path: root/content/articles/mastodon-activity-pub.md

---
title: "Mastodon and  ActivityPub"
categories:
- article
abstract: Digging into Mastodon and Activity Pub
date: 2023-06-09T21:16:39+02:00
year: 
draft: false
tags:
- Mastodon
- ActivityPub
- W3C
- Social-Media
---
After lengthy deliberations, I joined Mastodon. This website still has an auto-posting account on Twitter[^twitter], but I don't read anything there. Mastodon, on the other hand, is an open-source set of communities without Elon. May be interesting
[^twitter]: [Michal Sapka's blog on Twitter](https://twitter.com/d_s_blog)

I was not sure which instance I wanted to join, but in the end, the list was limited to:
https://bsd.network/
https://emacs.ch

The question was, am I more of an Emacs type of person or more of a BSD one? Well, I spend hours in Emacs daily, and I tinkered with it much more, so without further delay, you can find me under

https://emacs.ch/@ms

However, I am still against social media, as it warps the mind and steals time. I don't want Mastodon to take too much of my time and mind, so I have decided:
- I will not use Mastodon on mobile
- On the desktop, I will use it via an Emacs package[^emacs]
- I will regularly evaluate if I get anything valuable from this service.
[^emacs]: [mastodon.el code repository](https://codeberg.org/martianh/mastodon.el)

For now, you can find me there, and I will respond to messages. We will see what the future brings. 

This is also an excellent opportunity to learn about the underlying technology.

### What is a Mastodon?

Mastodon is a decentralized social media platform. Instead of a central server (think twitter.com), anyone can spin up their Mastodon instance. You can easily create one for bread bakers, Emacs users, or your neighborhood.

What is cool and what makes Mastodon interesting is the fact that a user exists on a given instance (like me on emacs.ch), but he can follow and communicate with any other user having an account on any other server (like Ruben on bsd.network[^ruben])
[^ruben]: https://bsd.network/@rubenerd

This intercommunication is called **federation**. In fact, Mastodon can communicate not only with other instances of Mastodon but any other service implementing ActivityPub standard[^activity-pub]. Such services are sometimes referred to as *fediverse*[^fediverse]/
[^activity-pub]: [W3C ActivityPub Standard text](https://www.w3.org/TR/activitypub/)

[^fediverse]: There's even a [website](https://fediverse.party/) listing  services on the Fediverse.

Yeah, open standards!

Though it's worth mentioning that in its current form, Fediverse is dominated by Mastodon.

### Activity Pub

ActivityPub is a protocol for decentralized social networks based on ActivityStreams vocabulary and syntax[^activity-streams] supported by W3C organization.
[^activity-streams]: [W3C Activity Streams 2.0 standard text](https://www.w3.org/TR/activitystreams-core/).

The standard defines two layers:
1. A server-to-server protocol. This is what makes the federation work, as it allows instances to exchange data.
2. A client-to-server protocol. This, on the other hand, allows a client application, be it web, mobile, or Emacs, to communicate with the server so a user can actually use the service.

An implementation may support one or both of those layers so that we may create a complete set of a server with a UI, but it's also completely valid to have an entirely automated instance without any human interaction.

I won't dissect the entire standard; I only want to grasp the general mechanics.

#### Actors

In ActivityPub, a "user" is represented as an Actor on a given server. The same person may have identical accounts on multiple servers, but each of those accounts is a separate Actor[^impersonation]
[^impersonation]: I have yet to learn about any mechanism preventing abuse here. Anyone can create an account with the same username on a server I don't use and pose as me. Some Web of Trust here would be very beneficial. 

Servers in ActivityPub communicate via simple REST requests. 

Each Actor has unique endpoints representing:
- an inbox
- an outbox

#### Delivery

When a User wants to send a message to the world:

{{<svg-full-width "activitypub-w.svg" "Public message sendout">}}

1. User A's client sends a POST message to their own outbox. The message has left the client and is ready to be delivered to a different server.
2. Any server can call the outbox with a GET request. This is how public messages are delivered between servers.
3. Users on that server can then read the message in their own inbox.

When User A wants to send a message to User B:

{{<svg-full-width "activitypub-pm.svg" "Private message exchange">}}

1. User A's client sends a POST message to their own outbox. The message has left the client and is ready to be delivered to a different server.
2. User A's server sends a POST message to the inbox of User B. The message is delivered to the Actor.
3. User B can then call GET on their inbox to read it. The message is delivered to a Client.

Those requests are authenticated as a given Actor so that we can read only messages addressed to this user. The messages are addressed via "collections" - an Outbox is a collection, an Inbox is a collection, or a follower list is a collection.

The server knows who a given Actor is following, so only messages accessible by any user on this server will be fetched. 

There is also a special "Public" collection, void of permissions. Any user on any server can fetch any message sent to "fPublic" without any authentication. This is how federated messages in Mastodon are propagated - someone follows a user on a different instance, so the person's server knows about the outbox collection and can fetch messages. Since it's aimed at the public, it will be available to each user on this server.

We now know how private and public messages are propagated.

### Activities

Outbox and inbox don't contain the messages, but rather *Activities*. An activity is a request to Create a message, Edit it, Delete it, and so on. This mechanism allows users to edit their messages; in time, all servers should display the latest version.

### Impressions

ActivityPub is interesting as it allows for a decentralized social network closer to how Email works than something like Twitter. However, with this comes two downsides:
- Chattiness between servers. So many requests!
- Disregard for space. Servers contain copies of messages. With thousands of users, this may become a problem.

There's much more to unpack here, but this is something for people developing software using ActivityPub. I am not yet one of those brave folks.