this weekend i made a library for working with activitypub servers :blobcatsurprised:

it expands on work i did to try and answer the question "how many dead servers am i connected to?"

Show thread

once i'm done with the docs (currently in the testing phase) i'll publish it someplace

Show thread

somebody tell me about the activitypub threat model for when a server's domain name expires and years later is bought by a malicious party in order to assume the role or rights of a specific actor

@garbados I was thinking about this very same thing today as I was cleaning up my follows of dead instances

They should expire after a week or two of no contact.

@garbados Practically, same as with basically any kind of federated system: The identity is the address (user@host for email/XMPP/webfinger, URL for ActivityPub) and the protocol tends to leak the social graph/contact list over time.
And well email is very slow&inefficient at it (but OpenPGP leaks it securly :D), XMPP is almost instant at it and you can recover it fully, and I think current ActivityPub is basically fast email.
I think we could make it better but making it good would require crypto and you need to be really careful with it.
Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!