are being worked on by the W3C Credentials Community Group (which I am
also a part of) and will permit having an identity that is "self-soverign".
How I imagine this would work in an application like Mastodon, if Mastodon
decides to include support for it in the future, is that you would register a
DID for yourself and then go to your profile page and associate that DID with
your user. You'd then have identity that isn't tied to one specific node...
indeed, in such a direction we'd begin to blur the line between the federated
client-server web application model and peer to peer networks.

That's a ways off though. For now I think ActivityPub brings a lot of benefits
to Mastodon (though I'm biased obviously). Still lots of exciting future ahead
though!

~~~
willvarfar
Why not just use normal build signing of posts? All posts signed by the same
private key have the same author even if published on different modes etc.
There is finesse for supporting subkeys and revocation and all the rest, but
talking with a security consultant will sort out those kind of details.

~~~
rakoo
You could turn the whole thing on its head, have users sign their messages and
broadcast them to anyone; a direct message would be encrypted to the expected
recipients. Now you don't care about the particularities of an instance or
opening an account, becaus all the work is happening on your machine. There is
no migration, only transferring your database from a computer to another.

This is basically what secure scuttlebutt is doing:

[https://www.scuttlebutt.nz/](https://www.scuttlebutt.nz/)

------
aqsalose
Previous discussion about Mastodon:
[https://news.ycombinator.com/item?id=15211074](https://news.ycombinator.com/item?id=15211074)

------
kiki2121
mastodon is going to die. Even us, hackers can't figure it out. Go do
something different. Not a copycat!

~~~
Sir_Cmpwn
Speak for yourself! This hacker had no trouble using it and I deleted my
Twitter account a month ago!

------
apeacox
I wonder how 2000 servers can host 800.000 users. It means that, on average, a
server can host 400 users. I really appreciate this project for several
reasons, but it (sadly) looks like a waste of resources with these numbers.

~~~
detaro
Does, not can. If you look at lists, there are tons of tiny instances:
experiments, some people using their own instance as their private homepage,
or just one for a few friends. People being able to do that is a strength of a
federated system, and it's far from clear it actually is "wasting" something
without looking into it in a lot of detail. It's not like all of these
instances sync completely with each other.

The biggest instance has 250k users, and the top 10 instances together have
600k user (75% of of those 800k). I don't have info how these large instances
map to actual servers, but I don't think Mastodon currently has a lot in the
way of features to split an instance across machines.

(Data from [https://instances.social](https://instances.social))

~~~
hugogameiro
You can split Mastodon to several servers easily. Postgres, Redis, Sidekiq,
Streaming API, Puma, Nginx and Media Storage can all be placed on different
servers. Even multiples for each. You can read here about
[https://medium.com/@Gargron/scaling-
mastodon-1becde463090](https://medium.com/@Gargron/scaling-
mastodon-1becde463090) how Eugen had Mastodon.social running a few months ago.

