
Why ActivityPub is the future - gargron
https://blog.joinmastodon.org/2018/06/why-activitypub-is-the-future/
======
remir
Facebook, Instagram, WhatsApp, Twitter: they grew to what they are today
because each of them had people behind the wheel with a _product mentality_.
This mentality attracted the capital and talent necessary to create products
that _resonated with people_.

Now, some would say that, these services had the goal to make money and that's
why they attracted capital and could hire top talent, but it doesn't change
the fact that they had to have a strong product mentality to get to where they
are today.

Most decentralized software I see have a project mentality based on idealism,
but idealism is not enough. That's why desktop Linux failed to capture
significant market share even if it costs zero to Joe Average to install it:
it stayed at the level of idealism, of a project, while proprietary platforms
like Windows an OSX had serious money and talent behind them because they
weren't just projects.

On the other hand, Firefox and the Linux kernel are good example of successful
open source softwares with a strong _product mentality_. Mozilla had a vision
and they realized they need a strong product to fulfill that vision, so they
needed to be able to pay their developers well, meaning they had to generates
money. Same thing with the Linux kernel, which is backed by a lot of big
companies.

So I guess what I'm saying is; if ActivityPub is to be the future, then there
should be more than idealism behind it.

~~~
cbsmith
Mozilla was founded out of Netscape's product failure, and survived largely on
the coattails of the search revolution.

Desktop Linux's failure is a matter of perspective, but there were more than a
few products built around it... they just failed. It turns out, that was the
wrong vision.

~~~
some_account
Desktop Linux never became significantly better than Mac OS or Windows, that's
why it failed to grow. It's worse in a lot of aspects except ideology.

Firefox is arguably better than Chrome and has a much nicer ideology as well,
but it's not so much better than Chrome that the majority of users is
switching by default.

Non technical people need a reason other than ideology to switch. The product
needs to provide a new value that doesn't exist or be so much better that it's
obvious to everybody who tries it.

~~~
AsyncAwait
It failed to grow because it was never preinstalled on a sufficiently large
number of machines at BestBuy, there's nothing else to it. If people were
buying PCs with Linux on them, they'll use Linux and nobody would find
anything weird about it.

~~~
dingo_bat
Firefox was also not pre-installed but still beat out IE.

~~~
cbsmith
Firefox _was_ pre-installed (just not by OS makers) and it didn't so much beat
IE as Chrome beat IE and didn't harm Firefox nearly as much (likely because
Google prioritized converting systems where neither Firefox nor Chrome were
the default browser).

------
rainbowmverse
The real value of federation, and the value of a standard like ActivityPub,
didn't fully click for me until I realized I could follow Blender's PeerTube
experiment from my Mastodon account.

If enough sites start supporting it, you could get many of the benefits of RSS
with the few benefits of massive silos like Twitter and Facebook.

~~~
mtgx
Anti-censorship has _always_ been the #1 benefit of federation and peer-to-
peer connectivity. I don't think any other benefits come even close, and they
are usually overshadowed by how much more difficult it is to build a well-
working federated or P2P network.

But when you start having global monopolies in various industries that don't
care about automatically banning the "little guy" from which they make little
money to begin with and when you have governments that are increasingly more
interested in let's say "curating" the internet, then that anti-censorship
benefit starts to become a lot more appealing to a lot more people.

It's why I'm glad Firefox is not only finally a decent competitor to Chrome
but also starting to adopt all sort of anti-censorship protocols and
technologies, too (and hopefully there are more to come).

~~~
detaro
A non-empty set of Mastodon users probably picked precisely for it's
"censorship" abilities, unhappy with how Twitter handles it and wanting a
space where their instance can enforce its own policies.

~~~
fenwick67
The real benefit of federation is that anywhere on the moderation spectrum is
possible on a per-instance basis.

------
edhelas
ActivityPub is built by the W3C and therefore relies on Web related
technologies (lost of HTTP and JSON exchanged) :)

Does this scale properly and how does it compare to existing solutions like
XMPP Pubsub
([https://xmpp.org/extensions/xep-0060.html](https://xmpp.org/extensions/xep-0060.html))
that is basically built to deliver content, in real-time (trough TCP sockets)
and can handle thousands (millions?) of delivered packets per seconds?

I'm building a federated social platform that is fully relying on XMPP (Movim
[https://movim.eu](https://movim.eu)) and I'm wondering about the limits and
different usages of this fresh new protocol.

~~~
xj9
the AP spec is actually, a bit more abstract that you would expect. JSON and
JSON-LD are required, but transport and actor resolution are not well
specified.

current-gen AP servers do have an implicit dependency on HTTP and DNS. i've
spoken with several people about creating a proof-of-concept AP server that
supports gossip-based replication and a few other ssb-inspired features.

~~~
oelmekki
This sounds interesting. Does it mean an AP server could exist that would not
be based on the federation model?

Or to make my question more precise : would the gossip model be used only for
data distribution and we would still have to register on a node, or would it
allow to keep and reuse our data and identity should our usual node disappear?

~~~
xj9
the goal is to decouple users from servers.

the idea is to move the key that AP uses to sign JSON-LD objects to the client
and do all of the crypto operations there.

a server in this model is an always-on relay for replicating data. you can
submit a message to _any_ relay and expect to have it show up on all
interested servers.

unfortunately, this will also break compat with HTTP/DNS-based AP servers, but
hopefully this is something that the maintainers will be open to supporting.

relevant threads:

[https://b.9chan.lol/notice/279590](https://b.9chan.lol/notice/279590)

[https://b.9chan.lol/notice/226866](https://b.9chan.lol/notice/226866)

[https://b.9chan.lol/notice/212397](https://b.9chan.lol/notice/212397)

[https://shitposter.club/notice/9830850](https://shitposter.club/notice/9830850)

------
TekMol

        You can be certain that regardless what happens
        with Mastodon, the network will live on and
        flourish. Newer and better software will be born
        within this ecosystem, but you will never have to
        drag all your friends and followers someplace
        else again–they’ll already be where they need to
        be.
    

What is a 'friend' here? A follower?

If mastodon.social is shut down tomorrow, a user - say joe@mastodon.social -
would lose all his followers, no?

First of all the followers that were on mastodon.social too - their data is
gone just like Joes data.

And the ones not on mastodon.social - yes, they would still _exist_. But Joe
would have to make a new account somewhere else and _ask_ each and every one
to follow him again. And he would have no proof that he is the same joe that
they knew under the account joe@mastodon.social.

Or am I missing something? Is there some public key that is Joes _real_
identity and only he knows the private key?

~~~
QualityReboot
Could I have me@mydomain be accepted by mastodon.social somehow? Similar to
how I point my MX records to Gmail?

~~~
detaro
If you install an ActivityPub compatible software, or if someone starts to
offer one with custom domain support as a service. Account discovery most
commonly is done with a HTTP request in /.well-known/, but the application
that points to doesn't have to be at the same domain.

------
badrabbit
Let me just say this - both mastodon and activitypub are terrible names. I say
that as a consumer not as an expert on anything. It's not a dealbreaker for me
but platform popularity by the masses depends on color schemes and catchy
names. I feel the same way about duckduckgo.

Great products though.

~~~
egypturnash
Twitter’s a pretty stupid name too. So’s Facebook. You get used to them after
a while.

~~~
briandear
Facebook came from actual face books at universities. It a brilliant name
because the entire point was to see people you might want to sleep with. It
wasn’t about sharing photos with mom.

~~~
incompatible
Strange that it didn't evolve into Tinder.

~~~
kaiby
It might have if smartphones were as ubiquitous in 2004 as it is in 2018.

------
xez
>If Twitter shuts down, you’ll lose your followers. If Facebook shuts down,
you’ll lose your friends. For some platforms, it’s not a question of “if”, but
“when”.

Wouldn't this happen as well if the instance my account was created in shuts
down?

~~~
jordigh
It would and it has. In Mastodon-speak, this is called an "extinction event",
and I have seen a few of those. Mastodon, however, has already implemented
take-out feature where you can download all of your data at any time,
including your friend list. It's not perfect, because although you can keep
your followee list, your followers don't have an automatic way of knowing
where your new presence may have moved to.

Also, the stuff that has already been tooted lives on in the fediverse in
other servers, so it's not like the toots also disappear from other servers
after an extinction event, just like an email server going down doesn't delete
the email from everyone else's inbox.

~~~
PKop
I was thinking that federation still leaves unsolved the issue of knowing the
single source of truth for identities, and when instances go down, you can't
reference anything to know who/where people are.

Couldn't Keybase.io solve this? It could track your identities on these
servers, and it would exist outside of any instances or federation, but be
_the_ source of identity that would go along with any federated instances you
are a part of

~~~
skywhopper
What will we do when keybase goes away?

~~~
archgoon
Isn't keybase.io just a way of storing public keys? If they go down, and you
still have the private key, you can just sign a message saying "No, really!
It's me!"

The issue with distributed systems that rely on public keys is the lack of
options to turn to if the keys are lost or compromised. And yes, people _will_
lose keys. Systems that rely on keys for identity need to figure out what
options people have at that point to re-establish their identity.

------
froasty
Mastodon and other federated platforms are to social media what suburbia
historically has been to cities.

People think it'll resolve or at least mitigate the issues of digital privacy,
digital harassment, and digital overpopulation, but in reality will just
create ever more wasteful and unaccountable digital sprawl while inevitably
recreating the exact same problems (e.g. HOA discrimination, nosey neighbors,
hiding all non-conforming traits lest your cohabitants judge you, etc).

~~~
bhhaskin
You are comparing apples to oranges.

Self hosting a service will of course mitigate all of the issues you listed.
The control shifts from a company like Facebook into the hands of the server
owner.

~~~
froasty
Yes, and nominally so did homeownership in suburbia vs rental in overcrowded
cities. What it actually meant is that instead of being beholden to "The
Man's" cultural standards, they were now beholden to the Homeowner's
Association's. Instead of overt racism and segregation, they got redlining,
blockbusting, and racial steering. Instead of razor thin walls leading to
informal surveillance, they had to Keep Up with the Joneses.

Of course, the forces are now politically/socially based rather than
fundamentally racially based, but the principle remains the same. It's another
digital White Flight by any other name.^1

\---

1 [https://www.technologyreview.com/s/419843/did-whites-flee-
th...](https://www.technologyreview.com/s/419843/did-whites-flee-the-digital-
ghetto-of-myspace/)

~~~
prepend
You’re assuming that urban is always superior to suburban. There are many who
prefer the problems you call out vs the problems with urban centers.

------
marknadal
Mastodon is a great Federated protocol, but the problem with /any/ federated
protocol is that it is federated.

I've commented about this before, email is federated, and we saw what happened
there: Everybody moved to gmail. Federation will lead to all the same systemic
issues.

A better approach is to use P2P/decentralization, rather than a hosted
instance owning your account/identity, _you_ own your account/identity and you
can reuse it across any/all services. Even if those services die or go away,
you will always exist.

This isn't just "talk" though, we've spent the last 4 years of our lives
working on giving away truly Free and Open (MIT/Zlib/Apache2) software to help
people build stuff like this:

[https://hackernoon.com/so-you-want-to-build-a-p2p-twitter-
wi...](https://hackernoon.com/so-you-want-to-build-a-p2p-twitter-
with-e2e-encryption-f90505b2ff8)

Now there are dApps in production that have pushed terabytes of daily traffic.
We're still working through some scaling up kinks, but we're making fast
progress.

~~~
stcredzero
_I 've commented about this before, email is federated, and we saw what
happened there: Everybody moved to gmail. Federation will lead to all the same
systemic issues._

What are the systemic issues? Why did everybody move to gmail? I liked the
ability to just let my email collect and search it. I liked the spam
filtering. That's why everybody moved to gmail.

The systemic problems I saw with email had to do with server security and
spam. How is it that those problems aren't solvable federated, but solvable
P2P?

~~~
AnIdiotOnTheNet
Everyone moved to gmail because it was free with a really high storage limit,
which was unheard of at the time, and your email address would stay the same
when your ISP changed. Hotmail was the hotness before that for pretty much the
same reasons, minus the high storage limit.

~~~
marknadal
@rainbowmverse @stcredzero @AnIdiotOnTheNet

It is true that people switched to gmail because of what you say. I don't
disagree.

The point is that even with federated services, consumers will choose the most
convenient one (and they should!).

But that still means users are dependent upon that service. Imagine if
Facebook became ActivityPub protocol compliant.

They (like Google with Gmail) would have more resources to make the most
convenient/amazing Mastodon experience. Is this itself bad? No. Is it that
companies have more resources, that is bad? No.

It is simply that the following is better:

If you have a P2P/decentralized protocol, even if Google/Facebook were to
create a killer app/experience for it that everybody "switched" to, there...

\- data

\- account

\- identity

\- friends

\- etc.

Would and could still exist regardless of the backend (federated, centralized,
or not). This is not true with ActivityPub / Mastodon.

Imagine if you could have switched to gmail and automatically "kept" all your
emails? And then you could _just as easily_ switch to a different competing
email interface, and it "kept" all the emails/data you had in gmail?

That is the kicker here, by "kept" I do not mean "migrates from one to the
other", by "kept" I mean the application interface just reused the same
existing underlying data.

Extra point:

Very few people are going to switch for encryption/privacy alone. But if
gmail/activitypub/facebook/mastodon was P2P/decentralized (like is possible
with our system), then you can have competing apps (analog: gmail vs hotmail)
that are still end-to-end encrypted (analog: neither gmail's or hotmail's
servers would be able to read/decrypt your data) because that is happening in
the app (the "client") not on the federated server (like with
activitypub/mastodon) or the centralized server (gmail/facebook).

~~~
youseecomrade
It's just EEE, they'll slowly introduce better features (with a colossal
marketing budget) and after they gain the userbase back they'll close it down.
Until I see a solution for this problem I'm not going to advocate/adopt any of
these services.

------
yausername
My buzzword antibodies have been circling "federation" for quite a while, but
the email analogy in this article has made me reconsider.

Ever since quitting social networks I've been looking for a way to push
content to close friends and I really had to fall all the way down to email
before anything worked. So I'm hopeful for some slightly more tailored
technologies to step in.

------
rogerbraun
Some background information on ActivityPub in Pleroma:

[https://blog.soykaf.com/post/activity-pub-in-
pleroma/](https://blog.soykaf.com/post/activity-pub-in-pleroma/)

[https://blog.soykaf.com/post/what-is-
pleroma/](https://blog.soykaf.com/post/what-is-pleroma/)

------
rayalez
Unfortunately, at the moment it's impossible to rename/move your account to a
different domain, and if your mastodon instance is shut down(which, let's face
it, is likelier to happen than twitter shutdown), you still lose your
followers.

You can host your own instance, of course, but that requires time/money for
maintenance, and not everyone will do this.

------
jancsika
I get it from a developer standpoint, but I don't get it at all from a user
standpoint.

For example:

joinmastodon.org gives me two dropdown boxes at the bottom of their frontpage.
One asks what my interest is, the other asks what language I speak. Then it
ajaxes in some links to different instances which (I suppose) are geared
toward the interest I chose.

Does this mean that for each interest I must sign up on a different instance,
controlled by a different entity with their own terms of service?

Edit: clarification

~~~
ohtwenty
I've been using mastodon for a few months and it depends on your instance,
really. A lot are more "this is the type of people you'd expect here" (tech
people, lgbt people, art peopl, etc) but everything that isn't specifically
related to that topic is OK. I'm on a semi-political one, because that's what
I'd use a platform like that for. But it's not limited to that at all. Some
are stricter, some aren't pegged down to a topic, but might be related to a
"type" of person. I know some people who have a few accounts, to only share
stuff related to that instance. Some people end up running their own instance
(although that's easier with pleroma, you could probably run it off a toaster
if you wanted to) or just with one or two friends.

there's added value to the local timeline, especially in smaller instances
when you've just joined, because it allows you to find like-minded people. If
you could do without that the easiest option might be to join a large instance
or start your own, but both come with discoverability issues.

In short, no, you don't need to, but you could (just like you can make
multiple emails) if it helps you separate stuff

------
1wd
Is ActivityPub-based federated Git part of that future?

[https://github.com/git-federation/gitpub](https://github.com/git-
federation/gitpub)

------
skybrian
Okay, it sounds plausible that it could be a good thing. But it seems that
everything good on the Internet eventually gets weaponized by the bad guys,
and these days it seems to happen faster than ever.

So maybe we should talk about the downsides of ActivityPub?

~~~
Kinrany
This statement can be generalized to all of science and technology.

~~~
skybrian
Yes, of course.

------
amelius
But how will they deal with the GDPR?

[https://github.com/tootsuite/mastodon/issues/7280](https://github.com/tootsuite/mastodon/issues/7280)

~~~
daveid
From the thread:

>I don't expect any major changes are needed for compliance, which is why it's
been pretty low priority. it's just a matter of getting a document together
that better informs admins.

Mastodon has all the features needed for compliance, and does not collect or
store any data that's not for its primary purpose.

~~~
amelius
Does that mean that in ActivityPub, I can't share messages with a restricted
group of people?

~~~
rainbowmverse
You can do DMs, but it's possible for admins with sufficient access on each
recipient's instance to read them.

edit: I didn't see that this was in the context of GDPR.

~~~
amelius
Ok, that sounds like they don't comply with the GDPR then.

Also, doesn't ActivityPub allow closed groups?

~~~
detaro
Just as GDPR-incompliant as e-mail then, or any social media platform that's
not e2e encrypted?

~~~
Kiro
Yes, which is why you can't use email to send sensitive personal data anymore.

~~~
detaro
That doesn't mean your mail provider isn't GDPR compliant. And with the proper
agreements and technical steps in place, a business sending personal data via
e-mail could be totally fine to. (a big one would be requiring transport
encryption, which is a sensible choice for ActivityPub too, and made by
implementations, e.g. Mastodon)

It's specific to the use case and what guarantees you have, and not a strict
property of a protocol.

~~~
Kiro
What technical steps? My business used to send personal data to normal people
via email (their own data). Now we can't do that anymore.

~~~
icedchai
What do you do instead? Ship it to them on CD?

~~~
Kiro
They need to log in to access the information.

~~~
icedchai
Sounds silly and inconvenient that you can't send their own info to their own
email. Recommend you go back to what you did before. If you receive any GDPR
letters, sort it out then.

------
gavreh
ActivityPub W3C Recommendation:
[https://www.w3.org/TR/activitypub/](https://www.w3.org/TR/activitypub/)

------
fiatjaf
Who's going to host thousands of petabytes of videos on behalf of others if
not YouTube or a similar service?

~~~
Mediterraneo10
As anyone involved on the major torrent communities knows, at least some
people are willing to share the great artistic achievements of mankind,
worthwhile documentary material, etc. You will usually find seeders for the
great canon of films, ebooks, all manner of musical genres, etc. So, I assume
that for videos that really matter to some loyal audience, at least some
people will set aside storage space for that.

However, most of Google’s petabytes of video are inane "cat videos", people’s
personal uploads that only ever attract one or two of their friends to look,
or shills, and would it really be such a shame if their content couldn’t be
hosted somewhere?

~~~
s73v3r_
Yes? Aside from YouTube shows, one of the big things YouTube brought about was
the ability for anyone to post a video online, even if it was just for friends
and family. Saying, "Too bad, you're not popular so you don't get to have
video hosting" is a huge step backwards.

~~~
kaishiro
Couldn't the original poster of said video be the one to seed it if it was so
important to them that it be viewable to others. Why is the onus on a company
or organization to host personal videos for free? (If I'm misrepresenting your
stance feel free to call me on it - but that's what I'm taking away from your
comment)

~~~
s73v3r_
I'm not saying the onus should be on a company to do it for free. I'm saying
that because that happened, it was one of the things that made online video
really take off.

And, not everyone has the necessary stuff to be able to seed a video like
that. A very large part of the world has their phone as their primary
computing device. You're not gonna be able to seed a video from a phone on a
cellular connection.

------
k__
In Germany we have rather socialism like structures like the "eingetranger
Verein/eV" (membership association) or the "eingetragene Genossenschaft/eG"
(incorporated cooperative)

These are made for things like that.

The idea with a eG is, the owners are also the customers. For example, if
there is need of appartments, people found a eG to pool the money to build
multi-appartment houses where they self live in later.

Since the customers are also the "stock owners" they elect the board.

I think this fits perfectly for these federated social networks.

------
rayalez
Does anyone know if there are some good ActivityPub implementations in Node?

------
est
activitypub needs some kind of a badge/logo for recognition. Like the RSS
button.

------
deklerk
Was it necessary to change the title of this post a half dozen times?

------
mankash666
The tech and applications have existed for a while now, but adoption hasn't
been comparable to large, centralized rivals.

I'd argue activityPub isn't the future, until it root causes the reason for
anemic adoption.

Also, the best use case might not be in transferring an existing centralized
app onto activity pub

~~~
amelius
What if there was a well-maintained library that continuously scrapes a given
user's Facebook account, and publishes it to AP?

~~~
mankash666
The first question to answer is WHY user adoption remains anemic. Once there's
an understanding of the cause, solution proposals make sense.

~~~
s73v3r_
Well, to start, why would users want to move over away from the platforms they
already are on? What benefits for them are there on these other platforms?
And, what kind of marketing/outreach has been done to let them know about
them?

------
dingo_bat
Nice tech! So where's the peer tube website I can watch and upload videos?
Couldn't find it on Google or in TFA.

~~~
albertgoeswoof
[https://peer.tube/](https://peer.tube/)

~~~
dingo_bat
Thanks, I had found this. But you cannot upload here. But I figured it out
now. You can create an account and upload stuff on peertube.social.

