Hey, i’m a software developer and i’m considering trying to build a site using ActivityPub, but i have a few concerns about it. My first concern is that if the platform is open source someone can host a malicious version of it, where certain requests may be ignored (such as deletion).

This leads into my next concern which is GDPR, because now i can’t be certain that a users data gets deleted upon their request and i’m not certain whether i would be liable since my instance federates with the malicious instance (which may also not be hosted in the EU which is itself problematic, and even if i’m not liable it’s still not great).

I considered if it was viable to make the platform invite based somehow, so that it doesn’t federate with everything by default, but that also sort of defeats the purpose of using ActivityPub.

The loss of control over content is also something that i don’t particularly like, since some people may use their own instance for harassment or something else gross, but i guess that wouldn’t be my problem since i just wrote the code and wouldn’t have anything to do with the hosting of such sites.

i’d appreciate any feedback since i think the technology and the fediverse is very interesting, i would definitely like to try it out, but i’m not sure how to go about these challenges.

  • MinekPo1 [it/she]
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I can give an educated guess about GDPR:

    Since the European Union have officially endorsed mastodon (social.network.europa.eu) as long as your instance complies with GDPR, you are not liable for actions taking by bad actor using ActivityPub to do bad actory things.

    I am not sure about how that applies to data being sent to non EU servers as lack knowledge about GDPR.