In response to Bray’s toot, Evan Prodromou — one of the creators of ActivityPub, who is currently writing an O’Reilly book about the protocol — noted that this “is also the argument for using the ActivityPub API.” He described the API as “an open, extensible API that can handle any kind of activity type — not just short text.”

This gets to the nub of the issue. The fact that I can’t use my Mastodon identity to, for example, sign up to Pixelfed is not actually an ActivityPub issue — it’s because the two applications, Mastodon and Pixelfed, each require you to create an account on their respective products. What Prodromou is suggesting is that, technically, you can use the ActivityPub API for account access.

  • Rottcodd@kbin.social
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    8 months ago

    No, it’s not the same.

    You’re only describing what would happen at the instance level, and skipping over the fact that the whole thing hinges on your identity on each and every instance actually being one and only one identity that would reside in one particular place. It would actually exist on, and be federated from, one particular server somewhere.

    What that means, and the part you’re leaving out, is that whoever controlled that server would control your access to the fediverse as a whole - not just on one particular instance, which is the reality with instance-specific identities, but on all instances of all services.

    The only way to avoid putting control over your access to the fediverse as a whole in the hands of one company would be to maintain your server on your own hardware, and as the article itself notes, most people can’t or won’t do that. So most people will end up with their identity on all instances of all services under the control of one specific company. Which is very much NOT the case now.

    Now, if someone wants to somehow use their control over my fediverse access for some self-serving purpose - either maliciously or simply as a goad with which to extract profit from me - they’re necessarily limited to one identity on one instance of one service because that’s as high as it goes. They might, for instance, hijack or disable or demand a subscription fee for access to my .world identity, which resides on .world’s server. All that would mean to me though is that that one particular identity on that one particular instance would be compromised. I could still access the fediverse, and even access .world, just by coming in through my kbin identity or my lemm.ee identity or my .ml identity or whatever, since all of those are out of their control.

    With this scheme, if someone wants to use their control over my fediverse access for some self-serving purpose, they have one specific place to do it - at the one specific server on which my identity is hosted and from which my identity is federated. With one move, they could hijack or disable or restrict extort payment for my access to ALL instances of ALL services, all at once.

    Again, that is very much NOT the case today.