I have a 1hr talk on the past, present, futures of #ActivityPub last week. Here is a recording.


@bengo great! I am going to watch it today. Wasn't aware you were presenting or might have joined. Was this part of larger event?

@bengo hey, I really enjoyed this presentation! Very well done, and I can really recommend others to spend an hour and learn about the interesting history and futures of #ActivityPub

cc @cy you may like this for background info, as well as reflections of Christine Webber and Amy Guy after the specs became final in:


Hi @bengo Thanks for that Talk.

Concerning what you say about minute 55-56, have you had a look at ZOT and its projects Hubzilla and ZAP/Streams ?

What you are looking for is called "nomadic identity" and is used in praxis very well for by this projects since years. Have a look



@Nachbarschaft I always have to point out that public keys are the ultimate nomadic identity. With a digital signature, you can switch servers transparently and automatically, and all your followers can be sure they still have the same person. It works even if your old server already banned you, deleted any attempt to tell your friends of your new server, or had a catastrophic hardware failure.


sure - sounds good to me...

"nomadic identity" is no voodoo

but reality for Hubzilla / ZAP / Streams ... and as understand now also a part of AP

Have you tried it?
What do you think of it?

@Nachbarschaft Oh right, sorry I didn't mean to imply Hubzilla didn't use public key identities. (They call them "channels.") I just think it's an awesome way to do nomadic identity, that I really wish the Fediverse could do.

@Nachbarschaft Though I think Hubzilla has a crappy unsigned client API too. So you need to be able to run your own instance, or "hub" as they call it. I can't read the code well enough to tell, but is it possible to run a hub without DNS, port forwarding, and a signed SSL certificate? That is, can hubs only connect to other hubs, rather than requiring others to connect to them for certain things, like the Fediverse does?

@Nachbarschaft Ideal would be if you can run a hub, then post a message about a second publically accessible hub where people can reach you. Then that hub would sync with your primary hub, whenever you started it up and connected to the secondary one.
Like Scuttlebutt's "pub" record.

@Nachbarschaft Nah, it looks like Hubzilla requires that you have a DNS record, and an SSL certificate, and an always-up server, and nginx, and the ability to configure nginx to proxy through Hubzilla. So nomadic identity is kind of a lie.

@cy @Nachbarschaft
:blobcatthinkOwO: an opportunity to insert myself

nomadic identity in zot (hubzilla's protocol) means basically that you are identified like in PKI but your secret key is put on consignment with a hub server to be able to sign responses and such. so the hubs do have to be generally available and there really isn't a way to deregister from a hub other than trusting they delete the keys. however you can have the keys on multiple hubs and if one dies or tries to ban you then you can send requests from a new hub and--since the crypto keys are the same--everyone just kind of updates their pointers of where you live right now to the new hub.

it's kind of how wireguard sends packets to the last address that gave it a signed packet so it supports hopping connections because it just updates what it thinks your home is.

@icedquinn @Nachbarschaft
> however you can have the keys on multiple hubs
> the same private key, unencrypted, on multiple computers
> mutiple remote servers you do not control


@icedquinn @Nachbarschaft
< ( What's this? A user doing something I don't agree with? I think I shall ban them, and silence them forever! )
( Ha ha, that's what you think! I have sent my private key to four other servers, so I will not be silenced! ) >
< ( Also I'll reveal their private key so anyone can make them post loads of gore porn. )
( ....shit ) >

@cy @Nachbarschaft i guess its not more of a disaster than existing federated login systems (everyone oauth'ing their gafam accounts.)

@icedquinn @Nachbarschaft If only you were allowed to create a digital signature, and not have a gimpy crap client full of crap, then you could sign the hub's public key saying "These guys can make me post loads of gore porn—I mean are totally trustworthy to speak for me." That signature would be just as good as sending your private key, without the catastrophic security failure.

@icedquinn Oh yeah, Cloudflare really love SAML, because you don't control your own keys. You ask an "identity provider" to give you signatures. (aka Cloudflare)
This when computers have been capable of making their own digital signatures for like 40 years...

@icedquinn @Nachbarschaft @cy at least if the user chooses to do oauth for everything through a single provider with no fallback it was their own poor decisions that bit them in the ass as opposed to the design of the software itself :02_shrug:

related, is it possible to use pleroma as a provider for other unrelated services? would be neat

@roboneko Well, their own poor decisions and all the propaganda that lied to them and assured them it was totally fine, accepted by all, would lead to no regret whatsoever, and anyone who tried to warn them differently was just a crazed lunatic who should be disregarded, and also immature.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!