Comment by rglullis

Comment by rglullis 15 hours ago

9 replies

View on Hacker News

> if I'm writing to a blog or a microblog I just don't really care who follows me or even who reads it.

- if you want to have comments or backtracks, you can do it with ActivityPub without having people signing up to your site (directly or through some OAuth system)

- If you want to mitigate spam, you can set up your AP blog to only accept messages on the inbox from actors who you whitelist.

- You could have your own Substack where you only send the updates to actors who are paying subscribers.

apitman 12 hours ago

> if you want to have comments or backtracks, you can do it with ActivityPub without having people signing up to your site (directly or through some OAuth system)

You can do the same thing with RSS+We mention, which is a way simpler stack and predates ActivityPub by years

Reply View 6 replies
  • rglullis 11 hours ago

    Webmentions are a spammer's wet dream. There is a reason they were adopted only by the Indieweb crowd.

    Anyway, my point was less "ActivityPub can do everything people can do with RSS" and more "having a mechanism to for bidirectional authenticated messages opens up the possibility of new applications".

    The real interesting part will happen when/if more developers realize that ActivityPub can do more than "federated versions of popular social media platforms".

    Reply View 5 replies
    • freosam 4 hours ago

      Spammers would have to host a page (permanently) that links to your post, and even then they don't get to control what (if anything) from that page gets displayed on your site.

      I guess one danger is that they only serve the page that contains your link to the webmention-validating request. That way they get a backlink but don't have to keep a public outgoing link. They'd have to know that a given request is that validation though, and I'm not sure that'd be very easy.

      Reply View 0 replies
    • apitman 10 hours ago

      I might be misunderstanding what you're saying here. How is ActivityPub more authenticated than Webmention? WM requires the poster to host their content on a website. This is exactly what the AP spec says to do. Now, since the spec was published, most AP implementations also support HTTP signatures[0], but this doesn't provide additional guarantees that you can't get with WM. The authentication is still tied to a URL.

      As far as spamming goes, I don't see how WM is any worse than AP. In both protocols your only options are passlists and/or blocklists.

      [0]: And an old version that doesn't have an official spec. ActivityPub's issues with spec stagnation and de facto standards is a whole other thing.

      Reply View 3 replies
      • johnmaguire 10 hours ago

        I haven't dug into these, so apologies for the naive question, but for a multi-tenant service like WordPress.com, can you effectively limit which WordPress blogs can WebMention you? If the allowlist is formed on the domain, this seems limiting.

        Perhaps more advanced URL regex can achieve more fine-grained control but I do still see advantages in pubkey auth (especially if people want to move their content.)

        Still, I do find myself wishing for a lighterweight-than-ActivityPub middleground.

        Reply View 2 replies
_heimdall 15 hours ago

The OP here specifically wasn't including any auth features, which I was pretty sure would mean backtracks and comments aren't supported but maybe that's wring. It is possible with ActivityPub, but I'd personally be hesitant to run my own OAuth server just for a microblog.

Regardless, my underlying point really is about what I expect of a microblog. If I'm hosting it myself I just want it to be my little corner of the internet, not a full fledged social media site that I have to maintain. That doesn't mean I'm right or that others don't expect more.

Reply View 1 reply
  • rglullis 14 hours ago

    > If I'm hosting it myself I just want it to be my little corner of the internet, not a full fledged social media site that I have to maintain.

    I think the problem is that OP is focused on developing a framework for AP, and he is dogfooding it by developing an application that other people can understand without too many new concepts.

    This is good if you want people to get experiments, but it is terrible as a way to present the true potential of the protocol: https://cosocial.ca/@evan/113143389340566731

    Reply View 0 replies