this weekend i made a library for working with activitypub servers :blobcatsurprised:

it expands on work i did to try and answer the question "how many dead servers am i connected to?"

Show thread

once i'm done with the docs (currently in the testing phase) i'll publish it someplace

Show thread

somebody tell me about the activitypub threat model for when a server's domain name expires and years later is bought by a malicious party in order to assume the role or rights of a specific actor

Show thread

@garbados I was thinking about this very same thing today as I was cleaning up my follows of dead instances

They should expire after a week or two of no contact.

@garbados Practically, same as with basically any kind of federated system: The identity is the address (user@host for email/XMPP/webfinger, URL for ActivityPub) and the protocol tends to leak the social graph/contact list over time.
And well email is very slow&inefficient at it (but OpenPGP leaks it securly :D), XMPP is almost instant at it and you can recover it fully, and I think current ActivityPub is basically fast email.
I think we could make it better but making it good would require crypto and you need to be really careful with it.

@garbados dead fedi servers make up so much garbage in sidekiq

@adasauce i was astounded to learn there's no garbage collection process for dealing with them

@adasauce someone's gonna buy an obscure domain name that happened to belong to a masto instance years ago and find themselves bombarded by the federated timeline's collective traffic, a force tantamount to a distributed attack.

@garbados i started issuing domain blocks for a while as a stopgap, but it was a huge pain and started adding a bunch of load going through and deleting local content and media.

gave up after a while

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!