I’ve been using federated social media for a while now and I recently considered setting up an instance for my local community as a sort of Facebook alternative. However, as I thought about it, I wondered if ActivityPub’s deletion problem (i.e. if a user deletes their content on their server it doesn’t guarantee the content being deleted on other servers) is a fatal flaw. I worry that it would be difficult to secure buy-in from people if they were made aware of this issue, which they have the right to. It does make me wonder if the ATProtocol will be the better protocol if and when it becomes open source.
I’m curious as to other drivers users’ thoughts. While it is an issue that we may be happy to live with given the numerous other benefits ActivityPub provides, is it a flaw that will ultimately prevent wide scale adoption?
This “fatal” flaw is hardly unique to ActivityPub. You fundamentally cannot control anything you publish on the internet. You can’t stop people from saving copies or taking screenshots, you can’t stop archive bots or LLM web scrapers, and you can’t force Lemmy instances to honor deletion requests.
Even on Reddit there’s been undeleters and archives since basically forever.
Even for regular websites, there’s always the Internet Archive.
It’s hardly a new problem: you always assumed the Internet was forever.
This is not so much an “ActivityPub problem” as it is just how things work when you move something from point A to point B. You can’t unsend an email (or physical mail) or untell a secret.
The idea that you can just delete something on a whim is an illusion created by the centralized silo networks, and it’s not even true those cases as it’s generally a soft delete, and archived by other means anyway.
If you think you might change your mind about sharing information, don’t put it in the Internet in the first place. Even if deletions always federated, it can be kept in dozens of other ways.
Yeah, my attitude towards this is that if I post something, I voluntarily lose control of it. Post accordingly.
It’s easily said, but there can be some serious ramifications to this. What if the thing that was ok to post about some years ago now becomes outlawed and the state uses posts from the past to identify now illegal behavior (e.g. LGBT issues, political opposition/opinions generally, consumption of some previously legal substance like cannabis, …)
The state might already have a copy of all your posts anyways to use that, but many states don’t.
It’s cute that you think they don’t have a copy of everything the instant you post it.
They literally have black box rooms inspecting all traffic in all the major internet POPs in the US.
Well I don’t live in the US
Doesn’t matter, they’re collecting it anyway.
You do understand how networking works, yes? They are getting EVERYTHING that goes through a U.S. POP.
You’re rude
Yeah, they’ve got that recorded, too.
New username periodically?
I think it’s fair to say that we can all end up regretting some of the stuff we’ve put online months or years after the fact.
For example, it means ActivityPub is definitely not an appealing place for young people to have their first cringe moments online.
The risk of being cancelled is higher, and I think everyone has the right to regret their past self and try to clean it up if they want to.
Yes, it should be explicitly mentioned, that deletion isn’t guaranteed. But I don’t think it’s a deal breaker. People should be aware that posting something publicly on the internet, must always be considered to be preserved into infinity.
If you post something publicly on Facebook, there is also a high probability that some web scrapers save your pictures and posts. Deletion does nothing there.
Btw ATproto is even worse. Pretty much everything is public there. https://docs.bsky.app/blog/block-implementation
It’s not really a fatal flaw as other users have pointed out.
The ATP protocol could be improved by including a published “delete” request for the content ID of an item, so that the receiving instance would get notification that the item had been removed. This could then be automated to push a delete action on the receiving instance, or manually removed by the receiving instance admin.
Regardless, however, you’d have to trust that the “delete” tag was being respected by your federating instances.
However, one interesting element is that editing your content is actually more effective in the Fediverse than deleting it, as it will overwrite the content on remote servers when they re-query your instance. You’re still relying on that remote action before the old content changes, but at least it doesn’t just stay up while the content is deleted on your site.
What makes a flat fatal for you? It’s fatal for the idea of sovereignity over where your posts end up. But that’s mostly a given for any kind of public online posts - everyone can just make a copy. I don’t think that should be used as an excuse not to try gaining as much sovereignity as possible, but it’s certainly not something preventing “wide scale adoption”.
The fact that the delete button can only guarantee deletion on your own server is not robust considering one of the primary appeals of the fediverse is that servers can communicate with each other. It means unease/distrust is built in from square one.
Communicating with each other does not mean you can withdraw your post from everywhere.
Every public post in the never can and will be copied elsewhere, be it the Internet archive, a reddit mirror, a screenshot on Tumblr, Google search index or some scraping AI. You have zero say in this and you are not able to withdraw it - even if there’s some law that says you can, in many cases you don’t even know about the copy. And if you send a letter and ask them to delete it, they can say yes but you can’t know for sure.
There’s no way to guarantee someone will delete something you sent them. They’ll always be able to take a copy.
The fediverse can’t do that either. Nobody can. But the fediverse has a specified way to tell “this post isn’t here anymore, would be cool if you would delete it as well” and for the biggest part, other instances will respect that.
That’s fair. Say you were setting up a server and you planned to migrate users to it, and it was going to be their first experience of the fediverse, do you think this is something you’d feel obligated to tell them about?
Obligated? It depends on the users a bit (since you say migrating, I guess I already know them?).
But generally a reminder won’t hurt. Not everyone gets educated on digital spaces and also we tend to forget which consequences our posts might have.
You mentioned young people as an example who should be able to fuck up without it being held against them too long and I agree. I think public social media might not be the best place for that in general, and certainly not with names that can easily be mapped to their offline id.
You can’t guarantee you are able to delete anything you post publicly to the internet anyway.
Once it’s public, web crawlers can take a copy of it, entirely independent of any kind of federation.
There were several sites dedicated to letting people “undelete” Reddit comments, for example.
Update: So far many of the responses point out that if you post anywhere on the internet you are prone to this issue, i.e. even if you delete something someone may have copied it etc.
I do believe this is different. Yes, we are always at risk from malicious actors, but usually when using social media we can operate under the assumption that the delete button works. That is not the case for ActivityPub. Even without bad actors, your content may not be deleted. I think it’s safe to say that this is an unappealing issue for most potential users.
but usually when using social media we can operate under the assumption that the delete button works.
Not at public sites. There’s several websites that mirror whole reddit where you’ll find plenty of deleted posts and comments. There’s Twitter archives as well that keep copies of all kinds of accounts and posts.
You may have better chances in semi-public social media like Facebook where you have to be logged in to see anything. But you really can’t operate under that assumption as long as you’re on public social media.
I think it’s safe to say that this is an unappealing issue for most potential users.
I don’t actually think it’s safe to say that. I suspect that most people wouldn’t be very concerned about ActivityPub’s “best effort” federated deletion. But without actually polling people, I don’t think that either of these theories holds enough water to call “safe to say.”
Sorry I forgot to address your point - migrating people to a more technical setup would be a challenge in itself, but then informing them that deletion across servers isn’t guaranteed would likely give them cold feet.
FWIW, it’s fairly rare for a deletion to not propagate. And I’ve yet to come across a rogue instance intentionally refusing to honor deletions. If we did, our instance would defederate from it.
Good point :)
I’d hazard a guess that ActivityPub users are a small portion of the population, especially considering the people I’m thinking of setting a server up for are Facebook users in a medium sized town - mostly people over the age of 40 who only started using social media in the past ten years.
It’s no secret that onboarding is a barrier to entry for Mastodon for example, and even then most people likely haven’t even heard of it. I am the only person on any of my social circles who is aware of it.
