Freedombone Blog

Freedom in the Cloud

Messing with ActivityPub

Recently I've been trying to implement the ActivityPub protocol. I wanted to get more of an understanding of what the issues are with it, and see if I could implement a server from scratch. Mastodon is ok, but too resource intensive for my use cases. The filtering system of Pleroma generally works well, but I was still struggling to keep bandits out of my inbox and it was becoming too much of a chore. Self-hosting is supposed to require little to no maintenance if it's done right.

If I'm to remain in the fediverse at all then what I'm looking for is something which requires minimum RAM and storage space. Where the database size has a strict maximum upper bound. And where I can be confident about what (or who) is or isn't getting onto my server. I searched around for existing projects which might fit the bill, other than Mastodon or Pleroma. GNU Social and PostActiv are still around and they were a good solution a few years ago. But I think the state of the art has moved on and something like GNU Social isn't geared up to handle the adversarial situations which now exist. It was designed for a gentler world of Free Software developers exchanging cycling trip photos and commandline tips. Now that there are a million or more fediverse users it's a different game entirely and the blooming buzzing confusion of the crowd requires some taming to be humanly interpretable.

So I may spend the next period of time developing a minimal fediverse server, equivalent to an email MTA. Maybe it won't work out and there will be some show-stopping reason why this is a bad idea, but in principle it seems like a tractable piece of work. On top of all the usual features it would also be interesting to experiment with adding organizing features and also something comparable to the old GNU Social Sharings plugin for bartering and freecycling.

I have some initial code here. Of course, it had to be named after a species of extinct megafauna. It's highly experimental and mostly just a bunch of unit tests, so I don't recommend that anyone use this for any practical purpose right now.

In case you were wondering, the next version of Freedombone will be out soon although I don't expect it will have any fediverse servers. In my estimation the existing software is too unsafe and too high maintenance for an install-and-forget type of system.

Dark Messenger 1.3

Emerging from the murky depths of the interwebs like a low-budget B-movie monster or something out of a 1970s Dr Who episode is Dark Messenger version 1.3.

This version is based on the latest Conversations XMPP chat app and has an added usability feature for initial setup. On the screen where you are first asked to enter your account details there is now a QR code button. If you have your onion JID as a QRcode, as it exists in Freedombone on the members screen, then you can scan it with your phone camera and the address and hostname fields are then populated automatically. This saves any fiddling around switching between apps, or trying to type long random addresses manually. The only thing you then need to do is enter the account password.

Top of the screen showing QR code button

Dark Messenger is a version of Conversations restricted to using onion address based XMPP accounts. This makes opsec snafus much harder to commit, and always ensures that the metadata is protected from passive surveillance. "Just say no" to letter agency spooks and other random interweb flotsam. No Certificate Authorities are involved in the running of this app.

Dark Messenger will not get rid of the nubs.
Dark Messenger will not make you look five pounds thinner.
And it's available in no app store anywhere.

But you can download it from here.

Fediverse debrief

I'm going to take time out from the fediverse for a while. It's not that I've been "cancelled", although the level of hostility recently has been exceeding my personal comfort zone and becoming comparable to Twitter.

A critical design problem of this type of system based upon the ActivityPub protocol seems to be that there isn't any granular control over who you associate with or on what terms. It means that adversaries have unlimited potential to reply on your posts or send menacing DMs. Of course it's easily possible to block them, but the sheer volume of this problem recently means that it becomes like a cat and mouse game, or a game of whack-a-mole.

So it's time for me to step back and think about whether ActivityPub is useful as a method of public communications, and whether I ought to be recommending systems in which the user doesn't have much control over who they associate with other than follow or block. Maintaining an increasingly large blocklist and the amount of research which that requires seems unrealistic.

As an analogy from the past, I abandoned trying to support blog comments for similar reasons. The amount of spam became too much to manage, and automated methods such as CAPTCHAs or cryptic questions failed to prevent it.

For now I think the Zap or Hubzilla approach is better, although there are far fewer users of those systems. With something like Zap it is reasonable to expect that the first time self-hoster could have a good experience on the system, rather than immediately being bombarded by communications which they havn't chosen to opt into.

The end of the Web?

Something seems to be going on with the web. It seems to be heading towards a kind of endgame. For practical purposes there are only two web browser engines which most people use and they're both directly or indirectly controlled by Google. As I write this Google is busying itself trying to prevent ad blockers from working and without ad blocking the experience of browsing the modern web is some combination of insecure, annoying and occasionally horrifying. Targeted ads are like an unwelcome stalker who follows you around.

At the same time W3C - an organization already having profound flaws - appears to be handing over the definition of the HTML standard to Google. Mozilla I regard as being a proxy for Google because it's where they get their money from, and Apple, Microsoft, Mozilla and Google control WHATWG. Since Microsoft gave up making its own browser recently this really leaves Apple and Google as the new pilots of the HTML "living standard".

We can maybe see the future of the web in the form of what Google recently did with confidential emails in Gmail. If you're sending an email that way then it no longer gets transferred via the email protocol. Instead the email becomes merely a notification that something has happened on a Google server and you then have to log in to that server to read it. This is how open standards finally die, having been totally appropriated and subsumed under a superficial appearance of convenience and security theatricality.

A prediction is that in the early 2020s HTML is something delivered centrally by Google and optimized for ad delivery and metadata collection. There is a new era of utility computing in which Google data centers are the mainframes and the idea of personal computers being personal or decentralized is something quaint from the distant past. Unless Mozilla can really clean up their act I think they're heading towards a Netscape-like oblivion, although the codebase will live on and perhaps metamorphose into other things.

Now is a good time to reinvent the web and to revisit its most basic premises. Who should the web work for? Should it be just an ad delivery platform? Who should run the web and who should make the standards?

The changing face of FOSS project hosting

With Github introducing a way for projects to receive donations via its site the business model which Microsoft is going to be deploying is getting clearer. They say that they won't be taking any percentage of the donations for a year, but presumably after that anything goes. Once you have them by the income then it also becomes a lot harder for developers to vacate the platform and they're more likely to accept bad practices being foisted upon them as part of an often subconscious cost/benefit analysis. Microsoft could start leveraging its patent portfolio this way, by taking a bigger percentage of donation money from popular projects as a patent protection racket.

With Gitlab being backed by venture capital from Google it's only a matter of time before they exit and maybe do something similar. I'm not against FOSS projects receiving donations, but it's easy to see how this could become a way to lock developers onto monolithic proprietary platforms in a manner where they can't easily escape and where they may feel compelled to accept ugly tradeoffs.

So I think what's needed is a distributed git project hosting system. At this point a giant chorus of developers will say:

But git is already a distributed system

Which it is. But the important parts which facilitate low friction collaboration aren't distributed. Git itself only really supports the 1990s email-based collaboration model used by the Linux kernel. Unless you really have a buttoned down email workflow using something like Mutt and procmail, this isn't easy for most people.

The aim should be to be able to make a pull request or file an issue on a project without needing to have an account on someone's home server. Some form of identity which works with anything but doesn't make life easy for spammers.

If we don't have a good solution for this within the next couple of years then I can foresee that Free Software development is going to become a lot less accessible. Developers are going to feel that they have no choice other than to accept advertising in their hosting system or a requirement to use specific Microsoft tools and unpleasant compromises like that.

The Disappearing Firefox Addons

If you are a Firefox user or use one of its derivatives such as Tor browser then it may not have escaped your attention that all your addons disappeared, including even the default ones such as NoScript.

This appears to have been just a mistake with someone at Mozilla not renewing a certificate. Although LetsEncrypt exists TLS certificate expiry is still not all that uncommon even sometimes on well known sites. Disappearing addons has been a big problem with a relatively mundane cause, but it's a problem which reveals the underlying centralized architecture.

In a decentralized or distributed web one person forgetting to renew a certificate wouldn't be a big deal. It would only affect them or anyone accessing their server or peer. But in the web we've actually got one person at Mozilla forgetting something can render all Firefox browsers effectively useless - or at least a lot less secure. If you're relying upon NoScript in Tor browser to defend you then you could suddenly find that your defenses vanish. Welcome to the totalized web.

Checking signatures on installed software is normal. However, Firefox goes beyond this and repeatedly checks signatures every 24 hours even if addon code has not changed. It does this with a hardcoded constant called XPI_SIGNATURE_CHECK_PERIOD and there's also another constant called MOZ_REQUIRE_SIGNING which indicates that at some point the ability to manually turn off signature checking in about:config is going to go away.

Like most people, I was unaware of all this until NoScript disappeared and couldn't be re-enabled, resulting in the inevitable WTF moment. Apparently there was a minor scandal about addon signing a few years ago, but I must have missed that bandwagon and was probably busy with other things.

So how can this be improved? Within the current paradigm I think that signatures should only be checked when the source code changes. This means creating a hash of the code and storing that. If the hash doesn't match only then should the signature check take place. This would have made yesterday's debacle a lot less acute. In most cases things would have continued to work and Mozilla would have had time to update their certificate without any big fuss. Hashes could be stored natively such that they can't be spuriously modified by other addons.

It may also be worth considering whether addons such as NoScript are so essential that they should be built into the browser codebase, rather than being something separate. In the longer term I think that's a better way to go. Mozilla is unlikely to do it, but Tor browser developers could.

Going beyond the current paradigm, the web needs to actually be decentralized or distributed. One company shouldn't be deciding what browser addons people can run and have the ability to turn them off either through malice or oversight. There has been a lot of browser consolidation such that there are now really only two web engines, and this space could do with some disruption - especially with regard to ad blocking. A new browser which has ad blocking as a core feature I think could get quite a lot of traction quite quickly.