This interview with the author of #Zot & #Hubzilla has some interesting criticisms of #ActivityPub:

"The W3C editors haven’t provided a level playing field and I truly believe the specification is now worthless as a unifying force for the free web. [...] Any opportunity for free web unification using a common stack has probably been lost. Ironically, I believe this was ActivityPub’s primary goal, and that makes the specifications [...] flawed — critically."

HT @strypey

@wu_lee Presumably someday ActivityPub version 2 will come along and fix some of ActivityPub's deficiencies. And surely Eugen will gain experience over time.

Perhaps, @ocdtrekkie - but McGirvin (the Zot author) makes it sound like #ActivityPub and #Zot aren't in the same category.

"These [zot] features [nomadic identity, decentralised access control] are totally alien to most every other network and service and you can't just create a patch to make them work. It's a completely different way of looking at the world and would take a complete re-write of most projects to realise or make compatible."

@wu_lee Yeah, those are definitely different things, though I am not sure how much I like those things. They add a lot of concerns I think are best avoided.


Ive not used hubzilla, I'd be interested to hear what your concerns are?



@dazinism I don't know if I'd say I have specific concerns, just a lot of doubt about the idea of you being able to log into arbitrary federated servers without having to fully trust every single server in your federation.

· · Web · 0 · 0 · 0


Does a "nomadic identity" imply any more trust than you would if you deleted one account and created a new one elsewhere?

If you can do this does it mean you do it frequently and arbitrarily?


@wu_lee Obviously if you log into two different Mastodon instances, from a trust standpoint, you are two different identities, each trusting a given instance to maintain that identity.

But if, as Hubzilla seems to claim, you can log into your identity from a different server, doesn't every server have the ability to impersonate you?



Presumably you need to trust servers you use in both cases.

But not necessarily allow them to impersonate you (e.g if the messages are signed in your client).

Servers all need the same degree of trust.

The difference is, with #ActivityPub you can't take your identity (followers have to be sought out and notified the new ID), in #Zot you can (the ID is host-independent).

But I would defer to people like @strypey who seem to have studied #Zot closer than I.


@strypey @wu_lee @dazinism I live in the same space. I code enough to be dangerous, and I work in IT, but there's definitely people who can wrap their head around this better than me.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!