#Holos will be available on #FDroid soon, and we hope to get more feedback to improve the project. While #Fedilab uses server APIs, here we can do much more to improve your #Fediverse experience with an #ActivityPub server running directly on your device. We already introduced E2EE DMs and personal identity. We will go further with automatic deletion, even at posting level. You decide the availability of a message. We will also work on interaction controls from #GoToSocial.
#Holos will be available on #FDroid soon, and we hope to get more feedback to improve the project. While #Fedilab uses server APIs, here we can do much more to improve your #Fediverse experience with an #ActivityPub server running directly on your device. We already introduced E2EE DMs and personal identity. We will go further with automatic deletion, even at posting level. You decide the availability of a message. We will also work on interaction controls from #GoToSocial.
ActivityPub Server’s Custom Reply‑Control Extensions Undermine Federation
It seems like Activitbypub developers are extending ActivityPub with optional metadata to fix a lot of its issues, but that is still problematic. Trying to add moderation tools and user control to threads seems to be the ongoing battle. I am fascinated by dumpster fires, so I’ve started looking at the ActivityPub protocol in detail. I tend to become fascinated with things that are going down in flames.
As a brief recap of the problem:
So, one of the very popular features on Bluesky—also popular on Twitter—is the ability to select who can reply to a post. A major issue in the Fediverse is the inability to decide who can reply, and once you block someone, their harassing reply is still there. I honestly thought it was simply a case of them choosing not to add or address it for cultural reasons. What is clear from that thread is that they were always aware that the ActivityPub protocol and most Fediverse implementations don’t provide a universal way to control reply visibility or enforce blocks across instances.
An ActivityPub server that has reply control is GoToSocial. ActivityPub, as defined by the W3C specification, standardizes how servers federate activities. It defines actors, inboxes, outboxes, and activity types (Create, Follow, Like, Announce, etc.) expressed using ActivityStreams 2.0. It also specifies delivery mechanics (including how a Create activity reaches another server’s inbox) and how collections behave.
The specification does not include interaction policy semantics such as “only followers may reply” or “replies require manual approval.” There is no field in the normative vocabulary requiring conforming servers to enforce reply permissions. That category of rule is outside the protocol’s defined contract.
GoToSocial implements reply controls through what it calls interaction policies. These appear as additional properties on ActivityStreams objects using a custom JSON-LD namespace controlled by the GoToSocial project.
JSON-LD permits additional namespaced terms. This means the document remains structurally valid ActivityStreams and federates normally. The meaning of those custom fields, however, comes from GoToSocial’s own documentation and implementation. Other servers can ignore them without violating ActivityPub because they are not part of the interoperable core vocabulary.
Enforcement occurs locally. When a remote server sends a reply—a Create activity whose object references another via inReplyTo—ActivityPub governs delivery, not acceptance criteria. Whether the receiving server checks a reply policy, rejects the activity, queues it, or displays it is determined in the server’s inbox-processing code. The decision to accept, display, or require approval happens after successful protocol-level delivery. This behavior belongs to the application layer.
These are server-side features layered on top of ActivityPub’s transport and data model that are not actually part of ActivityPub. The protocol ensures standardized delivery of activities; however, the server implementation defines additional constraints and user-facing behavior. Two GoToSocial instances may both recognize and act on the same extension fields. However, a different implementation, such as Mastodon, has no obligation under the specification to interpret or enforce GoToSocial’s interactionPolicy properties. These fields function as extension metadata rather than protocol requirements.
The semantics of GoToSocial are not part of the specification’s defined vocabulary and processing rules for ActivityPub. They no longer operate purely at the protocol layer; it has become an application-layer contract implemented by specific servers.
Let’s use the AT Protocol as an example. Bluesky’s direct messages (DMs) are not currently part of the AT Protocol (ATProto). The AT Protocol has nothing that specifies anything for DMs, so DMs are not part of the AT Protocol. The AT Protocol was designed to handle public social interactions, but it does not define private or encrypted messaging. Bluesky implemented DMs at the application level, outside of the core protocol. DMs are centralized and stored on Bluesky’s servers. What is happening with servers like GoToSocial is sort of like that. The difference is that the AT Protocol was designed for different app views; ActivityPub was not.
The issue is the divergence in semantic interpretation that emerges at the interpretation layer. ActivityPub standardizes message delivery and defines common activity types. However, it leaves extension semantics and application-layer policy decisions to individual implementations. Servers may introduce custom JSON-LD namespaces and enforce local behaviors, such as reply restrictions, while remaining protocol-compliant. But, the noise created by divergences are problematic, because it creates unexpected, unintended, and unpredictable behavior.
Divergence appears when implementations rely on non-normative metadata and assume reciprocal handling to preserve a consistent user experience. Behavioral alignment then varies. Syntactic exchange succeeds, but behavioral consistency is not guaranteed. Though instances continue to federate at the transport level, policy semantics and processing logic differ across deployments. Those differences produce inconsistent experiences and results between implementations.
That leads to fragmentation, specifically semantic or behavioral fragmentation and an inconsistent user experiences. ActivityPub ensures syntactic interoperability, but semantic interoperability (everyone interprets and enforces rules the same way) varies. This creates a system that is federated at the transport level yet fragmented in behavior and expectations across implementations. It is funny how the thing that the fediverse touted has made the entire thing very brittle. ActivityPub technically federates correctly, but semantically falls apart once servers start adding their own behavioral rules.
RE: https://mastodon.uno/@storiespettinate/116079978445833564
Un articolo che è un piccolo capolovoro di passione e speranza. Grazie @storiespettinate .
@linux @fedimedia @BoostMediaAPS @opensource
#linux #unolinux #opensource #foss #fosdem #europa #europe #fediverso #fediverse
FOSDEM: ho impiegato tanto tempo a far sedare l'energia che mi ha portato. Ho riscritto questo articolo almeno 10 volte per renderlo il meno appassionato possibile. Mi sono arresa, non mi è possibile.
Avrei voluto parlare delle persone incontrate, delle tecnologie accarezzate, del mio reclutamento (immeritato) nel team delle "Debian Women". E degli adesivi, della guerra dei badge e dei waffle con cui ho voluto cenare.
A volte è meglio aspettare le parole.
https://valentinanardecchia.eu/2026/02/16/fosdem-il-luogo-dove-le-cose-accadono/
Warm up the fire! We're LIVE!
Fireside Fedi - Episode 74 - FediVariety - Unconference
#owncast #streaming #interview #fediverse #fedi #people #show #firesidefedi #FsF
Warm up the fire! We're LIVE!
Fireside Fedi - Episode 74 - FediVariety - Unconference
#owncast #streaming #interview #fediverse #fedi #people #show #firesidefedi #FsF
"In Europe and worldwide, people are recognising that news publishers, progressive content creators, non-profits and civic society rely on platforms that don’t share our values. Platforms which optimise algorithms for surveillance, outrage and profit."
Wondering what we're up to at the Newsmast Foundation? 🤔
Then read the latest blog from our co-founder, @michael
"In Europe and worldwide, people are recognising that news publishers, progressive content creators, non-profits and civic society rely on platforms that don’t share our values. Platforms which optimise algorithms for surveillance, outrage and profit."
Wondering what we're up to at the Newsmast Foundation? 🤔
Then read the latest blog from our co-founder, @michael
ActivityPub Server’s Custom Reply‑Control Extensions Undermine Federation
It seems like Activitbypub developers are extending ActivityPub with optional metadata to fix a lot of its issues, but that is still problematic. Trying to add moderation tools and user control to threads seems to be the ongoing battle. I am fascinated by dumpster fires, so I’ve started looking at the ActivityPub protocol in detail. I tend to become fascinated with things that are going down in flames.
As a brief recap of the problem:
So, one of the very popular features on Bluesky—also popular on Twitter—is the ability to select who can reply to a post. A major issue in the Fediverse is the inability to decide who can reply, and once you block someone, their harassing reply is still there. I honestly thought it was simply a case of them choosing not to add or address it for cultural reasons. What is clear from that thread is that they were always aware that the ActivityPub protocol and most Fediverse implementations don’t provide a universal way to control reply visibility or enforce blocks across instances.
An ActivityPub server that has reply control is GoToSocial. ActivityPub, as defined by the W3C specification, standardizes how servers federate activities. It defines actors, inboxes, outboxes, and activity types (Create, Follow, Like, Announce, etc.) expressed using ActivityStreams 2.0. It also specifies delivery mechanics (including how a Create activity reaches another server’s inbox) and how collections behave.
The specification does not include interaction policy semantics such as “only followers may reply” or “replies require manual approval.” There is no field in the normative vocabulary requiring conforming servers to enforce reply permissions. That category of rule is outside the protocol’s defined contract.
GoToSocial implements reply controls through what it calls interaction policies. These appear as additional properties on ActivityStreams objects using a custom JSON-LD namespace controlled by the GoToSocial project.
JSON-LD permits additional namespaced terms. This means the document remains structurally valid ActivityStreams and federates normally. The meaning of those custom fields, however, comes from GoToSocial’s own documentation and implementation. Other servers can ignore them without violating ActivityPub because they are not part of the interoperable core vocabulary.
Enforcement occurs locally. When a remote server sends a reply—a Create activity whose object references another via inReplyTo—ActivityPub governs delivery, not acceptance criteria. Whether the receiving server checks a reply policy, rejects the activity, queues it, or displays it is determined in the server’s inbox-processing code. The decision to accept, display, or require approval happens after successful protocol-level delivery. This behavior belongs to the application layer.
These are server-side features layered on top of ActivityPub’s transport and data model that are not actually part of ActivityPub. The protocol ensures standardized delivery of activities; however, the server implementation defines additional constraints and user-facing behavior. Two GoToSocial instances may both recognize and act on the same extension fields. However, a different implementation, such as Mastodon, has no obligation under the specification to interpret or enforce GoToSocial’s interactionPolicy properties. These fields function as extension metadata rather than protocol requirements.
The semantics of GoToSocial are not part of the specification’s defined vocabulary and processing rules for ActivityPub. They no longer operate purely at the protocol layer; it has become an application-layer contract implemented by specific servers.
Let’s use the AT Protocol as an example. Bluesky’s direct messages (DMs) are not currently part of the AT Protocol (ATProto). The AT Protocol has nothing that specifies anything for DMs, so DMs are not part of the AT Protocol. The AT Protocol was designed to handle public social interactions, but it does not define private or encrypted messaging. Bluesky implemented DMs at the application level, outside of the core protocol. DMs are centralized and stored on Bluesky’s servers. What is happening with servers like GoToSocial is sort of like that. The difference is that the AT Protocol was designed for different app views; ActivityPub was not.
The issue is the divergence in semantic interpretation that emerges at the interpretation layer. ActivityPub standardizes message delivery and defines common activity types. However, it leaves extension semantics and application-layer policy decisions to individual implementations. Servers may introduce custom JSON-LD namespaces and enforce local behaviors, such as reply restrictions, while remaining protocol-compliant. But, the noise created by divergences are problematic, because it creates unexpected, unintended, and unpredictable behavior.
Divergence appears when implementations rely on non-normative metadata and assume reciprocal handling to preserve a consistent user experience. Behavioral alignment then varies. Syntactic exchange succeeds, but behavioral consistency is not guaranteed. Though instances continue to federate at the transport level, policy semantics and processing logic differ across deployments. Those differences produce inconsistent experiences and results between implementations.
That leads to fragmentation, specifically semantic or behavioral fragmentation and an inconsistent user experiences. ActivityPub ensures syntactic interoperability, but semantic interoperability (everyone interprets and enforces rules the same way) varies. This creates a system that is federated at the transport level yet fragmented in behavior and expectations across implementations. It is funny how the thing that the fediverse touted has made the entire thing very brittle. ActivityPub technically federates correctly, but semantically falls apart once servers start adding their own behavioral rules.
Clicked through on that link for some reason
"The spec is ActivityPub, but federation is unfortunately Mastodon."
No
#ActivityPub is a protocol
It requires some sort of implementation in some sort of distribution/app
Mastodon (for one) is only *one* distribution/app
There are others
These others may or may not "federate" with each to varying degrees
They are all *different* and "varying" implementations of ActivityPub
I don't know why this is so hard to understand, but it sure seems to be...
I do not think that @naturzukunft2026 misunderstands this.
There's a difference between #ActivityPub the protocol and #fediverse the on-the-wire reality, and in the latter #Mastodon is the post-facto interoperability leader.
For there to be interoperabiity in a particular domain there needs to be agreement on data formats and msg exchanges, and the specs don't provide full coverage nor clear guidance on this. Though #ActivityStreams has a section on use cases it was designed to handle, they aren't fully specified.
Of course it is perfectly fine, and highly encouraged to model a domain in the best possible way, but you won't be "part of the fediverse" until you implement enough of the post-facto Mastodon microblogging interop quirks.
We don't have a good ecosystem-level extension approach, and the #FEP constitutes a best-effort. A bandaid that allows to present a best-practice in hopes it gets further adoption.
I'm not sure that JSON-LD offers solace though.
Woohoo! Warm up the fire!
We're gonna be LIVE! Today!
1200 UTC-5 - 1800 Brussels time
Grab a drink… Find some snacks..
Fireside Fedi - FediVariety — We’re juggling the fediverse!
#owncast #streaming #interview #fediverse #fedi #people #show #firesidefedi #FsF
#fedivariety #jugglingthefediverse #socialweb #socialtrack #fediforum #mastodon #noaw #opensocialweb #publicspaces #activitypub #research #activism #ccc #fedi
Hey everyone,
@casey and @aseelfromgz had the honour of speaking to one family from Gaza today and we’d like to welcome them to Gaza Verified.
They are:
• Sanaa azzam (@sanaa2000)
Please give them a warm welcome to Mastodon and to the fediverse, follow their account, and donate to their fundraiser if you can (and please share this so others can do the same).
Also, remember that you can find all our families who have fundraisers listed at the following page, ordered by those who have received the least in donations over the last week (on a rolling basis):
https://gaza-verified.org/donate/
Thank you for making Mastodon and the fediverse a safe space for our friends in Gaza and for your support.
💕
#Gaza #Palestine #GazaVerified #Mastodon #fediverse #newMembers #verification
@docdanny We have the #Fediverse with Loops (TikTok), Peertube (youtube), Friendica (FB), Mastodon (text), Pixelfed (Instagram) ... but these alternatives often have a lack of money and workpower, not being backed by billionaires.
The EU doesn't need to invent the wheel anew ... just help the existing structures.
RE: https://social.heise.de/@heiseonline/116079525919813911
Viele im #Fediverse sind ja überzeugt, dass dezentrale Medien weniger Anreize haben, Verweildauer zu maximieren, und deswegen nicht süchtig machen. Nun gibt es (überwiegend) keine algorithmische Timeline, aber andere UX-Elemente (Favs, invinite scroll) sind ja von großen Plattformen übernommen und nicht plötzlich wirkungslos. Daher würde mich interessieren: a) Kennt jemand Studien zu Abhängigkeitseffekten von #Mastodon und anderen Plattformen?
Wie sich das endlose Scrollen auf Jugendliche auswirkt
Schlafmangel, Selbstzweifel, Cybermobbing: Social Media kann besonders für junge Menschen zum Problem werden. Was die Forschung dazu weiß.
#CyberMobbing #Instagram #IT #Medien #Mobiles #Smartphone #SocialMedia #TikTok #news
RE: https://social.heise.de/@heiseonline/116079525919813911
Viele im #Fediverse sind ja überzeugt, dass dezentrale Medien weniger Anreize haben, Verweildauer zu maximieren, und deswegen nicht süchtig machen. Nun gibt es (überwiegend) keine algorithmische Timeline, aber andere UX-Elemente (Favs, invinite scroll) sind ja von großen Plattformen übernommen und nicht plötzlich wirkungslos. Daher würde mich interessieren: a) Kennt jemand Studien zu Abhängigkeitseffekten von #Mastodon und anderen Plattformen?
Wie sich das endlose Scrollen auf Jugendliche auswirkt
Schlafmangel, Selbstzweifel, Cybermobbing: Social Media kann besonders für junge Menschen zum Problem werden. Was die Forschung dazu weiß.
#CyberMobbing #Instagram #IT #Medien #Mobiles #Smartphone #SocialMedia #TikTok #news