
ActivityPub, the secret weapon of the Fediverse - app4soft
https://homehack.nl/activitypub-the-secret-weapon-of-the-fediverse/
======
yogthos
I really think that open source federated services are the future. There are
now a bunch of these services all using the same protocol called ActivityPub.
PeetTube is a YouTube alternative, PixelFed replaces instagram, Lemmy is an
alternative to Reddit, and Plume is like medium. There are a few other
projects as well. All of these services are able to talk to each other and
allow users to share data across them creating one large federated platform.
Meanwhile, traditional commercial platforms like Fb, Twitter, and Youtube have
zero incentive to allow users to move data between them.

Another important aspect of the Fediverse is that it's much harder to censor
and manipulate than centralized networks. There is no single company deciding
what content can go on the network, and servers are hosted by regular people
across many different countries.

A federated network that's developed in the open and largely hosted non-profit
is the way internet was intended to work in the first place before it was
hijacked by corporations. I'm very glad to see that decentralized networks are
finally starting to get popular again.

~~~
zolland
What's the difference between Plume and Mastodon?

edit: nvm I see that Mastodon is more like twitter. I don't think I really
understand why I'm having to create separate accounts on each instance if they
can all communicate with each other?

~~~
kick
ActivityPub is a protocol that does very little with a whole lot of words in
the spec.

Accounts are not federated, there's no reasonable way of automating your
switch to another server assuming yours dies, so forth, so on. Mastodon has a
feature claiming to do the last one, but it doesn't actually work, because
it's not backwards compatible and only works with relatively modern Mastodon
instances (which most are not).

Also, you don't really a heavy expectation of privacy using ActivityPub. It's
very trust-based, and not in the good way.

A lot of the function of ActivityPub would be better served by RSS feeds, the
rest would probably be better served on a protocol like Zot; Diaspora would
also give you a better expectation of privacy than ActivityPub.

Zot, though, fixes basically all of those problems, and is really pretty cool.
You have one identity that you can use everywhere, all of your followers come
with you because it wasn't an afterthought, access control actually does
control access, so on, so on.

~~~
AsyncAwait
It's precisely like e-mail. Would you say email's not federated?

~~~
fauigerzigerk
The way it works with email is that I create an MX record on the DNS server to
tell people where mail for *@mydomain.com should go.

When I switch email hosters, I change that MX record. The downside is that it
only works for the domain as a whole but not for individual email addresses.

Does ActivityPub have something like this as well?

~~~
AsyncAwait
There's no support for messages addressed to @mastodon.xyz to really point to
@social.me directly, unless you do some server-side tricks yourself.

But the similarity to email is in that accounts are not federated.
xyz@gmail.com is an independent email, including storage, from xyz@outlook.com
- might be a different person entirely.

The 'federated' part of email is that xyz@gmail.com can send email to
xyz@outlook.com, practically as if both were on the same server.

This is what ActivityPub does for social networking.

~~~
fauigerzigerk
Right, so I think there are actually two separate issues here. One is
federation, which is similar between email and ActivityPub as you point out.

The other is user identity. That's the part where email appears to be more
flexible by relying on DNS to seperate user identity from email hosting (for
the small minority of users who own their domain name).

Section 3.1 of the ActivityPub spec says that objects (I think this includes
users) are identified by "publicly dereferencable URIs, such as HTTPS URIs,
with their authority belonging to that of their originating server" [1].

Now, I wonder if an "originating server" is actually required or if it's
sufficient to control the domain to which this URI belongs. It seems to me
that it should be rather simple for ActivityPub implementations to support a
mechanism similar to MX records. For instance, TXT records could be used to
achieve the same thing.

[1] [https://www.w3.org/TR/2018/REC-activitypub-20180123/#obj-
id](https://www.w3.org/TR/2018/REC-activitypub-20180123/#obj-id)

~~~
AsyncAwait
Yes, you're right that email is more flexible here, however the issue is that
lets say you have your own domain name, but use fastmail. If you loose your
fastmail for whatever reason and didn't have backups, you get to keep your
email identity if you point your MX to a new provider, which means people can
still contact you, but you won't have any of your old email.

ActivityPub servers could do something similar here and in fact Mastodon in a
sense supports this, (as you point out, the Actor's identity is essentially
the URL of their profile, which could change host), but the problem then
becomes that old interactions with the user will have 'ghost replies'.
Understandably, as far as I know to save on storage and improve response
times, not every interaction a user has on the fediverse with different users
is copied to his/her server, that is replies in a thread from different users
on different servers are still stored on their servers. Therefore if someone
in a thread deletes their server, their responses/interactions will
essentially disappear to anyone viewing that thread, so I might be replying to
something a user said, but you won't be able to see what I am replying to etc.

Mastodon supports import/export, so that an Actor/user should be able to move
servers and as long as they import their toots+followers + use the same
domain, you shouldn't notice a difference, but I don't believe this is
supported by the protocol directly.

------
sschueller
Also see PeerTube which is an attempt to provide a federated youtube based on
activitypub. What I like about peertube vs others is that the primary
development focus is on video and not monetisation althought there is a plugin
system which would allow something in the future.

Full disclosure. I am the dev of Thorium an android PeerTube client. If anyone
wants to help with development please let me know

~~~
tyfon
Peertube is really cool in theory buy they are pushing torrent crap that
displays the viewers public IP to all the other viewers and that is a major
deal breaker for me.

I've never understood why they set it up this way instead of just letting you
host the videos normally.

~~~
BlueTemplar
Why is displaying your public IP (prefix?) is an issue?

If this bothers you, shouldn't you use a VPN ?

What do you mean by "normally" ? Torrent _is_ the normal way to host large
files in a distributed manner!

------
erights
ActivityPub is important. We need it to be more widely appreciated. I'm glad
to see it on Hacker News.

Chris Webber, one of ActivityPub's creators, suggests next steps in "OcapPub:
Towards networks of consent"
[https://gitlab.com/spritely/ocappub/blob/master/README.org](https://gitlab.com/spritely/ocappub/blob/master/README.org)

Chris and I gave keynotes at ActivityPub 2019:

"ActivityPub: past, present, future" by Chris
[https://www.youtube.com/watch?v=Tgq0lqZ1Mvw](https://www.youtube.com/watch?v=Tgq0lqZ1Mvw)

"Architectures of Open Robustness" by me
[https://www.youtube.com/watch?v=NAfjEnu6R2g&list=PLzDw4TTug5...](https://www.youtube.com/watch?v=NAfjEnu6R2g&list=PLzDw4TTug5O0ywHrOz4VevVTYr6Kj_KtW)

------
robobro
Pleroma guy here. Look into pleroma! It's very lite weight, coded in elixir,
and full of excellent hackers

~~~
softwarelimits
Hi, you are using the right stack for this kind of project, very promising!

I have only two questions I could not answer myself by reading the docs, it
would be great if you would like to answer these:

A) Groups: for many use cases of "social softwares" groups are a very basic
requirement - I can not see any way to have a group inside an instance or a
way to simulate groups by using Pleroma in a multi-tenant way, like one
Pleroma instance for each group served from the same code installation (ecto
has a db prefix feature, maybe this could help with a quick path for a "multi-
tenancy-as-groups" feature?). Am I missing something or are groups simply not
there yet?

B) EU data protection: would you say that Pleroma is safe for (naive) users to
install in the sense of EU conformity or is it a risk currently for a single
person to offer a Pleroma instance in EU? I could not find any information
about this very important topic - what again made me wonder if developers are
realizing the importance of this issue at all?

Would be very interesting to read your ideas about these issues!

BTW the docs at
[https://docs.pleroma.social/readme.html](https://docs.pleroma.social/readme.html)
would be more readable if the sidebar could be adjusted to the width of the
containing text - HTML + CSS allows that, it should be used! Also having "Top"
\- a navigation directive - listed as an actual chapter name seems a little
strange.

~~~
BlueTemplar
I'm wondering if EU data protection rules are fully supposed to be applied by
small businesses. Because then it has very hard to properly follow
consequences for contact list management (smartphone and paper phonebooks,
etc.)

~~~
whoopdedo
If not it's a loophole that would allow a large data farm to split itself into
myriad "small businesses" that all share with each other.

~~~
BlueTemplar
That would either add enough friction to be too expensive, or be too easy for
the anti-fraud services to figure out ?

------
sevencolors
How does this deal with spam? Feels like it would be very easy to create bots
on all sorts of nodes in this "fediverse" that start spamming folks with
garbage

I've been curious for a while and have tried Mastodon, but am always left
with... ok, now what?

~~~
pferde
"Would be"? There are already way too many bots on Mastodon, many of them do
unpaid advertising for commercial news outlets (reposting their RSS feeds). I
guess people who run them think they're doing "fediverse" a favour, but
they're only getting more eyeballs and ad views for those outlets.

The solution is liberal and frequent use of blocking, but it's a solution that
does not scale well.

~~~
nightpool
actually, it's a solution that scales pretty well. I help run an medium sized
mastodon instance, and I managed to silence every spammy news aggregator with
a couple hours of effort, It only takes a few seconds to respond to reports of
new ones, and now the couple hundred people who use my server don't need to
worry about RSS spam at all. Small communities allow for more effecient
moderation.

~~~
pferde
Sorry for being unclear - I was referring to blocking on user level, where
everyone can decide for themselves what they consider spam, instead of leaving
it "for the admin".

~~~
toohotatopic
On user level, people could cooperate and make lists of spam accounts. There
could be various lists with different values that determine who belongs on the
list. People could subscribe to the lists that suit them and add all users on
those lists to their block list.

------
zelly
The entire model is flawed. You don't want federation (small tribes). That's
not why people use FB, IG, Twitter. They use it because that's where the
people are--network effects. The only reason I'm posting here is because this
is where your message can reach people. Federation means you will never ever
get network effects. Dead on arrival.

It's possible to have decentralization with network effects. Just have one
canonical network. Tor and Bitcoin are good examples.

Downside (or upside?) is that you can't have moderation or else whoever does
the moderation becomes the new jack and it's not decentralized anymore.

~~~
mathnmusic
Why do people use email then?

Network effects can be achieved with or without federation. They aren't
mutually exclusive.

~~~
zelly
Email is federated at a lower layer. At the UX layer, it is not federated.
Fully qualified email addresses are like usernames. If you ask a random email
user, they would think it works like this. If you ask a random Mastodon user,
they know that they have to join a relatively isolated silo. Also most uses of
email are peer-to-peer. In the case of two people emailing each other, the
number of peers is 2. This is not directly comparable to public social
networks.

Email was once the main way social networking was done via mailing lists. This
was kind of federated, because you had to ask the listserv to add you to the
list. The federated aspects of email are what caused it to die and get
replaced by forums which in turn got replaced by Reddit and Twitter.

(Notice the trend? Mailing lists -> forums -> Reddit. From federated to
centralized. Network effects.)

~~~
lokedhs
The Fediverse is federated on exactly the same layer as email. You have a
username of the form user@domain,this is the same in both Mastodon and email.

You can send messages to anyone regardless of the instance they're on. This is
also exactly the same on both Mastodon and email.

Precisely how are these different in any relevant way?

~~~
DeadSuperHero
The fediverse has conversation streams that are mostly in public indexes,
which other people can observe and interact with. In addition to these
conversations comprised of statuses representing activities, it is also
possible to follow the authors providing said content so that their latest
posts show up in your stream, regardless of whether those posts pertained to
that conversation or not.

Email, conversely, often is a limited-scope conversation that can only be
observed or interacted with between the people participating in said message.
Of course, this changes slightly with the use-case of mailing lists, which
often provide a public archive of prior messages. But email content is
generally not accessible from the web in the same manner that a status is.

~~~
lokedhs
Sure, but when I said "in a relevant way" I was talking about differences that
are relevant in the context of the conversation.

There was nothing wrong in your description of the differences between the
Fediverse and email, but none of those differences explain the previous
poster's assertion that the protocols work at fundamentally different levels.

------
sneak
> _ActivityPub prevents that a social media platform becomes a silo (see
> photo) that can’t communicate with other platforms._

I wish that were true. In practice, server admins are more than happy to block
federation with entire other domains (and all associated users, hundreds or
thousands at a time) based on little more than gossip and rumor.

Imagine if email services worked this way! “subscriber@otherhost is rumored to
be slightly politically oriented in a way we don’t like, so we as admins have
prevented everyone@thishost from mailing everyone@otherhost, and vice versa”.

[https://github.com/tootsuite/mastodon/issues/12600](https://github.com/tootsuite/mastodon/issues/12600)

“the internet treats censorship like damage and something something”

I’m glad that, in practice, you can still email people who are destination-
server-adjacent to users your local mailserver admin hates. (Of course,
mailservers can configure to drop mail from specified MXes too—but they don’t.
Usually they get spam-foldered.)

PS: I’m on the fediverse at @sneak@sneak.berlin and would love more people to
follow.

~~~
tlamponi
> In practice, server admins are more than happy to block federation with
> entire other domains (and all associated users, hundreds or thousands at a
> time) based on little more than gossip and rumor.

If that is easily possible this is doomed from the start, IMO.

You get into situations where you are at the mercy of a single person.

The linked issue's closing comment is even more backward. The issue opener did
not asked for talking to people which do not want talk to him. Blocking
between users is one thing, and can be good to have. Their issue was that the
whole federate instance doesn't peers with him, out of theirs or the federated
instance in questions people choice or support.

Peering needs to be done unconditionally, even over edges, IMO. Blocking needs
to be in the sole control of the user, not the admin of a federation server.
All else doesn't makes this better than Facebook, or any other single server
instance without federation.

~~~
progval
> You get into situations where you are at the mercy of a single person.

How is it worse than Twitter, which can also ban you?

At least on the Fediverse you can choose who that person is, and it can even
be yourself if you host your own instance.

> Peering needs to be done unconditionally, even over edges, IMO.

What about instances that are mostly spam? What about instances that are
dedicated to harassment (eg. Kiwifarms)?

Besides, you're free to use an instance with a block policy that aligns with
your opinion.

~~~
tlamponi
> How is it worse than Twitter, which can also ban you?

Who said anything about twitter and worse?? Shouldn't this be better than
Twitter?

> What about instances that are mostly spam? What about instances that are
> dedicated to harassment (eg. Kiwifarms)?

Why is that an issue? You do not get spewed their spam in your face as long as
you do not follow anybody? It has to be the users decision, anything else is
doomed to be abused against users.

And if this would become an issue, and one want's to have a more drastic
approach to handle bad apples a decision of the a federates instances users,
i.e., a conses or quorum, needs to decide.

> you're free to use an instance with a block policy that aligns with your
> opinion

No, you do not understand the basic issue here. Not only the block policy of
the instance I'm on is the issue, but all the others. So how does your
proposal solves this?

~~~
progval
> Who said anything about twitter and worse?? Shouldn't this be better than
> Twitter?

I personally believe the Fediverse is better than Twitter in that regard, but
everyone should agree that it's at least not worse.

> a conses or quorum, needs to decide.

Some instances do that, eg. [https://social.coop/](https://social.coop/)

> So how does your proposal solves this?

I didn't make a proposal, just explained what I see as an early Mastodon user.

> Not only the block policy of the instance I'm on is the issue, but all the
> others.

Again, Fediverse users choosing instances is like Twitter users choosing
blocklists. If they are on an instance which blocks yours, then either:

1\. they are aware of their instance's policy, so they indirectly agree with
the decision of not seeing your toots

2\. they are unaware of their instance's policy, which is a bad decision on
their part.

------
kodablah
Question concerning a potential impl I'm pondering: Are there any
realtime/streaming approaches with ActivityPub? Can a chat application be
reasonably implemented on it today or is the inbox/outbox federation concept
too limiting? Are there any examples of such services out there and how
reusable/generic are their approaches?

~~~
vertex-four
In the next version of my ActivityPub system which integrates chat, I'm using
XMPP, with a reference to the user's XMPP JID from the user's ActivityPub
actor.

The upside is that everyone can use standard XMPP clients like Dino or Gajim
to chat. As I'm doing video streaming over HLS, they can also use VLC or
similar to watch videos - the rest of it is then just standard ActivityPub.
The web application is built on Converse.JS and Video.JS.

~~~
BlueTemplar
Hmm, doesn't HLS have built-in DRM ?

~~~
vertex-four
Nope. HLS is an open standard without DRM - it's basically just an extended
playlist of MPEG Transport Stream files, which the client repeatedly requests
to find the next part of the stream. These can be generated with e.g.
gstreamer; at the moment I'm using nginx-rtmp-module to generate them but
intend to replace that with a more flexible/tailored option.

It can be used to transport streams with DRM, though, but there's nothing
special about that - it'll transport anything that goes in a MPEG Transport
Stream.

------
lowdose
Why isn't Twitter using and backing ActivityPub?

It sounds pretty much what Facebook has done with login with Facebook for
developers. Except that the network effects aren't controlled by 1 commercial
company but is an open source effort.

~~~
zelly
Jack said he hired a team to build a NIH version of decentralized social
networking.

~~~
dgellow
That’s misleading. They talked about considering the problem and creating a
team to investigate solutions.They were clear about the fact that they would
consider existing projects if they match their requirements.

~~~
lokedhs
And that's all we've heard about it. I think ActvityPub definitely does not
match their requirements, and also, I doubt any federation system does.

I'm saying this because their primary requirement is clearly to have strict
control over their own^H^H^Huser's content.

------
k__
I think the truth lies between federated and p2p. Personal or at least very
small instances only.

Would be cool if we could get something like remoteStorage going, but with a
one-click-way of getting your personal instance up and running and also a
simple way to transfer that from provider to provider.

~~~
anderspitman
Is remoteStorage still going? Seemed pretty dead when I evaluated it a few
weeks ago, which is really unfortunate. Seems like a decent protocol.

------
agumonkey
I had this epiphany the other day, any distributed application was actually a
messenging system. (I can hear Alan Kay scream afar). Wasn't there a project
like this ? a guy making some whatsapp revolution turning it into a generic
app platform ? I forgot.

~~~
rglullis
You are probably thinking of Movim, which is a social network built on top of
XMPP.

~~~
agumonkey
it was something with a simple name like nextapp

~~~
twoodfin
app.net

~~~
agumonkey
most probably, I dismissed it because it sounded too Microsofty :)

~~~
rglullis
App.net has been dead for years already, are you sure that is the one?

~~~
agumonkey
Not entirely but so far that's the best match. Also I didn't mean something
current, just that this dude pivoted a message exchange app into a generic
application platform, which is what activitypub feels like (and good ol'
message passing distributed programming too)

------
newnewpdro
Can anyone recommend a good and current guide on setting up and maintaining
your own mastodon instance?

~~~
progval
The official docs at
[https://docs.joinmastodon.org/](https://docs.joinmastodon.org/) should do

~~~
newnewpdro
It appears "Installing from source" is the only option?

Are there no distributions packaging mastodon and its dependencies such that I
don't need to have gcc/build-essential and piles of -dev packages installed to
run it?

~~~
progval
Mastodon has hundreds of Nodejs and Ruby dependencies, so it would be a huge
amount of work for distributions to package it. See
[https://github.com/tootsuite/mastodon/issues/3576](https://github.com/tootsuite/mastodon/issues/3576)

FreeBSD's ports used to have Mastodon, but they gave up because it kept
breaking [https://www.freshports.org/net-
im/mastodon/](https://www.freshports.org/net-im/mastodon/)

You can however run Mastodon with docker, many people use the official docker-
compose.yml config.

~~~
newnewpdro
Yikes, do you know of any activitypub-compatible implementations actually
packaged by distros? gnu social perhaps? diaspora?

I checked out Pleroma after seeing it mentioned on that freshports mastodon
page, which seemed a bit less onerous with just the OTP component but they
don't distribute an i686 build, that's unfortunately what the dusty old colo
I'm looking to run this on has.

~~~
progval
Debian Sid has Diaspora:
[https://packages.debian.org/unstable/diaspora](https://packages.debian.org/unstable/diaspora)
, but Diaspora doesn't support ActivityPub:
[https://github.com/diaspora/diaspora/issues/7422#issuecommen...](https://github.com/diaspora/diaspora/issues/7422#issuecomment-546742655)

As for GNU Social, well...
[https://wiki.debian.org/FreedomBox/Manual/GNUSocial](https://wiki.debian.org/FreedomBox/Manual/GNUSocial)

You might be interested in Yunohost, which is a Debian-based distro packaging
popular server applications (also with an easy installer, aimed at non-
technical people): [https://yunohost.org/](https://yunohost.org/)

~~~
newnewpdro
> Debian Sid has Diaspora:
> [https://packages.debian.org/unstable/diaspora](https://packages.debian.org/unstable/diaspora)
> , but Diaspora doesn't support ActivityPub:
> [https://github.com/diaspora/diaspora/issues/7422#issuecommen...](https://github.com/diaspora/diaspora/issues/7422#issuecommen..).

For posterity sake:

I just spent an hour trying to get that package happily installed in a fresh
debian sid debootstrap running in nspawn and it seems to be broken. They're
requiring an old 1.2.x ruby-zip version, and sid seems to only have 2.0. Even
after kludging past that, things break down again on unmet sass version
requirements.

So true to the 'unstable' name, this package isn't currently usable.

~~~
progval
You may want to submit a bug report:
[https://www.debian.org/Bugs/Reporting](https://www.debian.org/Bugs/Reporting)

This will more likely result in the package being removed rather than fixed,
but at least someone else won't get false hope.

~~~
newnewpdro
I emailed pkg-ruby-extras-maintainers@lists.alioth.debian.org FWIW

------
deltas
the rating system could be circular (by lack of beter name)

users would up and down vote things they like or not. value is them extracted
from contradiction(!) if user A liked content X while B does not and user B
liked Y we assume A does not like Y. with lots of fine gradients like that I
assume the high noise will eventually be drowned out by the signal.

------
sandov
I had a mastodon.social account but deleted it after the admin power tripped
and started to ban instances he didn't like.

~~~
andypants
The great thing about the fediverse is if you still want to use mastodon, you
can find a better instance that suits your needs, or run your own instance.

~~~
olah_1
> you can find a better instance that suits your needs, or run your own
> instance

I understand that this is the concept, but in practice, it's a laughable
recommendation.

Accounts aren't portable and running your own instance is an insurmountable
task for most and the cost of it is not nearly worth it.

~~~
tsukurimashou
you can export all of your account data, and you can host mastrodon on a
raspberry pie, what are you talking about

~~~
detaro
But you can't yet import that data in your new instance and have it seamlessly
continue to work from there, because your identifier obviously changed.

~~~
tangent128
Moving accounts is supported; your old account posts a machine-readable "moved
to x@y" message, which tells your followers to automatically switch to the new
location.

[https://docs.joinmastodon.org/user/moving/](https://docs.joinmastodon.org/user/moving/)

~~~
detaro
Oh cool, missed that being added. That covers a good chunk of the issue.

------
bitxbit
I like the idea of federated network but I’d rather see a virtual
implementation.

~~~
orthecreedence
What do you mean by virtual?

