One Login: Towards a Single Fediverse Identity on ActivityPub

In response to Bray’s toot, Evan Prodromou — one of the creators of ActivityPub, who is currently writing an O’Reilly book about the protocol — noted that this “is also the argument for using the ActivityPub API.” He described the API as “an open, extensible API that can handle any kind of activity type — not just short text.”

This gets to the nub of the issue. The fact that I can’t use my Mastodon identity to, for example, sign up to Pixelfed is not actually an ActivityPub issue — it’s because the two applications, Mastodon and Pixelfed, each require you to create an account on their respective products. What Prodromou is suggesting is that, technically, you can use the ActivityPub API for account access.

PiratePanPan,
@PiratePanPan@lemmy.dbzer0.com avatar

No, thank you. I prefer having 25 different Fediverse accounts despite them all being able to communicate with each other and 10 Mastodon alts because I didn’t like my instance.

Xeroxchasechase,

But you could still have it. For me it’s really discouraging to have a different profile for each service on each server

cooopsspace,

You forgot the “/s”

kindenough,
kindenough avatar

Yeah I wondered how I could register the same username for kbin social and kbin earth. Which Rick am I talking to? The pickle one? Anyone can assume your identity

Blaze,

Email works the same. rick@gmail.com and rick@outlook.com are probably different people

Flax_vert,

Or @rick on twitter and @rick on Instagram

flamingos,
@flamingos@feddit.uk avatar

“ActivityPub’s API is how client applications interact with the data on a user’s main account server. It lets the user read data on the same or other servers, and it lets them create activities and other kinds of objects on that server that get shared (under the user’s control) with the rest of the world.”

I can’t see how Apub’s C2S API can realistically be implemented. It’s fairly light on details and if I’m understanding it correctly the only standard way to get activity from the server is to pull from an actor’s inbox, which has to be an OrderedCollection of all the activity the actor has received (likes, notifications, posts, the lot). This shifts a lot of the work to clients which, apart from being being very classist, is very limiting for implementations.

Pieresqi,

Wow, can’t wait to get banned in 1 instance and that ban cascading to federated fediverses(?) (through fediverse ??) and getting banned everywhere.

warmaster,

How about?:

Fediverse > Fedigalaxy > Fediplanet > Fedicountry

ActivityPub > Platform > Instance > Community

Plopp,

I prefer:

Fediverse > Fedichorus > Fedibridge > Fedichorus

brbposting,

I think power users might reject it just as we shy away from “login with Google.”

Love it for normies though. Reducing barriers here is huge.

GreatAlbatross,
@GreatAlbatross@feddit.uk avatar

If any federated banning networks do pop up, I’d expect them to form groups, with different groups having different standards. And the idea being that if someone’s banned from one place with similar standards, the rest of the group probably wouldn’t welcome the content.

It’ll come down to places and groups being reasonable, and not banning for stupid reasons (at least by that group’s standards). And if they are unreasonable, it’ll reflect on the group, as nobody would bother posting to those instances any more.

And in a way, the ultimate “ban” will be with the host instance, similarly to email.
An admin at lemmy.world might get a report that an account is spreading csam links everywhere, and to consider banning them, for example.

Rottcodd,
Rottcodd avatar

Serious question - why is this considered a problem? I don't get it.

It doesn't seem to be for convenience, since you'd still have to sign up for and sign in to different sites separately (which is obviously unavoidable - the alternative would be centralization, which is exactly what we're trying to get away from).

Is it an ego thing? So that people can conveniently establish a sort of identity brand in the fediverse? Is it all about accomodating would-be influencers?

Or is it some sort of psychological thing? Like people just feel uncomfortable with separate identities spread around the fediverse? Like they're somehow disjointed and fragile?

I can't make sense of it. I have easily a dozen accounts spread around the fediverse, mostly but not all under the same name, and I have no issue with that. I don't see a problem that needs to be solved. To the contrary, if anything, I'm wary of the idea of consolidating them - that just feels too much like moving back to centralization, just by a different scheme.

I just don't get it.

bobbytables,

I think it is a convenience thing first and a privacy thing second.

Convenience as in: just look how successful “log in with Google/Apple/etc” is. Just imagine you go to a fediverse site, click “log in with ActivityPod” and you don’t need a new password, a new user name, no email back and forth for confirmation etc etc.

Privacy would also increase because you could control every aspect of you identity and what you want to share with a service. It could be a little as just your user name or as much as you want.

With a well made concept like this you could almost carelessly hop from service to service, test the waters here or there, and never have the hassles of creating new accounts.

1984,
@1984@lemmy.today avatar

Creating different accounts is the only way to have privacy in the first place. Different logins makes you look like you are different people. Which is the point.

Rottcodd,
Rottcodd avatar

Just imagine you go to a fediverse site, click “log in with ActivityPod”

It makes me nauseous just thinking about it.

That's where the whole thing went wrong. When things started getting centralized, the internet started turning into a walled, commodified, ad-infested, bot-generated shithole controlled by a handful of loathsome megacorporations.

That's exactly the sort of shit I want to get away from, and I rhought that getting away from that sort of shit was the exact point of ActivityPub.

Privacy would also increase because you could control every aspect of you identity

I don't think that's true.

I see no possible way that a centralized identity can be more private that an array of separate ones. And rather obviously, with a centralized identity, you don't control every aspect of it, because it's an established fact - when you go to a new site and sign up with that identity, it is exactly and only what it's already been established to be, and it's immediately tied in with all the others that use the same identity.

On the other hand, when I go to a new site and create a new identity from scratch - one that only exists on that site - I actually do control every aspect of my identity. It's whatever I make it right there on the spot, and it shares exactly as much or as little detail with my other identities as I want it to.

Granted that I'm very cynical, I just can't escape the feeling that all of this is cover for the real goal, which is simply to centralize the fediverse, so that a new group of opportunists can squat on top of another piece of the internet and extract rent from ir. We're being told that this "problem" needs to be "solved" because "solving" it will, so they hope, create the next Google.

kernelle,

You’re going to love SolidPods, honestly. From the website:

Solid is a specification that lets individuals and groups store their data securely in decentralized data stores called Pods. Pods are like secure web servers for data. When data is stored in a Pod, its owners control which people and applications can access it.

I see no possible way that a centralized identity can be more private that an array of separate ones.

Check out the specifications as well, using Pods you could have seperate accounts on every platform linked only by the ability to login using your Pod.

Rottcodd,
Rottcodd avatar

"If you're thinking of taking the tribe cross-country, this is the automobile you should be using - the Wagonqueen Family Truckster!"

kernelle,

convenience thing first and a privacy thing second

This is convenience and privacy, with a SolidPod you decide who stores the data. It could be you, it could be any federated instance, but that data is encrypted and you decide which application can use which data. They use a WebID (see this as a hash of your unique profile) to identify the user and this would be the only data that is shared between you and any federated instance.

nucleative,

I thought it was so that if you build a following, and then decide to change instances, you keep the followers?

Perhaps I’ve missed the point too.

GlitterInfection, (edited )

Nothing about this idea implies centralization. There is no reason identity has to be tied to the platform using the identity and no reason why there needs to be a central identity store.

In fact, right now my identity IS centralized to lemmy.world and I have no control over that.

Your solution to create as many identities as you want is great for avoiding having one identity, but not an example of decentralized identity.

I would like to be able to have multiple, decentralized, identities.

Rottcodd,
Rottcodd avatar

Nothing about this idea implies centralization.

It's a single identity that would be used to log in to all relevant sites. How is that not "centralized?"

There is no reason identity has to be tied to the platform using the identity

The reason I prefer that is that then that identity is specific and limited - it's not me on all sites, but just me on that site. Me on another site is an entirely separate identity.

...and no reason why there needs to be a central identity store.

But with this, there is, for all intents and purposes, a central identity "store." That's how it would work - I provide whatever ID is used as a trigger and then the site would access "my" "store." And presumably that would be an ongoing process, since another of the things that's being floated is the ability to essentially federate all of my content across instances.

And all of that is going to have to be hosted somewhere, and if I don't use my own hardware, then it's going to be hosted on someone else's hardware, and that means that they - not I - ultimately have control over it. Sure, they can promise that I maintain full control, but that can, as has happened far too many times in the history of the internet, just be a lie.

Granted that that's the case currently too, again, it's decentralized. Each individual instance just has control over my identity on that instance - not over my identity fediverse-wide.

In fact, right now my identity IS centralized to lemmy.world and I have no control over that.

Only your lemmy.world identity, which isn't you.

Is that the part I'm missing? I still don't understand what the supposed problem is in the first place. Is it that you feel that your lemmy.world identity is in fact "you?" Like that particular online identity is identical to your actual real world self, so not being able to use one and only one identity throughout the fediverse is existentially unsettling?

I'm still trying, and failing, to understand how this is a supposed problem in the first place.

Anyway, only your lemmy.world identity is (by a stretch of the term) "centralized," and only to lemmy.world, and I guess to whoever it federates with. But that's not you - that's just one internet handle, for one site.

And the worst that can happen is that lemmy.world does something shady, in which case you can just create another identity at another site. And that last, as I understand it, was always the central point of decentralization - to make it so that harm that might be done was limited to only the one instance on which it was done, and couldn't permanently harm the broader fediverse or an individual's access to it.

Having one central identity though means that any harm done to or through that identity is done throughout the fediverse, and to the affected individual on all instances. That seems like a recipe for trouble, and seems to be directly contrary to the ideal of decentralization.

Your solution to create as many identities as you want is great for avoiding having one identity, but not an example of decentralized identity.

How is it not? My identity on the fediverse is spread around multiple accounts on multiple instances. That's about as "decentralized" as it gets.

Yes - each identity is tied to a specific instance, so can be said to be "central" to that instance, but again, all that means is that that one instance can potentially cause me harm on that one instance. The rest of my identities are out of their control.

So with this single identity scheme, imagine that it's somehow compromised or violated or held for ransome or whatever. That affects every single individual account I have throughout the fediverse. While with the way I currently do things, all it could ever do is affect the one account I have on one instance, and dealing with it would be just as easy as avoiding or closing that account. All the rest of my accounts, and my fediverse access broadly, would remain entirely unaffected.

How is that not the better alternative, and much more to the point, more in keeping with the ideal of decentralization?

GlitterInfection,

Imagine if login was a federated feature in lemmy.

What this would mean is that I could go to lemmy.ml and login using my lemmy.world account credentials and people from lemmy.ml could go to lemmy.world and log in using theirs.

Neither could go to beehaw and login because it does not federate with the two of them.

In this world I could create an identity on lemmy.world and a separate identity on lemmy.ml if I wanted to.

Now imagine if I could login with my lemmy.world account on a non lemmy platform that lemmy.world federates with.

There’s nothing centralized about this, and it is exactly in the spirit of everything else in the fediverse. To login on beehaw I would have to create an identity on beehaw or someone they federate with.

What you seem to be against is forcing you to have only one login. That does go against the model we are talking about.

And it isn’t what’s being suggested.

Rottcodd,
Rottcodd avatar

What you seem to be against is forcing you to have only one login. That does go against the model we are talking about.

And it isn’t what’s being suggested.

Yes - that isn't what's being suggested. And that's entirely irrelevant.

The correct way to measure the threat a proposal poses isn't by what's specifically being proposed, but by what the proposal, if enacted, carries with it - what it necessitates, implies or even just allows.

As I mentioned before, and this seems to me to be the biggest potential threat vector, unless people host their identities on their own hardware, that information is going to be on someone else's hardware. And that's not going to be a charity - it's going to be a business, that's going to profit off of it somehow. If this proposal goes through and is relatively widely adopted, there will one day be an industry leader in the identity-hosting business, and that company will have leverage over the fediverse as a whole. And at that point it would be easy enough for them to, for instance, strike a deal with the biggest instances so that the instances, in the name of security or convenience or whatever might suffice, only accept registrations through that particular service.

I'm not saying that that will happen - only that it could. And that's enough, in my estimation, to make it a bad idea, because if the history of the internet has shown us anything, it's that if there's a way for someone to control something and profit off of it, someone will control it and profit off of it, and the original proposal that made that possible doesn't mean a damned thing.

GlitterInfection, (edited )

You are describing the current situation in the fediverse, not a problem caused by the idea proposed.

Allowing for federated identity would also imply allowing migration of identity, which wholly prevents what you just described.

The current system is guaranteed to have larger instances where people won’t want to leave because doing so abandons your identity.

If I could move around the fediverse freely I would do so, but that is not a feature that is supported so I stick to the largest instance which happens to be the one I chose. I am not unique in this. Obviously, or this instance wouldn’t be so large.

Offering federated identity is only a better situation than today.

Rottcodd,
Rottcodd avatar

No, it's not the same.

You're only describing what would happen at the instance level, and skipping over the fact that the whole thing hinges on your identity on each and every instance actually being one and only one identity that would reside in one particular place. It would actually exist on, and be federated from, one particular server somewhere.

What that means, and the part you're leaving out, is that whoever controlled that server would control your access to the fediverse as a whole - not just on one particular instance, which is the reality with instance-specific identities, but on all instances of all services.

The only way to avoid putting control over your access to the fediverse as a whole in the hands of one company would be to maintain your server on your own hardware, and as the article itself notes, most people can't or won't do that. So most people will end up with their identity on all instances of all services under the control of one specific company. Which is very much NOT the case now.

Now, if someone wants to somehow use their control over my fediverse access for some self-serving purpose - either maliciously or simply as a goad with which to extract profit from me - they're necessarily limited to one identity on one instance of one service because that's as high as it goes. They might, for instance, hijack or disable or demand a subscription fee for access to my .world identity, which resides on .world's server. All that would mean to me though is that that one particular identity on that one particular instance would be compromised. I could still access the fediverse, and even access .world, just by coming in through my kbin identity or my lemm.ee identity or my .ml identity or whatever, since all of those are out of their control.

With this scheme, if someone wants to use their control over my fediverse access for some self-serving purpose, they have one specific place to do it - at the one specific server on which my identity is hosted and from which my identity is federated. With one move, they could hijack or disable or restrict extort payment for my access to ALL instances of ALL services, all at once.

Again, that is very much NOT the case today.

gregorum,

A “portable identity” or account that one could use between federated services would be pretty spiffy.

Blaze,

Thanks for sharing

Josselin,

If we have that, we have millions of users.

Emperor,
@Emperor@feddit.uk avatar

That’s what I was thinking. It would make it really way for Threads users to try out the various corners of the Fediverse and they are still with Meta because of a demonstrated liking for convenience.

Then you introduce easy account migration so we can offer them greater privacy without losing out of access to their Threads account.

The Fediverse would need to make sure their servers are up to the task of on-boarding all the new users we’d be poaching.

threelonmusketeers,

Then you introduce easy account migration so we can offer them greater privacy without losing out of access to their Threads account.

Will this be possible without cooperation from Meta? I assume they would have little incentive to implement a convenient way for users to leave Threads.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • fediverse@lemmy.world
  • DreamBathrooms
  • thenastyranch
  • mdbf
  • khanakhh
  • Youngstown
  • slotface
  • hgfsjryuu7
  • ngwrru68w68
  • rosin
  • kavyap
  • Durango
  • PowerRangers
  • InstantRegret
  • magazineikmin
  • anitta
  • cisconetworking
  • cubers
  • vwfavf
  • tacticalgear
  • everett
  • osvaldo12
  • ethstaker
  • tester
  • normalnudes
  • modclub
  • GTA5RPClips
  • Leos
  • provamag3
  • All magazines
    •