Discussion · bonfire.cafe

>But by default, AP disseminates posts to the public, ie to anyone.

Activities are only delivered to targets listed in to, bto, cc, bcc, and audience fields:

https://www.w3.org/TR/activitypub/#delivery

If the audience is not specified (the fields are not present), activity is not delivered to anyone. The note in this section clarifies: "it's recommended that if no recipients are specified the object remains completely private and access controls restrict the access to object".

This means ActivityPub is private by default.

The situation is less clear with "posts", because they are not activities, but everyone agrees that access to posts should be regulated in the same way, using to, cc and other fields.

Strypey

@strypey@mastodon.nzoss.nz replied · 5 months ago

Let's go through this quagmire of confused expectations point by point.

"When I post messages and data to the ActivityPub protocol ..."

You don't. You post to an independent social media service, which distributes your posts as part of the service it provides. It may do that using AP, but also web protocols (HTTPS), and other feed protocols (RSS, ATProto, Nostr, etc), depending on what's supported by the software they run to provide the service.

(2/?)

Strypey

@strypey@mastodon.nzoss.nz replied · 5 months ago

"I understand it much like e-mail ... admins ... set up infrastructure which is then used to disseminate messages from users to specific users or groups of users"

That's not what's meant by "like email", which refers only to ActivityPub moving posts around between independent social media services. Like email protocols move emails around between independent email services.

(3/?)

Strypey

@strypey@mastodon.nzoss.nz replied · 5 months ago

"This is controlled in the protocol, allowing us to dictate who gets to see what we post, and gives us better control over this process overall."

Mastodon extended vanilla AP to enable Followers-Only and Only People Mentioned posts. Most AP software supports that extension, so in practice it's usually possible to post only to "specific users or groups of users". But by default, AP disseminates posts to the public, ie to *anyone*.

(4/?)

silverpill

@silverpill@mitra.social replied · 5 months ago

@strypey

>But by default, AP disseminates posts to the public, ie to anyone.

Activities are only delivered to targets listed in to, bto, cc, bcc, and audience fields:

https://www.w3.org/TR/activitypub/#delivery

This means ActivityPub is private by default.

The situation is less clear with "posts", because they are not activities, but everyone agrees that access to posts should be regulated in the same way, using to, cc and other fields.

Strypey

@strypey@mastodon.nzoss.nz replied · 5 months ago

(1/2)

@silverpill
> The note in this section clarifies: "it's recommended that if no recipients are specified the object remains completely private and access controls restrict the access to object".

> ... ActivityPub is private by default.

I stand corrected. This was the only bit of the thread where I knew I was stretching. But I wrote it to fill time during a long car trip which was ending as I wrote that bit. So rather than leave it dangling, I decided to take a punt on it.

#MeaCulpa

Strypey

@strypey@mastodon.nzoss.nz replied · 5 months ago

(2/2)

But it's worth noting that anyone who's used the most popular fediverse apps, from identi.ca/ StatusNet on, would be under no illusions that they're all designed primarily around public posting, not private chat (Jabber/XMPP being the opposite). Until Mastodon shoehorned Titter-style DMs into OStatus, private posts weren't an option in most.

Unless you already know everyone you'd want to talk to in the fediverse, and what their @address is, public posting is the only way it's useful.

silverpill

@silverpill@mitra.social replied · 5 months ago

@strypey

>But by default, AP disseminates posts to the public, ie to anyone.

Activities are only delivered to targets listed in to, bto, cc, bcc, and audience fields:

https://www.w3.org/TR/activitypub/#delivery

This means ActivityPub is private by default.

The situation is less clear with "posts", because they are not activities, but everyone agrees that access to posts should be regulated in the same way, using to, cc and other fields.

Strypey

@strypey@mastodon.nzoss.nz replied · 5 months ago

The rest of the linked piece is full of such confused editorialising. This person is clearly not a lawyer, but is reading legal boilerplate in the most bad faith and frankly paranoid way possible.

This person is probably genuine in their desire to expose potential privacy issues, but clearly out of their depth. But if I worked for TakeTok or InstaGrim, and I wanted to undermine Loops before it started, I'd publish something just like this.

Stuff like this is FUD. Ignore.

(5/5)

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-alpha.8 no JS en

Automatic federation enabled