This interview with the author of & has some interesting criticisms of :

"The W3C editors haven’t provided a level playing field and I truly believe the specification is now worthless as a unifying force for the free web. [...] Any opportunity for free web unification using a common stack has probably been lost. Ironically, I believe this was ActivityPub’s primary goal, and that makes the specifications [...] flawed — critically."

HT @strypey

@wu_lee Presumably someday ActivityPub version 2 will come along and fix some of ActivityPub's deficiencies. And surely Eugen will gain experience over time.

Perhaps, @ocdtrekkie - but McGirvin (the Zot author) makes it sound like and aren't in the same category.

"These [zot] features [nomadic identity, decentralised access control] are totally alien to most every other network and service and you can't just create a patch to make them work. It's a completely different way of looking at the world and would take a complete re-write of most projects to realise or make compatible."

@wu_lee Yeah, those are definitely different things, though I am not sure how much I like those things. They add a lot of concerns I think are best avoided.


Ive not used hubzilla, I'd be interested to hear what your concerns are?


@dazinism I don't know if I'd say I have specific concerns, just a lot of doubt about the idea of you being able to log into arbitrary federated servers without having to fully trust every single server in your federation.


Does a "nomadic identity" imply any more trust than you would if you deleted one account and created a new one elsewhere?

If you can do this does it mean you do it frequently and arbitrarily?


@wu_lee Obviously if you log into two different Mastodon instances, from a trust standpoint, you are two different identities, each trusting a given instance to maintain that identity.

But if, as Hubzilla seems to claim, you can log into your identity from a different server, doesn't every server have the ability to impersonate you?




Presumably you need to trust servers you use in both cases.

But not necessarily allow them to impersonate you (e.g if the messages are signed in your client).

Servers all need the same degree of trust.

The difference is, with you can't take your identity (followers have to be sought out and notified the new ID), in you can (the ID is host-independent).

But I would defer to people like @strypey who seem to have studied closer than I.


@wulee @dazinism @ocdtrekkie I only know what I've read, and gleaned from chats over the #fediverse with some of the app devs (incl. Mike)
@wulee @dazinism @ocdtrekkie ... and I'm not a dev myself, so anything I say about protocols is best taken with a grain of salt.

@strypey @wu_lee @dazinism I live in the same space. I code enough to be dangerous, and I work in IT, but there's definitely people who can wrap their head around this better than me.

@ocdtrekkie @wulee @dazinism I know enough CLI and Git to be dangerous, but my coding doesn't get much beyond Hello World (yet) ;P
@wulee @dazinism @ocdtrekkie but I presume there was a question about the privacy model in #Zot?
@wulee @dazinism @ocdtrekkie ( sometimes struggles to reconstruct threads involving users on #Mastodon instance)
Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!