@ncrav Not an expert of GDPR with regards to storage, but worth nothing that nothing is stored. All the posts that are sent to it are based on the rules of ActivityPub itself. It has the ability to request a follow, and then posts that come in are displayed for a period of time.
Note nothing is ever stored. It exists only so long as the server has not restarted, or while nothing new comes in. Totally ephemeral.
This only respects the rules of ActivityPub that are listed as must, but I have code to implement some of the should as well.
@FinchHaven Just out of curiosity have you ever used email? Do you understand how that works?
Not being condescending BTW. I think there seems to be a lack of knowledge about how the underlying protocol that ActivityPub creates and that Mastodon uses.
@tastytea All your posts are copyright by default. Basic human right.
If you have not have any requests to follow from the server than non of your posts should show up.
@cloy Reminder that there is no indexing going on. It only has the ability to follow people. The difference is that its inbox is public, and anyone can view it.
@cloy There is probably some other technical solution around getting RSS of peoples posts.
This was just something I realised was trivial to do with not much code. I may have been the first to implement it, but I probably would not be the last.
@ben Worth keeping in mind that “delete” actions in ActivityPub are a “should” implementation detail. Servers are not obliged to actually implement it.
@jeder That’s 100% true, for mastodon instances. However others do not have this. Plus what if I want to follow a group of people in RSS without a login?
@maryjane Yep true. RSS is not the only reason I did this, but it seemed like a useful use case even if there are other technical ways around it.
@maryjane I think if you are relying on the name and not the name + domain you are in for issues long term. Ideally run things under your own domain name to really prove ownership.
@mjgardner All the links do link back to the source. It even includes the activitypub post that the server consumed.
@rmdes Let me know how that is meant to work under the current way to follow and I would be happy to implement.
@pre Disposable public no-login fediverse accounts. 100% nailed it.
Partly implemented because its very hard to build against ActivityPub without something like this.
As you said, no posts allowed.
@rkofman The abuse vectors are a side affect of how activitypub works. If someone has a good answer to solving it beyond moderation id love to hear more.
@wigglytuffitout Thank you for your comment. I should remind you that when communicating on the internet you are dealing with real people.
As such saying things such as “go ask for a refund of your degree” is likely to only make others angry. This is not a constructive thing to do. Also I am not a “tech-bro” which I assume you threw in as an insult and will treat it as such.
Reminder, that what I did was implement something literally anyone with a few months programming experience could do. Technically not that difficult. It does however potentially raise some serious issues in the space. I may have been the first to do so but I doubt I would be the last.
Perhaps it’s better to find out now and solve the issue while everything isn’t yet creaking under the weight of mass adoption.
Have a good day.
@ncrav You do understand how follows on Mastodon/ActivityPub works don’t you?
When someone follows you, your account stores that request and when you post, it pushes that post to all of the followers.
I suspect a lot of people are missing this.
@ben Which I am fine with. Defederation is part and parcel of how it all works.
However I doubt anyone wants a mono-culture of just mastodon either, which means accepting that the spec as written does not force deletes.
@cloy I think that this has clearly demonstrated is that a lot of people have no idea how ActivityPub and by extension Mastodon actually work.
And that is going to blow up in a lot of peoples faces.
@jeder So just because another technical solution exists we shouldnt have more?
BTW thats just an example use case I thought about. Having a public instance you can post content at is fairly useful for those writing their own implementations too.
@ben I was fully expecting pushback. However I had hoped people would be more interesting in solving the core problem.
Anyone can do something like this. It’s actually fairly easy. Nobody is proposing solutions other than shut it down. I just happen to be responding and reading the feedback. I don’t know if the next person to do it will.
@cloy Even a good actor might not respect it. From memory thats a Mastodon specific flag.
@wigglytuffitout I think you need to go read how ActivityPub/Mastodon actually work. If you think I am bad, consider the fact I am actually responding to you about it, without as you did starting and ending with insults.
What about the next person who does it and then ignores the feedback. What is your plan then?
@cloy Thats for dammed sure.
@jeder What I did was implement the bare minimum required to get posts.
Then make it such that there was no rate limit on the number of accounts.
There is now additional republishing beyond what any other federated server does.
@rigo Totally. If you have some copy that you think would clear it up let me know and ill add it in.
@jeder It only shows what it receives, so long as other instances respect that and you don’t let it follow you it will never display that post.
@boyter and yes - a storm is coming, we have given companies like cambridge analytica all the keys to the castle on an honor system yet are bitching about privacy when anyone points that out publicly.
@ben Yep. I have been looking into ActivityPub for a while. Only a few days worth of actual code.
If I can do it in a few evenings, someone else can.
@ncrav Except that there are no proxy accounts? They are all legit fediverse accounts. Otherwise they would not be able to subscribe and get your posts.
The only difference is that they didn't need a human to sign up to create them and they are all public.
They 100% follow the required specifications for ActivityPub.
@wigglytuffitout I must admit I love how you instantly assume my place in society, my gender and my race, and then use that to attack me. Sounds like a great approach to dealing with people.
@FinchHaven Much the same.
Email as you say generally is not one to many, except if you add more into the CC/BCC. Which is pretty much what ActivityPub is, except people opt into your CC/BCC by choice.
All this is doing is requesting you to send your updates, again though the approved protocol ActivityPub.
If I took a mastodon instance, and removed all login requirements we would have the same situation. The difference is that I just reimplemented against the spec.
@maryjane I guess the point is, whats stopping someone from being @maryjane or some other instance? Are you going to claim that handles are special? They were on twitter and other single sites? When it comes to fediverse its the combination that provides uniqueness.
I don't think anyone is going to be able to claim a name is theirs when someone claims another on another site.
You totally can have have your own infrastructure. That's the point of it all. If someone does something you don't like within the rules though, then don't federate with them perhaps?
Accounts, don't actually do anything. They aren't bot's persay, more an existing inbox that anyone can message at. For example @justforexample will get this message, and you can view it here https://mastinator.com/inbox/justforexample/
But you can use any @ to send things to it.
@wigglytuffitout I actually don't really care about you or what you say about me.
I just find it interesting you went down that path, after saying that I should be protective of your rights and safety, despite me being civil, engaging politely and not resorting to slurs or insults.
I suspect you cannot see your own hypocrisy.
@wigglytuffitout I was just pointing out how its curious that's where you go as a first reaction.
@wigglytuffitout Thanks for confirming a lot of what I previously thought about tumblr users.
@MobileOak Every inbox exists. So @MobileOak exists and will have this post in it which you can view here https://mastinator.com/inbox/MobileOak/ because I did an @ directly at it.
I could then ask it to subscribe to you, and any update you posted would be delivered to it. This is how ActivityPub is designed.
Yes, this means you could use @boyter (which will also have this post in it now).
However the server NEVER posts. You can never get it to send a honk/toot/post to any other instance.
@maryjane I am providing every inbox without the need to login?
The only difference between what is done here and any other instance is that you need to register on one.
@maryjane So providing less functionality is your problem here? How is this any different from RSS, except instead of polling many servers it sits and consumes respecting what the 3rd parties are providing?
@cloy Yep. I would actually like ActivityPub to be used as an email replacement actually.
I would want some sort of PoW system in there like bitmessage though to discourage spam.
@cloy Far more secure. You could also end to end encrypt it since the pub/pri keys are already setup.
So even were someone to intercept at the HTTPS offloading it would do them little good.
@maryjane That was just an example of how it could potentially be used.
Its an easier explanation than as a place to test your activitypub implementation against as a lot of people don't know what that is nor care.
@jared Sure more than happy to. Also happy respond over any other medium you prefer if this proves problematic.
I have been working with ActivityPub for a while as I wanted to create my own server to meet my needs. I found that sending posts was an exercise in frustration as I didn't want to send spam to real instances while working on it.
As such I implemented the minimum subset of ActivityPub the "must" portion to support allowing the sending of a Create event. This would allow me to test my implementations. Once catch of course being it actually needs to be live.
I could host it, and allow anyone to @ at any address allowing real tests.
I then realised I could add a follow event and use to to consume posts from different people without needing to have an account somewhere. So fully anonymous. This is a similar idea to disposable email, hence the name being close to mailinator, the first disposable email website.
With that done I posted it. and added a few accounts to follow to observe how it behaved in production, and then the show started.
A few things to stress.
1. It only follows what the ActivityPub spec defines as must.
2. It took a few evenings to implement, so literally anyone could do this, the catch is I was public about it and interacting with the feedback (even if it was very hostile).
3. It can never send a message.
4. It only works in a similar manner to the federated timeline on any Mastodon server.
I have never had any evil intentions with this. It started as me wanting to build my own implementation, and then turned into a quick hack to allow everyone to do it.
Let me know if you want more details, or have further questions etc... Always happy to respond.
@jared Oh I would love to know when the podcast goes out too! Not sure if following you will let me know but doing that anyway.
@FinchHaven Except when you do CC, it literally sends a new copy to each CC'ed person.
The same happens for every fedirated follower you have. For each one a copy is sent to a different server.
If the example was poor I apologise, but its the best I can come up with.
@jared Neat. Will subscribe and check it out.
Oh one other thing that occurs to me. I think that there is a lack of understanding as to how the fediverse works. Some of the replies I have gotten seem to indicate this.
I suspect people are using Mastodon/ActivityPub when they should actually be using their own invite only forum. Either that or block federation with everything, or create their own special allowlists and have their own federation.
@kevingranade It's certainly not doing anything outside of the specifications.
There is no display of content not presented to it, in a similar manner to any federated timeline on any other instance.
@ben Neat. I suspect it’s unlikely. Just possible now. What am I hoping is that it’s used more for testing new implementations. Which is what I created it for. The follow big was part of that and the rss was just trivial to implement afterward.
@piratepost sorry but your understanding is totally false. It never reaches out to consume or scrape data from any instance or website.
It only operates within the rules of ActivityPub, and indeed the federated network itself. It makes a signed follow request, and if the instance accepts it then data is sent.
That data is only ever sent if the poster ops into doing so, which I might add is in their own control, and if their instance allows it, which the instance admin is in control of. Both of those might be the same person in some cases.
How do you think people, on other instances get your posts?
@mro sorry not sure what the context is here. If you can improve your question I’d be happy to answer.
@mro ah gotcha. Personal identity on the internet is one of those difficult ones. I don’t know the solution beyond a trusted 3rd party you can refer to.
@mro that’s the best I can come up with as well but it’s hardly reliable. Forget to renew and it gets sniped, name squatters, people with really common names etc…
It’s why I tried to own all things online under a single name, but no way can everyone do that.
@boyter Use your own domain. (ic, preaching the choir.) That has only the 3rd parties of registrars and authorities which if any have to be trusted anyway.
@clov If you believe that to be the case then every other federated server on the internet is also violating those laws.
@devnull Except nothing is copied. Every inbox exists. If someone were to generate every name in the world and put it online would you consider that a violation?
Remember nothing is copied from anyone. It only shows what was sent to it.
Note its not processing any PII unless someone volunteers it by allowing federation and posting it. Probably an issue, but then again that same issue applies to any other federated instances and the same where the post was created.
@clov Which is fine. I have no problems or issues with your stance. Difference of opinion is a healthy thing.
However do remember I am also responding, and talking about it. Will someone who actually has bad intentions do the same?
@cloy Yep totally aware. I never had any intention to scrape anything. If I were doing that I wouldn’t have even bothered to deal with the stupidly chatty way ActivityPub works.
Hit finger, to get user, to post, to get a reply… So many requests. It’s almost as bad as SMTP. Hello -> Hello, Mail’s to Bob -> OK, Mail’s from Jane -> OK…
@cloy I would be surprised if its not already happening. A lot of larger companies now have a “mastodon” plan in the works.
Wanting/demanding a search that works across all instances is going to be a requirement for them, and someone is going to fill it.
If this needs to be controlled it needs to happen now, either by disabling these feeds, teaching people about how the fediverse works, or moving to a allow-list only fediverse for those who really want things private.
@cloy Public posts are, totally public, and the network literally encourages having you post them around.
My stance online has always been “Everything online should be considered public”. With hacks, buyouts and just neglect nothing seems to remain hidden online, and it never forgets.
@boyter - and I agree, but how when half the people on here are going to shoot down any sensible debate?
@MobileOak Yep, my inbox is a little crazy right now. I am 100% happy to respond to anything as best I can, but its a bit hard for me to trawl the multiple threads going on.
If you add all your questions in one post, or perhaps multiple at me I am happy to take some time to respond.
@clov I guess you cannot. I have no control over what you believe. You can however chose to judge based on actions. I will list some below.
I have done active outreach to high profile people discussing this.
I have responded to every request (I think) I have gotten with what was done and why I did it. Without restoring to personal attacks, aggression or hostility even when that was presented to me.
I have modified the service in response to shortcomings that were identified.
I have reached out to find out how to implement better protections.
I have also made suggestions on problems that exist within the current implementations, along with suggestions on how to resolve them.
I continue to ask how things could be improved, discussing and assisting where possible.
I also point out, that were I wanting to be evil I could have done none of the above, ignored everything and started implementing the work around.
I have also been the first to suggest just blocking it if you have a problem with it.
None of the above in my opinion are the actions of someone dishonorable.
@clov I don't believe that it does. If you allow your posts to be federated, then once they leave your server you no longer have control over them.
If you want privacy, don't use a federated service, disable the federation or use an allow list of instances to federate with.
Possibly consider matrix as well which offers much better privacy controls.
@clov I don't believe that it does. If you allow your posts to be federated, then once they leave your server you no longer have control over them.
If you want privacy, don't use a federated service, disable the federation or use an allow list of instances to federate with.
Possibly consider matrix as well which offers much better privacy controls.
@clov I have answered several times.
I 100% care about privacy. If you also care about privacy, don't post your content publicly. Especially using a platform that broadcasts it.
Included below again.
I don't believe that it does. If you allow your posts to be federated, then once they leave your server you no longer have control over them.
If you want privacy, don't use a federated service, disable the federation or use an allow list of instances to federate with.
Possibly consider matrix as well which offers much better privacy controls.
@clov Show me where a private message has been posted publicly and I will 100% ensure it cannot happen ever again.
@clov Please, pick an account on the service, post a private message, and I will update the code to ensure it never happens again.
Should only take me 5 mins to do.
@clov It does not send follows to any account without explicitly being asked to by someone.
If it follows someone its because someone else added them to be followed.
@clov If someone knows the address how can it be private? The service does not know, it only submits the request.
@clov No. It has no discovery features in it at all. If someone follows a private account, it means they were aware of the private account and added it.
There is literally no other way for it to enter the system.
@clov Several years.
@clov I'll throw this back at you. Show me how to identify a private account, either through webfinger or a request to the user information and I will ensure I don't let those follow requests ever happen.
@clov I am very aware of what a private account is. I am unaware of how I am supposed to determine it is one using the existing protocols.
@clov I don't use mastodon, and that is not clearly defined in ActivityPub.
Look are you just here to try and convince me I know nothing with your logic or actually assist? If the former I have other people I could be working with.
If the latter, I am totally onboard with solving issues.
@clov So I have attempted to answer everything as clearly as possible If you need better responses please ask in point form and I will do my best to answer.
@clov So if they pick an inbox, and submit it to be followed the following happens.
1. The handle is checked to ensure its of a valid form.
2. If it looks valid it is enqueued to be processed. This can fail if the queue is full, in which case the user is told to try again later.
3. On a schedule the oldest item on the queue is pulled, and checked to see if the inbox that is requesting it contains anything that might be used to abuse someone. If it fails this test the message id discarded. No notification is sent to the front end for this by design to prevent people knowing that this happened, although the name is logged to ensure it was not a false positive match.
4. If the previous step passes, a webfinger request is made against the server to obtain the users details. It then queries again to get their inbox, and lastly posts a follow request to the inbox, by crafting the appropiate json and signing using the private key for the inbox.
5. The message is discarded. Mastinator as mentioned is ephemeral, it does not record these follow requests.
The entire process is rate limited fairly heavily to avoid overloading any server.
@clov Sorry my inbox is utterly crazy at the moment. Please include the question in the message so I can respond to the correct thing.
@clov There has not, nor has there ever been a follow bot implemented by me for this.
@clov It is a regular account like any other. I added some users to it when I deployed the server to verify everything worked. I suspect some other people may have as well.
@clov No. I picked a random sample based off accounts I knew posted a lot so it would get activity.
I had verified my implementation against honk, but not against Mastodon where all of those accounts are.
@clov No. If you allow follows, and accept them that is consent.
Otherwise why would you allow such a thing inside a federated system where following people is a core part of the system. Especially when the ability to disable / block this sort of thing is in the power of the user.
Had I noticed anyone requesting if they could follow before doing it I would have implemented something similar.
@clov Not unless there is something returned from the user endpoint https://mastinator.com/u/test or the webfinger endpoint https://mastinator.com/.well-known/webfinger?resource=acct:test@mastinator.com
@clov Yes. By asking for the follow. If they accept that then they are consenting to distribute their data. They even then post it directly.
@clov The only way a follow request can ever occur is if someone goes to an inbox and requests it. Of course the process after this is automated, how else could that work?
Let me explain it this way. A follow request works in 100% the same way your Mastodon instance works. Both are triggered by a user requesting it, after that its automated. In the case of mastodon probably though sidekiq jobs.
@clov The same way every other instance does, by making an agreed request "I would like to follow you". Consent is them accepting it and then posting towards it.
Every Mastodon instance notifies you about the follow, and allows you to reject it. You can also turn off automatic accepts and manually approve everything.
@clov I think you mean EU? If so no.
@clov Needs custom code, although the moment it was deployed anything gathered would be gone. Or possibly gone anyway since its all ephemeral and everything is removed as new things come in.
As I have mentioned several times, nothing is ever stored.
So technically, its not possible without actually also destroying the data you want.
@clov Like I said not actually technically possible.
If you know the inbox it landed in you could check it yourself. If its not there, its already gone.
What you are in effect asking for is a search across the system, which is a big no no.
@clov Yep. I am responding. Not possible. Or rather I can add the code to do it, but in doing so I will destroy the data.
Responding to GDRP requests is one of the reasons I never persist the data. Its just not possible.
@clov Mostly to test your own ActivityPub implementations. Since its fully ephemeral, and accepts anything you can even use CURL to submit things if you like. Will be more useful when I stop responding to people asking about it and add the rest of the types.
EG
curl --location --request POST 'https://mastinator.com/u/curly/inbox' \
- -header 'Content-Type: application/json' \
- -data-raw '{
"@context": "https://www.w3.org/ns/activitystreams",
"actor": "https://mastinator.com/",
"id": "NOTETHISMUSTBEUNIQUE",
"object": {
"content": "Hello!",
"conversation": "empty",
"id": "NOTETHISMUSTBEUNIQUE",
"published": "2022-12-20T06:03:41Z",
"summary": "",
"to": "https://www.w3.org/ns/activitystreams#Public",
"type": "Note",
"url": "https://mastinator.com/"
},
"published": "2022-12-20T06:03:41Z",
"to": "https://www.w3.org/ns/activitystreams#Public",
"type": "Create"
}'
@clov So as I am saying.
The data only exists in memory.
If I add code to get that data, I have to restart the service to add it.
This restart would cause the data to be removed.
Hence it is not possible for me to provide what you are requesting.
@clov Validating your ActivityPub implementation is one reason. Another would be to follow accounts totally anonymously. Third would be to aggregate multiple follows into a single RSS (which is possible in some feed readers but not all).
@clov Totally within your rights to believe that.
@clov For the 3rd time it is not a "bot". It's a piece of code that implements the follow functionality that ActivityPub allows. Anyone building on ActivityPub will need to implement this functionality eventually. It is there to validate that this functionality works, both from a follow and following point of view.
@clov Strangely enough if you ask the same questions repeatedly for some reason you get some variance in the response.
@clov How else do you follow a user on ActivityPub.
@clov Copy pasted for you so its 100% the same as before.
How else do you follow a user on ActivityPub.
@clov How else do you follow a user on ActivityPub.
@clov How else do you follow a user on ActivityPub.
@clov Probably not. However my goal was always to build my own AP implementation.
Also the community takes a very dim view to that sort of collection. Creating a RSS reader or scaper to collect data is frowned upon. It would have been easier though, if the goal was to just collect.
@clov Yes.
@clov Obviously my opinion here. You are of course going to insist I am wrong after I post it, but then not bother to correct me.
There is an assumption that toots/posts are private and never leave their followers timelines. While this is not the case because federation causes those posts to appear on the federated timelines which are public there was a gentlemen's agreement in place when there was less people on the fediverse that this would not be made easily public.
Hence a push-back on search services as well.
People want to publicly broadcast their voice, but not have their posts viewable publicly and the only thing stopping them is etiquette.
@clov How predictable. I called it from you saying it would be wrong, to not supplying a correction.
@clov Just interrogate, shout down, not actually say anything constructive though.
@clov If you believe so.
@clov I would be willing to if you actually supplied any useful ideas. More than willing to implement them.
@clov Clearly you are smarter than I will ever be.
@devnull no clone accounts. Every account existed.
It only showed what was being sent to it.
You already don’t have follower only visibility though RSS.
@devnull blocked only applies to that user or instance. It’s trivial to create another account.
If accounts not being locked by default then if people expectations are that it is change the default or educate your users. You are setting them up for fail.
@devnull every account possible existed. Every follow that was issued was manual and approved by the person being followed.
Some were implicit and that default needs to change or you have to let people know what they are getting into.
You act like this system is private and secure and it’s anything but by default.
@devnull if you think others aren’t doing similar things for fun you are missing the point. There are going to be people doing it for profit. And they are not going to give a crap what you think.
And you say not useful but perhaps that’s because you haven’t tried to implement against the standards.
@devnull once again. No clone accounts. Every account existed. Any name you can think of had an inbox that worked.
@prutser thank you.