Mike MacgirvinMay 21, 2019
I know a little bit about federation when it comes to projects in the fediverse - probably more than a lot of people reading these words. Federation is only 20% using common protocols and 80% sharing common "policies" and principles. Implementing common protocols is easy. It's just programming - anybody can theoretically do it. Sacrificing your principles is much harder - assuming you have any. Your choices are either to draw a line in the sand and stick with your principles, or give in to an unacceptable solution and stand accused of having the scruples of a crack whore.

I used to give in, because that choice makes it possible for two completely dissimilar projects to actually work together.

Emphasis on "used to".
Show threadMike MacgirvinMay 21, 2019
@maiyannah I'm not ignoring the fediverse (I'm using it right now). I played the world domination game twenty years ago. It was certainly fun, though I did a lot of things I now regret. I'm an old man now. Not a lot of time left to fix my karma.
Show threadStrypeyMay 22, 2019

@maiyannah @macgirvin
> it'd just be adding problems to postActiv without any benefits

What about being inter-operable with the vast majority of federated social instances currently in use, including non-micro-blog ones like #PeerTube, #PixelFed, and #WordPress blogs using #Pterotype? If I was a user on a postActiv instance, I would consider that a pretty important benefit.

Show threadMike Macgirvin
@strypey @maiyannah

"Inter-operable" is a tall order, especially considering that interop opens you to spam and strips away a lot of your privacy. Your media is all forced public. Your content is mangled beyond recognition by primitive text-only and length-restricted platforms. It also completely destroys any chance to use nomadic identity.

It's no longer a benefit to your users but a liability and a threat to your network security and data integrity. Your users can always just use the popular project and say goodbye to yours (until they get burned by dickpics and harrassment or site shutdowns and come running back). Life is a series of choices and sometimes people make bad decisions. I'm OK with that. But just because they do doesn't mean I have to.
May 22, 2019 at 10:24amWeb
Show threadStrypeyMay 22, 2019

@macgirvin There's obviously some nuts and bolts I don't understand
> [ActivityPub] strips away a lot of your privacy. Your media is all forced public.

Why can't Zot servers just treat instances in the non-Zot networks as if they're web browsers? They request content from a Zot server, which sees that they don't represent a logged in Zot user, and only serve the content if it's marked public-facing by whoever created it. Then treat an AP 'follow' as a ongoing request?

@maiyannah

Show threadMike MacgirvinMay 22, 2019
@strypey @maiyannah

Why bother? I'm tired of telling people that their photos are private only for Zot friends. Nobody else can see them. If you only have Zot friends, privacy just works. If you have other friends it doesn't. People just go "meh that's too complicated..." and they're right. It is. Do you want a complicated network with privacy and lists of exclusions and gotchas or a network with privacy that just bloody works and there's nothing to explain? I'll take the latter.
Show threadStrypeyMay 22, 2019
@macgirvin Couldn't you make the sharing one-way? So users outside the #Zot network can follow public posts of users inside it, but can't be seen or "friended" from within the Zot app UI? That way you get both the simple #UX (anyone I can friend can see private stuf I share) and the public reach (I don't need to post public stuff on two different apps to reach the available federated meta-network)
@maiyannah
Show threadStrypeyMay 22, 2019
@macgirvin I only ask because although often find myself agreeing with your Zot design decisions, the only thing that stops me using Zap over Mastodon, and recommending it to everyone I know, is the inability to have public posts syndicate over AP networks (and actually over Titter too which I can do with Masto cross-posters).
@maiyannah
Show threadStrypeyMay 22, 2019

@macgirvin
> interop opens you to spam

Can you link me to anything that explains how Zot does a better job of preventing spam than AP? I'd like to learn more about this, because I agree it's really important in any federated network.
@maiyannah

Show threadMike MacgirvinMay 22, 2019
@strypey @maiyannah

(PS: I use the word "you" in this post collectively. It is not directed at any person).

That's not hard at all. Any human (or robot) can comment on your posts, except those that you or your site have already blocked. Now think how many posts there are on the AP network. That's a lot of wide open spam targets. But you're in good company. Diaspora does the same. Now think about a spam delivery engine generating 100 messages a second. (I've seen them perform orders of magnitude above this). Sure you can block the spammer. But they can open another engine on a new site. And another and another. In fact they can spin up new VMs as quickly as they can allocate domain names and ip addresses. I can't think of a way to stop it (short of designing security in from day one - and it's probably a bit late for that).

There are reasons why this was allowed and became the network default. I understand that. The zot default is for comments from connections only and you can force moderation of comments for any connection. (You can also change this and allow anybody but that isn't exacly a sane default.) There are moderated groups so spammers don't sneak into your stream through one of your groups. That's just a start.