This is a draft of what I'll hopefully be submitting to Rebooting Web of Trust. If anyone would like to take a look, constructive feedback welcome:

@emacsen Hey, thanks for putting this all down on paper! some thoughts:

- I don't understand what ocap inboxes achieves over the current ability of moderators and users to block individual actors. how does this meaningfully improve spam-fighting abilities?

- You mention two methods for "Closing the Relay Hole", which both seem very similar to the discussion on You seem to gloss over the backwards-compatibility issues though—have you put thought into how you would implement this?

@emacsen A couple of your proposals seem like they would limit too much—the pet names proposal seems to boil down to "don't allow replies from people who don't follow or aren't followed by people you follow or are followed by", which seems like it would basically get rid of the local and federated timelines and any interaction on those timelines.

@emacsen one note about the "Bounce Messages" thing is that nearly many activitypub implementations process activities asynchronously in some sort of job queue, so it's impractical to expect them to be able to provide a synchronous error message (which is why mastodon uses 202 Accepted as our status code when processing activities)

@emacsen I think there's a small modification of this that recommends a "postback" Reject activity to the actor's inbox when an activity is rejected, but that also has downsides, such as DDOS amplification.


@nightpool Concerns about callbacks and DDOS is exactly why I didn't suggest it.

@emacsen ah, that's interesting, I hadn't gotten to that section. That seems like a big deviation from "standard" activitypub and i'm not sure that it's going to be effective in practice (it creates a lot of busywork for both delivering and receiving servers in exchange for a very marginal benefit in the case where a message is rejected). but it's a really interesting idea!

@nightpool You're right that it's a big deviaition, but my concern is that at least in email, some of the time I know why my message was rejected.

"My DNS is broken" "I'm on a blacklist" "My HELO is reporting something wrong." etc.

That doesn't address everything, eg if a message happens to be caught up in some spam filter, but works sometimes.

What happens when we start tightening up our AP delivery? Will messages be silently dropped? I'd love if we could avoid that.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!