Einer von Vielen teilte einen Kommentar zu diesem Beitrag/dieser Unterhaltung

Thu, 12 Jan 2023 17:12:09 +0100 via hubzilla

ray peaslee schrieb den folgenden Beitrag Thu, 12 Jan 2023 17:12:08 +0100

If a user removes their account using the removeme page is there a period of time that has to go by before they can register again?
Thanks

Mario Vavti

Thu, 12 Jan 2023 17:14:19 +0100 via hubzilla

It is not possible to register with the same nick again.

ray peaslee

Thu, 12 Jan 2023 17:49:50 +0100

@Mario Vavti (mario@hub.somaton.com) ever?

Mario Vavti

Thu, 12 Jan 2023 17:51:42 +0100 via hubzilla

Yup

ray peaslee

Thu, 12 Jan 2023 17:54:40 +0100

@Mario Vavti (mario@hub.somaton.com) Thanks

Scott M. Stolz

Fri, 13 Jan 2023 04:46:53 +0100 via hubzilla

@Mario Vavti (mario@hub.somaton.com) forever-ever? </joke>

Witcraft (Hubzilla)

Fri, 13 Jan 2023 07:57:19 +0100 via hubzilla

@Scott M. Stolz (scott@scottstolz.com) ... only until the server has been re-installed (re-registration possible, making it a Zombie-ID), and the very last Fediverse server has forgotten that this ID once existed before - like all previously connected instances follow your manual request to manually delete the hubloc entry for the ID with the old hash, so you are no longer treated as a forged identity.

So basically ever like in "until hell freezes over". :laughing: This will give you a lot of fun when you register a domain that has hosted Fediverse software before to install a new hub, and register with an ID that has existed decades ago - Other servers will just ghost your ID, and you will have a hard time to find out why...

@Mario Vavti (mario@hub.somaton.com) I used to think that was a specific implementation on Zot-/Nomad-Ware. But "burning" an ID applies to AP instances, too - correct? Do you know if AP instances like Pleroma have to "forget" this channel too?

Mario Vavti

Fri, 13 Jan 2023 08:06:05 +0100 via hubzilla

@Witcraft (Hubzilla) (witcraft@hubzilla.fediversum.de) in fact Hubzilla can deal with re-installs pretty well. Most other software can't.

Witcraft (Hubzilla)

Fri, 13 Jan 2023 09:23:39 +0100 via hubzilla

@Mario Vavti (mario@hub.somaton.com) That would be great! :slight_smile:
That's new to me, so let me see if I understand correctly:

Install a server "domain.tld"
register an identity "shortname"
connect to channels on other servers, leaving hubloc traces
Delete and re-install server from scratch at same domain,
create identity with same shortname (no import, no clone => new hash)
Try to connect to channels on these other servers again.

So other servers will no longer consider my ID as forged / burned? Because I understood that has been the problem so far. If this is no longer the case, why not allow registration of a channel shortname that used to exist but had been deleted?

Mario Vavti

Fri, 13 Jan 2023 09:35:36 +0100 via hubzilla

@Witcraft (Hubzilla) (witcraft@hubzilla.fediversum.de) because it would be relatively easy to impersonate deleted channels for anyone?

Mario Vavti

Fri, 13 Jan 2023 09:38:55 +0100 via hubzilla

@Witcraft (Hubzilla) (witcraft@hubzilla.fediversum.de) also because you will have issues with other software.

Anyway, please try if you can (preferably with version 8.0RC) and if something does not work within Hubzilla it is a bug which should be investigated and reported...

Scott M. Stolz

Fri, 13 Jan 2023 09:57:44 +0100 via hubzilla

Instead of burning an ID permanently, perhaps there could be a time duration. For example, if an ID has not seen any activity for over a year, and a new ID shows up with the same channel address but a different hash. it will consider the new ID a new identity and not a forgery.

And if this was paired with the ability to change your hash without losing your ID, then the hub could authenticate that the old hash and the new hash both belong to the same channel, or report that only one hash is legitimate and the other is to be considered forged.

ray peaslee

Fri, 13 Jan 2023 11:53:27 +0100

After reading all the comments I have a better understanding of the reasoning behind it and it makes good sense. I like it as is.

Einer von Vielen

Fri, 13 Jan 2023 12:03:13 +0100 via streams

As far as I know the identity in Hubzilla consist basically of a global unique id, a GUID signed by a private key. Connected to this GUID are one one or more human readable IDs like - that is the obvious/visible part for a user. But what is used in the background is the GUID (or the hash of it).

Instead of burning an ID permanently, perhaps there could be a time duration. For example, if an ID has not seen any activity for over a year, and a new ID shows up with the same channel address but a different hash. it will consider the new ID a new identity and not a forgery.

That is why you should backup your "id" as json file for example. Thie file contains everything: GUID, private key,... Later on you can use it to proof that it is you and not somebody else. Your old contacts can (crpytographically) proof it is really you and not somebody else.

Breaking this procedure would open the door for stealing an ID. Thinking...???

Witcraft (Hubzilla)

Fri, 13 Jan 2023 12:38:48 +0100 via hubzilla

@Mario Vavti @Einer von Vielen
I do not think it would be possible to steal/impersonate a foreign ID:

Obviously, you would have to buy a domain to impersonate solely an ID. That can happen - granted,
By adding the GUID/hash, only the original user has access to that.
But obviously, the GUID/hash is not the single key that defines a channel - because otherwise, it would not be a probelm to have the same ID more than once.
So IF the combination of ID and GUID/hash is unique - You can clearly distinguish between an ID with one GUID from an ID with another GUID - So why ban an ID from the Fediverse after it's been deleted...? You could simply treat it as a new user. Then, the ID/new-hash could not impersonate the ID/old-hash. So I can connect to the same people, and they would be shown "This is not your original contact - This can mean that a different person now uses this ID. Please verify by if the person behind the ID is the one you want to connect to. Then, you can delete the prior contact and connect to the new one."

So I am not saying to just go by the ID and accept it without looking at the GUID. But it should be possible to mark a ID/GUID combination as dead and accept a new ID/GUID combination as a completely new user.

Einer von Vielen

Fri, 13 Jan 2023 13:20:13 +0100 via streams

But obviously, the GUID/hash is not the single key that defines a channel

I am not sure about if we are talking about the same things...

What the database tells is, example...

GUID=abc123 belongs to me@domain-a.org on server a
GUID=abc123 belongs to me@domain-b.org on server b
GUID=abc123 belongs to donald@trump.com on server c

All are technically the same identity because the have the same guid (abc123). The (same) guid is stored in the db of all three servers (domains) along with the private key (also the same all three servers). Contacts and permissions are glued to this guid.

Technically your contacts "talk" to this guid basically and not to donald@trump.com or me@domain-a.org.

That is all what I wanted to say - nothing about what is possible or impossible or nice to have.

Einer von Vielen

Fri, 13 Jan 2023 13:26:34 +0100 via streams

And as far as I remember the same principle applies to items, files,... A file that is synchronized between clones has the same guid in the db on every server, despite its name that is displayed to the user. I do not know if this adds something useful to this topic but anyway it might be interesting to know.

Witcraft (Hubzilla)

Fri, 13 Jan 2023 15:44:06 +0100 zuletzt bearbeitet: Fri, 13 Jan 2023 15:46:43 +0100 via hubzilla

@Einer von Vielen OK, I see what you mean. But if the GUID is the only reference - Why should the following not be allowed:
GUID=abc123 belonged to me@domain-a.org on server a. It is verified against hash 978sd6f94c.
GUID=abc124 belongs to me@domain-a.org on server a. It is verified against hash 234gkzg345.
So when I delete abc123, it should not be a problem to register abc124 with the same shortname. I cannot impersonate abc123, because a verification would fail.
When I write to someone who knew abc123, from me@domain-a.org he might expect me to be abc123 - but he cannot varify it (and could actually tell from the GUID that I am someone else).

Now he has the chance to A) condemn everybody of the name "me@domain-a.org" as forged forever (because nobody has exported the respective hash, maybe because he even was not the person who created it in the first place - Domains tend to be sold). So this is one of the many "burnt" identities that are lost to the Fediverse forever.

Or B) this (or I) could trigger a request like "Please delete all records of me@domain-a.org, with GUID=abc123 - It obviously no longer exists (otherwise I would not have assigned a new GUID to it) - Either I lost the hash, or whoever had it was not me, so I have no chance to get it back). Please treat me as the novel user GUID=abc124 that accidentally has the same webbie me@domain-a.org that is now controlled by me.

This is not impersonification (pretending to be the person before me) - It is a reset of a deadlock on a perfectly good domain and user name...

Einer von Vielen

Fri, 13 Jan 2023 17:02:53 +0100 via streams

I still do not know if we are talking about the same thing. You say...

GUID=abc123 belonged to me@domain-a.org on server a. It is verified against hash 978sd6f94c.

The hash is created from the guid not vice versa. You are not able to calculate the guid from the (xchan_)hash. That is the reason hashes were invented.

That said the only unique "thing" you have is the guid. One reason you do not pass around a hash is because you do not want to give away the guid. The guid together with the private key and the password is basically your identity.

You tell the system to create one or more human readable IDs (me@server-a.org or donald@trump.com or...) for the guid.

To come back to the original question

If a user removes their account using the removeme page is there a period of time that has to go by before they can register again?

Suggestion: Backup your identity by exporting it to a json file by visting /uexport.

After this you could delete all your channels at every server and then after a while you can register again using "the-real-donald@trump.com". In the process of registering "the-real-donald@trump.com" you can use the json file (containing your old guid,...) This gives your contacts the proof you are the same id as donald@trump.com as well as me@server-a.org.

Einer von Vielen

Fri, 13 Jan 2023 17:06:46 +0100 via streams

Correction. This is of course WRONG

One reason you do not pass around a hash is because you do not want to give away the guid

Must be: One reason you do not pass around a hash guid is because you do not want to give away the guid

Einer von Vielen

Fri, 13 Jan 2023 17:07:48 +0100 via streams

F***

One reason you do not pass around a hash is because you do not want to give away the guid.

Einer von Vielen

Fri, 13 Jan 2023 18:44:41 +0100 via streams

@Witcraft (Hubzilla) (witcraft@hubzilla.fediversum.de) Hmm, might be I do not really get what you want to achieve. If this is the case please ignore my comments.

Mike Macgirvin

Fri, 13 Jan 2023 20:10:29 +0100 via zap

I'll try to simplify because this knowledge is essential for anybody trying to build off of Nomad.

In Nomad, the channel guid is your 'claimed' network identity.
In ActivityPub, both the channel URL and webfinger address are your 'claimed' network identity.

The difference is that under ActivityPub, the identity cannot exist without a server. Under Nomad, the identity is not tied to any server, but only to the guid.

In either case your claimed identity is then signed by you with your private key. The signature is the 'proof' of your claim.

When using Nomad, you also sign your current location (the site URL).

This isn't needed for ActivityPub because you only ever have one server. If you change servers, you need a new identity and anything that was ever stored with the old identity will need to be fixed.

On the other side of the conversation, the receiver receives something from you. It is the receiver's responsibility to fetch your public key and verify your signature, or in the case of Nomad signatures as we verify both your identity and location. Assuming your public key verifies both, we have now proven the 'claimed identity' and verified that the message was sent by you and also that your channel is currently using this location.

Once we have done that, the receiver generates the "xchan_hash" or as we call it in later versions - the "portable_id". This is a hash of your guid and your public key. Everybody on the network calculates the exact same portable_id for your channel. There is nothing secret about this and you can pass it around (and we do), but the only rule is that we never rely on a portable_id generated by anybody else. We can only use or rely on a portable_id we generated ourself after verifying your claimed identity. Otherwise it's just another 'claim' and could represent anybody. Once we've verified your identity and created this hash ourself, we can use it internally to refer to your identity - no matter what server you're using. And if you move servers, we don't need to change any existing data because your identity didn't change. All we need to do is add another location to those which we've currently associated with your identity.

I'll stop there, as adding any more information would just make it all too confusing. This is the essential explanation of how Zot/Nomad works. Everything else is just passing messages around.

Mike Macgirvin

Fri, 13 Jan 2023 20:59:46 +0100 via zap

As to the question of re-using a channel, in theory you can re-use a Zot/Nomad channel name. We don't care. It is the rest of the fediverse that cares. But that's the problem - because by allowing a channel name to be re-created in our network, we've provided a mechanism for somebody to forge and re-use identities in another network (ActivityPub, Diaspora, OStatus, etc.). It is our responsibility as responsible network citizens NOT to allow this because other software would block us permanently if our software allowed a way to compromise the integrity of their network. This was discussed amongst different projects, and the only reasonable solution was for us to prevent channel re-use. That said, you cannot prevent re-install - nobody can.

I have no problem with somebody breaking the rules to re-create their own channel. That would not be considered a forgery. But I'll advise that a number of things will likely break and they'll need to hack the database since the code prevents it; and as responsible network citizens we simply aren't going to change the code to allow it.

There are still a couple of associated bugs lurking in our own code, as I found when I recently re-used an old channel through a complete re-install. I've fixed a few places in streams where the identity was confused. Don't know if I've got them all, which will have to wait for the next time I do something like that - but all my streams connections are working again, so I'm hopeful. I've got one or two Hubzilla connections which are still confused and I know Mario has done some work in that area but they're still confused, so I'll just say that more work may be required on the Hubzilla side. Lots of other software (Mastodon, Pleroma) also were confused - some still are, and I can't use this channel at all with Diaspora anymore. Diaspora holds onto network identities and public keys forever.

So it's not a good idea to re-use a channel or re-install. I'm aware of the risks and can fix a lot of things (but not every thing) that break/s and can certainly live without Diaspora. I wouldn't recommend it to anybody else.

Witcraft (Hubzilla)

Fri, 13 Jan 2023 23:20:36 +0100 zuletzt bearbeitet: Sat, 14 Jan 2023 09:33:03 +0100 via hubzilla

@Mario Vavti @Einer von Vielen @Mike Macgirvin Thank you for taking the time and explaining the background of all this.

What I understand:
In the Fediverse, there are two types of identities: Those tied to a channel URL (webfinger URI), and those tied to a GUID with portable or multiplewebfinger URIs (nomadic).
Either way, the ID is signed with a private key so it can be verified with a public key (or "hash").

Using URI/GUID + known hash, anyone can distinguish between an ID verified against that hash vs. non-verified against that hash (but verifiable against a different hash).

Reusing a channel webfinger URI ("short name" + "@domain") is easy in Zot/Nomad because you verify against GUID. But AP does not do that, so we do not provide mechanisms for re-use.

Where I have trouble to follow is:
People can "break the rules" by re-installing a hub which bypasses this re-use prevention mechanism. This is considered malevolent or at least invalid behavior. I think, it is a valid use case that requires a solution. I am all in favor of not relying on that people know how to not accidentally break rules, but instead provide mechanisms to handle that case. Mind me, I am not saying that Zot/Nomad can provide it by itself. I am saying that this is a design flaw in at least AP, probably the whole Fediverse, that should be fixed by a MUST part of the spec (Yes, I am aware how probable that is, but...).

Why should it be treated not as a malevolent hack but as a valid use case? People WILL re-install Fediverse servers eventually at some point, trying to re-create URIs that have been abandoned. And you cannot expect them all to buy new domains, or make up alternative or cryptic channel names that code in the amount of previous failures (I'd have been "witcraft12" before I started to actually use this hub):

Someone breaks his a hub and has to re-install it without a working backup of DB and ID (private key).
Public institutions break their hub at their official domain and have to re-install it, maybe with a broken DB.
Someone takes over a domain without knowing there has been a Fediverse server running on it before, and without access to all possible previous ID private keys. If a company takes over a speaking domain name, info@domain.tld might well have already existed. And you would not find out before some servers ghost you. For reference: In Germany alone, a hundred research instituations and almost as many government institutions have created a URI as their public face (with two Mastodon instances) in the past few months.
Most simple case: People do not know that they are breaking the rule because they do not know the rule itself. I wonder how many Fediverse users, or at least instance admins actually are aware of this background, or at least the rule to never ever to reinstall a hub at the same domain for eternity (unless from a backup, and only without any other fresh Fediverse installation in complete history).

The principle I would like to be provided as a binding reqirement is:
It is possible to detect that a URI is being reused, otherwise it cannot be banned as forged. So if a Fediverse server sees a URI that conflicts with the public key stored for it:

DO NOT consider it as forged / breaking the rules and withdraw all permissions.

DO NOT consider it as valid to give the previous permissions, either (That would be allowing impersonification).

DO consider it as unkown (Like a new GUID would be in Zot/Nomad, even with a known URI). Give it permissions any other new channel has - but reset it to zero to allow to assign a new public key with new permissions - And clearly warn anyone connected that the "new" human readable URI is NOT identical to the old one and should be double-checked before being given any permissions. But at least give the recipient the option to do so. It is not like anyone has access to that URI domain name to install new software, so that's a valid but not frequently repeated use case. If there are reasons not to do this automatically, allow the new channel to explicitly request the removal of a depracated public key (meaning that all previous connections have to be re-established).

If all Fediverse projects (or at least AP) would honor this simple rule, I do not see why we should maintain a secret, ever-growing list of burnt Domain and channel names that could eventually be ghosted by some servers without any chance for a domain owner to predict or find out about.

Scott M. Stolz

Sat, 14 Jan 2023 04:03:50 +0100 zuletzt bearbeitet: Sat, 14 Jan 2023 09:58:45 +0100 via hubzilla

Maybe ActivityPub needs to consider treating authentication a bit differently. In some ways, the way it is treated now is backwards, but I understand why they did it that way.

Every domain name is an "identity provider" since it has the ability to issue unique IDs to people and manages their keys for them. Each domain is a custodian of each person's identity.

If the keys are different for a channel address (channel@example.tld), then treat it as if it was a new channel.
If the identity provider declares that a key change has been made, and can verify that both the old key and the new key both belong to the same identity, then treat the new key as the correct one, and reject the old key as being forged for all future correspondence.

This would allow key changes, and actually make the system even more secure.

That handles the security aspect on the software side, but there is also a social aspect.

How are people using the platform supposed to know that channel@example.tld and channel@example.tld are not the same person?

Even if Zot, Nomad, and ActivityPub allow the reuse of channel addresses, there would need to be some "rules" or "recommendations" put in place on how platforms and apps are to display those changes to end-users.

And I think this is where the stumbling block is.

Scott M. Stolz

Sat, 14 Jan 2023 10:07:22 +0100 via hubzilla

So far, the solution seems simple.

Herd all of the fediverse cats.
Get them to implement the desired technical changes allowing key changes and reuse of channel addresses.
Issue standards on how to display that channel@example.social and channel@example.social are actually different channels / people.

Easy. Especially the herding cats part.

But seriously, permanently banning channel addresses may work in the short term, but it is not sustainable. As was mentioned, some major organization, such as a school or government agency, is going to screw up their instance/hub, and permanently banning admissions@example.edu because they broke their website and reinstalled would not go over well.

So it might be something worth working on with ActivityPub and other protocols.

Scott M. Stolz

Sat, 14 Jan 2023 10:51:16 +0100 via hubzilla

I decided to start a topic about it ActivityPub's forum, SocialHub. I'm curious about their perspective on it.

https://socialhub.activitypub.rocks/t/reuse-of-identity-channel-addresses-revocation-reissue-of-keys/2888

hubzillar

Sat, 14 Jan 2023 10:59:47 +0100 via hubzilla

Is it possible for a nomadic guid to store a list of all url and/or public keys that have been associated with the guid? Would other parts of the fediverse be able to verify by being able to read the entire list, until a match is found?

As for this type of design information, surely there should be a repository for this to be kept, analogous to the ibiblio 'linux documentation project?

Witcraft (Hubzilla)

Sat, 14 Jan 2023 11:10:53 +0100 zuletzt bearbeitet: Sat, 14 Jan 2023 11:12:09 +0100 via hubzilla

@hubzillar (hubzillar@tiksi.net)

Is it possible for a nomadic guid to store a list of all url and/or public keys that have been associated with the guid? Would other parts of the fediverse be able to verify by being able to read the entire list, until a match is found?

I'm not sure about that. But actually, I think you do not need it - There is only one person at a time who decides to which webspace and instance a domain points: the current one (last in list). I don't think the history matters if you allow it to be cleared.

@Scott M. Stolz (scott@scottstolz.com) While I have nothing against exchanging keys when I have the old and the new one, I wonder why I would need to to so if I do have the old key (like channel backup as @Einer von Vielen (einer@digitalesparadies.de) pointed out): I could just install the hub and import the original channel with the orginal key.

My priority is more on those who lost the orignal channel without backup of the key, or never had access to it in the first place (it's not breaking the rules to re-use a domain).

Scott M. Stolz

Sat, 14 Jan 2023 12:48:26 +0100 via hubzilla

@Witcraft (Hubzilla) (witcraft@hubzilla.fediversum.de)

While I have nothing against exchanging keys when I have the old and the new one, I wonder why I would need to to so if I do have the old key: I could just install the hub and import the original channel with the original key.

I am not sure what you mean. If you are using the same key because you used a backup, the rest of the fediverse wouldn't notice, since you are using the same key. There is no change of keys in this scenario.

The only time you would change a key on purpose would be a revoke/reissue situation. For example, if somehow your old private key was leaked, your instance/hub could revoke the old key, reissue a new key, and both would be considered the same identity, but the old key would no longer work.

@Witcraft (Hubzilla) (witcraft@hubzilla.fediversum.de)

My priority is more on those who lost the original channel without backup of the key, or never had access to it in the first place (it's not breaking the rules to re-use a domain).

In this case, according to my proposal, the old key and the new key would not be considered the same identity/actor, even if they have the same channel address. Instance/hubs/clients would/should visibly display an indication that they may not be the same actor.

For example, display identity@example.social (old) for a previously valid identity that is no longer valid, and identity@example.social (recreated 2023-01-14) or identity@example.social (new) for the identity with the new key. This would provide public notice that the channel/identity may or may not be the same person/actor.

Until Zot, Nomad, and ActivityPub are updated to allow this, then we can't reuse IDs without some instance/clients rejecting them.

hubzillar

Sat, 14 Jan 2023 15:07:47 +0100 via hubzilla

@Witcraft (Hubzilla) (witcraft@hubzilla.fediversum.de)

install the hub and import the original channel with the orginal key

Would this be accepted by other fediverse (e.g. activitypub, diaspora) protocol verification process?

Witcraft (Hubzilla)

Fri, 20 Jan 2023 06:35:59 +0100 zuletzt bearbeitet: Fri, 20 Jan 2023 07:04:37 +0100 via hubzilla

@hubzillar

Would this be accepted by other fediverse (e.g. activitypub, diaspora) protocol verification process?

It would, as far as I understand it (it's the same webfinger URI, with the same GUID, verifiable against the same public key). It should even drop in for established AP connections, as it is the same webfinger URI (With a port of your ID to another domain, you would have to re-establish AP connections, whereas Zot/Nomad connections would recognize the port by its GUID).

Scott M. Stolz

Sat, 14 Jan 2023 13:24:35 +0100 zuletzt bearbeitet: Sat, 14 Jan 2023 13:25:38 +0100 via hubzilla

It should be noted that since a channel address (identity@example.social) can only have one active key at a time, any old key would be rendered as invalid for all future correspondence.

This applies to both a lost key and a revoke/reissue situation.

The question is: what to do if a channel address starts reporting that it has a new valid key?

ray peaslee

Sat, 14 Jan 2023 14:17:49 +0100

Just my opinion but I say leave everything as is.

Mike Macgirvin

Sat, 14 Jan 2023 20:19:00 +0100 via zap

To be fair, this isn't the first time this conversation has come up. It's another one of those recurring rabbit holes that surfaces occasionally.

I can still remember when I was full of enthusiasm that I could fix it. And for the most part we did (as I had a fair bit of help). In a Nomad only world the problems are pretty much solved - but there are bugs to fix. Start there. Every single hubloc query that searches by address needs an "ORDER BY hubloc_id DESC" clause. Somewhere in Hubzilla there's still at least one place this is not happening. In Streams, there are also places where this should be fixed, though I've checked them all and left a few that shouldn't cause any problems. Even if it doesn't cause an issue today, we should still get in the habit of doing this to support re-installs anywhere we check identity.

The next thing you can do is implement Identity Proofs under ActivityPub.

https://codeberg.org/fediverse/fep/src/branch/main/feps/fep-c390.md

I consider Diaspora a lost cause at this point - unless somebody forks the project and converts it to ActivityPub. If you wish to still converse with that network, you should always start with a fresh channel they've never seen before. There's nothing more you can do. They do have a re-key operation associated with their account migration procedure, which might be useful as long as you never create a clone in our network, which that operation will likely destroy.

Be aware that Pleroma can change keys whenever they like and doesn't notify anybody. This makes it incredibly difficult to figure out if a Pleroma identity is getting re-used.

Re-keying is already provided as a protocol primitive in NomadHandler (Zot6Handler if you're using the older protocol). External network re-keying is provided in our implementation of Mastodon's 'movedTo' operation. Dead account detection (for channels that go away without telling anybody) is provided by Hubzilla's global directory - although this was tossed in streams because it doesn't work with the rest of the fediverse and has become a spam magnet.

Witcraft (Hubzilla)

Sun, 15 Jan 2023 22:55:14 +0100 via hubzilla

@mike
When I stumbled upon this a good year ago, I initially thought this was specific to Hubzilla/Zap. I now understand that, again, Zot/Nomad has already solved this as a first (again), but depends upon AP. I completely understand that this is not solveable by Hubzilla/streams. But I think if it's the right street to walk, then it's also good to play the ball to AP (thanks, @Scott M. Stolz).

I consider Diaspora a lost cause at this point

The more I read about the background of things, the harder it is to consider them as part of the Fediverse - Compatibility does not seem to be their focus...