Hey, i’m a software developer and i’m considering trying to build a site using ActivityPub, but i have a few concerns about it. My first concern is that if the platform is open source someone can host a malicious version of it, where certain requests may be ignored (such as deletion).

This leads into my next concern which is GDPR, because now i can’t be certain that a users data gets deleted upon their request and i’m not certain whether i would be liable since my instance federates with the malicious instance (which may also not be hosted in the EU which is itself problematic, and even if i’m not liable it’s still not great).

I considered if it was viable to make the platform invite based somehow, so that it doesn’t federate with everything by default, but that also sort of defeats the purpose of using ActivityPub.

The loss of control over content is also something that i don’t particularly like, since some people may use their own instance for harassment or something else gross, but i guess that wouldn’t be my problem since i just wrote the code and wouldn’t have anything to do with the hosting of such sites.

i’d appreciate any feedback since i think the technology and the fediverse is very interesting, i would definitely like to try it out, but i’m not sure how to go about these challenges.

  • SkyNTP@lemmy.ml
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    1 year ago

    My first concern is that if the platform is open source someone can host a malicious version of it, where certain requests may be ignored (such as deletion).

    Just so you know, this is not a fefiverse specific issue. Third party websites have cropped up to scrape sites like Reddit and post archived versions of undeleted posts for decades. I’m not sure your concern relates to the fefiverse at all.

    • shagie@programming.dev
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      For one of the OG federated systems, 3rd party Usenet news cancellations were a thing that was dealt with back then too. Many sites not honoring deletion at all to try to stay out of the fray of different groups trying to censor each other (e.g. entities in China trying to cancel any post mentioning Taiwan). It was far easier to not honor deletion at all (or only from trusted spam canceling entities).

      This also touches on the “if deletion is honored, what stops a 3rd party from spoofing a deletion request of your content?”

      For a current instance of Usenet news and their cancel and supersede policy: https://www.eternal-september.org/index.php?showpage=faq#cancellock

      In general, our server does not execute Cancels and Supersedes. An article stored on our server can neither be deleted by a Cancel nor be overwritten by a Supersedes which means that an article deleted by a Cancel message on other servers is still available on our server (article is not deleted) and an article overwritten by a Supersedes elsewhere is available on our server in more than one instance (different versions of the article are not replaced).