undefined | Better HN

0 pointsapitman11mo ago0 comments

> if you want to have comments or backtracks, you can do it with ActivityPub without having people signing up to your site (directly or through some OAuth system)

You can do the same thing with RSS+We mention, which is a way simpler stack and predates ActivityPub by years

0 comments

rglullis11mo ago

Webmentions are a spammer's wet dream. There is a reason they were adopted only by the Indieweb crowd.

Anyway, my point was less "ActivityPub can do everything people can do with RSS" and more "having a mechanism to for bidirectional authenticated messages opens up the possibility of new applications".

The real interesting part will happen when/if more developers realize that ActivityPub can do more than "federated versions of popular social media platforms".

apitmanOP11mo ago

I might be misunderstanding what you're saying here. How is ActivityPub more authenticated than Webmention? WM requires the poster to host their content on a website. This is exactly what the AP spec says to do. Now, since the spec was published, most AP implementations also support HTTP signatures[0], but this doesn't provide additional guarantees that you can't get with WM. The authentication is still tied to a URL.

As far as spamming goes, I don't see how WM is any worse than AP. In both protocols your only options are passlists and/or blocklists.

[0]: And an old version that doesn't have an official spec. ActivityPub's issues with spec stagnation and de facto standards is a whole other thing.

johnmaguire11mo ago

I haven't dug into these, so apologies for the naive question, but for a multi-tenant service like WordPress.com, can you effectively limit which WordPress blogs can WebMention you? If the allowlist is formed on the domain, this seems limiting.

Perhaps more advanced URL regex can achieve more fine-grained control but I do still see advantages in pubkey auth (especially if people want to move their content.)

Still, I do find myself wishing for a lighterweight-than-ActivityPub middleground.

2 more replies

freosam11mo ago

Spammers would have to host a page (permanently) that links to your post, and even then they don't get to control what (if anything) from that page gets displayed on your site.

I guess one danger is that they only serve the page that contains your link to the webmention-validating request. That way they get a backlink but don't have to keep a public outgoing link. They'd have to know that a given request is that validation though, and I'm not sure that'd be very easy.

j / k navigate · click thread line to collapse