Is ActivityPub leading the way to Web 3.0 

@maloki on stage.

Is ActivityPub leading the way to Web 3.0 

Web 2.0 and how things went wrong.

Internet with a modem was a completely different world. Web 2.0 is the road to Hell paved with good intention.

Web 2.0 was betting on community and user-generated content. In a capitalist society, someone had to pay, but people were not ready to do that, so that advertising became the main business model. People don't want to have to enter credit card details to connect to other people.

Show thread

Is ActivityPub leading the way to Web 3.0 

Who here uses an adblocker? (Everybody raises hand)

Show thread

Is ActivityPub leading the way to Web 3.0 

For a lot of services we're running now, the community is paying.

"I would like to argue the Web 3.0 is going to be about community and human connection and not profit."

Show thread

Is ActivityPub leading the way to Web 3.0 

Q: Can you talk about @florence-development

A: As a product manager it was difficult for me to get heard, so we forked the code, and we started to implement anti-harassment features. We're looking for funding to get developers paid...

Show thread

Is ActivityPub leading the way to Web 3.0 

Secure messaging is very important. Decentralized identities + a social component... We can replace Patreon...

Show thread

Is ActivityPub leading the way to Web 3.0 

(A European view... -- German) Secure messaging is something the State should provide. It's the State's decision to consider private, secure communication as a basic need.

Show thread

Is ActivityPub leading the way to Web 3.0 

I see Chris' vision of agency as something the State has to provide, then we can think about payment.

We have to be able to specify our agent's endpoint. Everything else should follow.

Show thread

Is ActivityPub leading the way to Web 3.0 

I am as fearful of surveillance capitalism but the companies doing massive surveillance are amateurs wrt what States are doing.

Show thread

Is ActivityPub leading the way to Web 3.0 

Q: Are there anything in your vision of Web 3.0 that we did not address?

A: Some of the tools we are missing is how to find our friends in a secure way.

Watch what works and help with that.

Show thread

The Semantic Social Network 

What is that? What's the relation to ActivityPub?

Semantic Data / Linked Data

Takes the example of touristic data. There are lots of data. Relational databases are not sufficient. Let's use a simple model: a a graph.

The graph allows complex questions such as "Show me all concerts that I can attend while on the Gourmet's Hike"

Graph uses triples: subject -> predicate -> object

Show thread

The Semantic Social Network 

Now we have a naming issue:

"Johnny Cash Live" and "Johnny Cash Concert" may relate to the same event, but it's not obvious.

We can use URLs to fix that. But then we lost the name, so we make it an object, with a 'has name'' predicate.

We can also use URIs to "name" everything. This flexible model is almost the Resource Description Format model.

We can also dereference things. Remote content can be referenced and provide more information. This is Linked Data.

Show thread

The Semantic Social Network 

Alyssa posts a note (from the ActivityPub standard examples). Let's see this as a graph...

Show thread

The Semantic Social Network 

E.g., a Create verb in AP is actually w3.org/ns/activitystreams/crea

In AP, the ActivityStreams context is implied (via the @context field)

Any remote content that is in some structured format (RDFa, JSON-LD...) can be referenced.

That's federation beyond ActivityPub.

This is interesting for semantic queries.

Show thread

The Semantic Social Network 

ActivityPub content is highly interlinked. You can think of the Fediverse as a distributed graph of interlinked content. Graphs can be traversed and queried in interesting ways.

There is no limit to the kind of data that can be created in a crowdsourced manner.

Open data sets are publicly available, so you can link to them. See "5-star open data".

Show thread

The Semantic Social Network 

Therefore ActivityPub data in the fediverse can take advantage of a large amount of semantic web tools used in research.

Show thread

The Semantic Social Network 

Q&A

The choice of JSON-LD was very contentious in ActivityPub. It's very good that you showed how to turn this into a graph.

Linked Data vs. Open Data

(hint: )

A graph is not necessarily public: you don't need to expose the graph. Use metadata...

Need for privacy vs. data availability

Timbl seems unaware of OCap concepts

Show thread

The Semantic Social Network 

JSON vs. JSON-LD... Can we make both communities happy?

The problem comes from extensions. Base vocabularies are easily used, but as soon as extensions are used, complication comes.

May I send a function to a graph using ActivityPub?

It's part of the .... Sorry couldn't hear the answer.

Show thread

Mitigating Spam and Abuse on the Fediverse! 

Serge Wroclawski on stage.

Show thread

Mitigating Spam and Abuse on the Fediverse! 

Spam and hate speech are bummers. Have fun. HAVE FUN!

This talk is meant to spark discussion.

Unwanted: abusive messages, follow spam, archive trolls, unsolicited commercial messages, untargeted hate speech on the global feed.

This is not a Fediverse problem, but an open communication system problem.

We cannot stop unwanted messages outside of our domain of control.

Show thread

Mitigating Spam and Abuse on the Fediverse! 

This is an old problem.

Email, Jabber, OStatus, phone calls, in-person jerks...

(illustration is Moses)

Sender authentication is essential, open relays are bad, requiring pre-established relationships does not work.

We need decentralized systems with no centralized moderator.

Show thread

Mitigating Spam and Abuse on the Fediverse! 

Patchwork attempts at solving the problem do not work.

Whack a mole...

We want to

Make it very easy to communication with people you know.

Add friction to unverified communication

Close open relay holes

Create tools to address smaller problems.

No silver bullet, but defense in depth.

Show thread

Mitigating Spam and Abuse on the Fediverse! 

Already works:

HTTP Signatures

Actor/Object validation by checking Object IDs

Hidden Follow/ing/ers collections

JSON Web Signatures for even more validation (future...)

Message filtering: we need a secretary, be able to control or bypass it if necessary.

Show thread

Mitigating Spam and Abuse on the Fediverse! 

OCapPub and True Names

Actors hide "true name"

Caps are simpler to implement than ACLs.

Caps offer additional benefits such as revocability and transferability.

(Did I mention gitlab.com/spritely/ocappub/ today?)

😎

Show thread

Mitigating Spam and Abuse on the Fediverse! 

Networks of consent

gitlab.com/spritely/ocappub/

This is a fundamental building block for future social networks.

Show thread

Mitigating Spam and Abuse on the Fediverse! 

Closing Message Relays with capabilities

MultiBox: shared inbox is a source of spam, explicit message delivery. Like Shared Inbox, without the spam.

Stamps? Shift the burden of cost from recipient to sender.

Content classification: snetiment analysis, bayesian filters, image classification, etc.

Show thread

Mitigating Spam and Abuse on the Fediverse! 

Contextual Message Delivery

Caution falling cows

People handle messages better if they're warned in advance.

OCapPub -> Priority Inbox (got caps?)

OCapPub -> Stamp? -> HTTP Sig? -> Object validation? -> Content Filtering? -> Some other Inbox

Show thread

Mitigating Spam and Abuse on the Fediverse! 

Managing Community Instances

How to handle abusers?

Caps?

An escrow system?

Let's cooperate! We need new ideas from everyone

Multilayered approach

Based layers OCapPub, MultiBox, Stamps

Additional tools> Content Classification, Multiple Inboxes

Better tools for Fediverse operators

Show thread

Mitigating Spam and Abuse on the Fediverse! 

Q&A

A note about "True names": it's a wrong term to use coming from fancy literature.

The human factor: why not human moderators?

They don't scale.

Developers don't either?

But developer time to execution time is constant, so it can serve millions.

What about a moderation service then?

Interesting idea, to be explored.

Check out @librelounge !

Show thread

Decentralized Hashtag Search and Subscription in Federated Social Networks 

@schmittlauch on stage.

Show thread
Follow

Decentralized Hashtag Search and Subscription in Federated Social Networks 

Importance of hastags

(Pssst, it's not 😜 )

Hashtags are used for marking posts about certain topics or events.

Decentralized Hashtag Search and Subscription in Federated Social Networks 

Oops, it happens that a single user instance does not get the whole hashtag feed from a large instance...

Fragmented view!

The incentive then is to "recentralize" so that hashtags yield better results.

Not good.

Show thread

Decentralized Hashtag Search and Subscription in Federated Social Networks 

Current solutions:

Mastodon PubRelay or Pleroma lite-pub relay. But SPOF and SPOA (single point of authority).

Huge load on small instances, only accessed after initial subscription.

D* SocialRelay

Show thread

Decentralized Hashtag Search and Subscription in Federated Social Networks 

System Architecture goals

relay and subscribe: to all public posts of a hashtag

store and query: retrieve 1 year of history without subscription

fully decentralized, no SPOA

Show thread

Decentralized Hashtag Search and Subscription in Federated Social Networks 

Let's add a DHT based on Chord to distribute responsibility for tags among instances

The Distributed Hash Table is distributed, super efficient for key,value lookups, and no authority needed.

Technically, a modular ring where keys and nodes share the same namespace. Each single node maintain nodes to the node which is responsible for keys to the power of 2. There's logarithmic complexity to lookup.

Show thread

Decentralized Hashtag Search and Subscription in Federated Social Networks 

Keyspace = 2 ** 256 with 256 bit long IDs

Lifecycle of posts

1. publishing instance looks up responsible relay instance on DHT for each included hashtag

2. sends post to that relay

3. realy instance looks up responsible storage node in DHT

4. rekay instance verifies incoming post's sig, then relays post URI (ID) to all subscribers + storage node

5. subs can retrieve the full authenticated post from received post URI

Show thread

Decentralized Hashtag Search and Subscription in Federated Social Networks 

node ID deterines set of hashtags handled by instance

For security reasons node must not choose their IDs freely: you don't want a node to take over a hashtag and respond there are no replies there...

Can instances be overloaded by their assigned hashtag posts?

Distribution of posts per tag... Load balancing of hashtags between nodes: k/choices algo, virtual nodes, etc.

Show thread

Decentralized Hashtag Search and Subscription in Federated Social Networks 

Redundancy

Useful to avoid overloading instances

Show thread

Decentralized Hashtag Search and Subscription in Federated Social Networks 

Social Considerations

Do we want global hashtags in the ?

Positive potnetial vs. negative

Show thread

Decentralized Hashtag Search and Subscription in Federated Social Networks 

Technical Considerations

intended as opt/in, domain/based push federation still better for user subscriptions

...

how to integrate to ?

Show thread

Decentralized Hashtag Search and Subscription in Federated Social Networks 

" Let's talk about the elephant in the room " (shows a mastodon 🤣 )

Node ID assignment...

Current NodeID derivation takes first 64 bits of IPv6 address... Problem is Mastodon.host and Cloudflare ...

Cloudflare acts as a MITM. Not good for a decentralized system!

Security considerations:

attacker should not be able to gain responsibility for certain hashtags

...

Toooooo fast.

git.orlives.de/schmittlauch/pa

Show thread

OSS Compliance with Privacy by Default and Design 

@redchrision on stage.

Show thread

OSS Compliance with Privacy by Default and Design 

What did it change? !

- Legal and compliance governance: privacy strategies, accountability, lawfulness, policy making, auditing

- Data collection and lifecycle: purpose limitation, data minimization, transparency

- Tech: handling of data breaches, encryption solutions, privacy by design and by default

What GDPR does not do: how to make yourself compliant?

Show thread

OSS Compliance with Privacy by Default and Design 

GDPR does not have a standard of a system of certification. It does recommend best practice in some sectors of activity.

There's no GDPR compliance as such.

Show thread

OSS Compliance with Privacy by Default and Design 

Fines so far

- Coerced consent from data subjects: datamarketing, promotional email

- Data security areas> leaks, breaches of confidentiality, availability, integrity

- Video surveillance / CCTV

About 100,000 complaints so far

Show thread

OSS Compliance with Privacy by Default and Design 

(Shows older statistics regarding data insecurity)

Show thread

OSS Compliance with Privacy by Default and Design 

The model of controllers and processors

Controller determines the purpose and the means of processing.

The Processor is a third party that processes it on a controller's behalf.

They "sign" a Data processor agreement (DPA): you can act as a controller and processor at the same time depending on how the personal data gets handled.

Show thread

OSS Compliance with Privacy by Default and Design 

Google is responsible for the processing that it carries out of personal information which appears on web pages published by third parties.

Google is a controller, not a processor, according to the European Court of Justice in Google Spain and Google Inc. vs Mr. Gonzales

Show thread

OSS Compliance with Privacy by Default and Design 

The OSS model

The OSS community
- data subjects
- enforced rights on their personal data

The "infrastructure providers" (controllers & processors)

-> This has to be specified on a case by case basis

Show thread

OSS Compliance with Privacy by Default and Design 

The case of Github

- controller of the public data on your free account

- processor of your invoices

Show thread
Show more

Decentralized Hashtag Search and Subscription in Federated Social Networks 

@how it's #ActivityPubConf for accessibility reasons, so it's easily read be a screen reader and you're able to understand what it means.

#APConf means nothing when read by one.

Sign in to participate in the conversation
Une fois pour TOOT! A Mastodon in Brussels

Une fois pour TOOT !

This instance is provided by Petites Singularités ASBL for like-minded people in Brussels and elsewhere.

We speak English, French, Dutch.

P.S.: works with free software and grassroots activists across disciplines, ranging from agro-ecology to cartography, libre aesthetics & ethics, (self-)organization & policy.

Discuss this on ps.zoethical.org.

Support this instance

Donate using Liberapay

Send donations to IBAN BE16 3630 1548 4674 (Petites Singularités ASBL) with mention ps.s10y.eu (and your name if and only if you want to be credited): we publish donations as we receive them, and expenses. Yearly service is expected to cost ~ 150 € (without sysadmin expenses.)


“We've got to fight the government, fight the oligarchy, fight capitalism, be internationalist and fight the empire because it's the best hope to enrich hundreds of millions of lives, and build towards a truly equitable future.”
— Abby Martin

Norms

  • Use English, French, or Flemish on this instance. Other languages will be excluded.
  • Be excellent to each other! We reserve the right to ban anyone who doesn't comply.
  • Fight the power!

Break in Case of Emergency

If you have any problem with someone on this instance, thank you to flag messages appropriately and contact the staff.

As this is a federated network, we expressly forbid contents such as: spam, pornography without NSFW tag, hate speech, racism, sexism, consumerism, corporatism, and nationalism.

Your Friendly Staff

@how, @natacha.