Update activitypub and mastodon

applications/mastodon.md

@@ -20,6 +20,8 @@ Account credentials are managed by the user’s instance, so if users forget the
 
 For user verification, there is no central authority to check identity documents, but link-based verification can help cross-reference links associated with a user. For example, a user can link to their Mastodon profile from their personal homepage, and receive a verification checkmark to confirm that they are the owner. In addition, an identity proof framework was added in 2019, which currently only supports Keybase. It allows users to [link their Keybase cryptographic identity](https://github.com/keybase/keybase-issues/issues/2948) to their Mastodon account.
 
+Webfinger is used to look up users. The Webfinger endpoint is always under `/.well-known/webfinger`, and it receives queries such as `/.well-known/webfinger?resource=acct:bob@my-example.com`.
+
 ### Network
 
 Mastodon uses [Webfinger](https://docs.joinmastodon.org/spec/webfinger/) to translate user mentions to actor profile URIs. Webfinger specifies the path at which to find a user's profile information provided by the server.

protocols/activitypub.md

@@ -2,51 +2,65 @@
 
 ActivityPub is a federated protocol that defines a set of interoperable social network interactions through specific APIs. Any server that implements this protocol can communicate with the rest of the network. It reached W3C recommendation status in 2018. It is one of several related specs produced by the Social Web Working Group.
 
-ActivityPub consists of two layers: A server to server federation protocol, and a client to server protocol.
+ActivityPub consists of two layers: A server to server federation protocol, and a client to server protocol. In order to federate with the ActivityPub ecosystem, a service only has to implement the server-to-server protocol.
 
-Mastodon is a popular federated alternative to Twitter built on ActivityPub.
+Mastodon is a popular federated alternative to Twitter built on ActivityPub. Other ActivityPub applications include Pleroma, PixelFed, Friendica, and PeerTube.
 
 ### Identity
 
 User identities in ActivityPub are conceptualized as actor objects. To be spec compliant, each actor _must_ have an "inbox" and an "outbox". They also _should_ have "following" and "followers". They _may_ have "liked" collections, and many other predefined possibilities. These are endpoints, URLs which are accessible on the server.
 
-### Networking/Message Passing
+Each actor has a publicly accessible JSON-LD document.
+
+### Networking
+
+ActivityPub is federated through a server-to-server protocol that passes messages between systems.
 
 ActivityPub servers do not proactively network with each other, so they are unaware of each other's presence until a user finds and follows someone on another server. Servers maintain a list of remote accounts its users follow and subscribe to their posts.
 
-ActivityPub messages are objects wrapped in an "activity", indicating what it is.
-
 ActivityPub messages are not limited to HTTP only. This allows it to potentially be extended in more [p2p directions](https://nbviewer.jupyter.org/github/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/final-documents/activitypub-decentralized-distributed.pdf).
 
-### Data Storage/Message Persistence
+### Data
+
+ActivityPub messages are objects wrapped in an "activity", indicating what it is. There is an [Activity Vocabulary](https://www.w3.org/TR/activitystreams-vocabulary/) that defines Activity, Object, and Actor types that are common to social web applications.
 
 ActivityPub is not opinionated about how messages are persisted on the server as long as each server follows the protocol message requirements.
 
-### Moderation/Reputation
+Server implementions may [cache](https://flak.tedunangst.com/post/what-happens-when-you-honk) frequent requests, such as follower actor objects, public keys of other servers, and images and attachments on posts.
+
+### Moderation & Reputation
 
 Moderation is primarily handled by server implementations. ActivityPub defines a "block" activity to help users control their experience.
 
 The use of server-level bans to block content can lead to the isolation of an ActivityPub server instance if it is banned by many other servers, limiting its users to communication within its instance.
 
-### Social/Discovery
+### Social & Discovery
 
-Messages are addressed to a user at their home server. Normal DNS and IP address routing are used to find the server addressed. Users can push messages to the special 'public' group which makes them available to all interested users. Servers may accept delivery of messages addressed as 'public' to a shared inbox available to all on the server, but are not required to. "Like"s and "Follow"s may be used by servers to determine which public messages to accept/retrieve.
+Messages are addressed to a user at their home server, or published to a public inbox. Normal DNS and IP address routing are used to find the server addressed.
+
+If posts are limited in visibility (followers only, direct message), they will be delivered to a user's inbox, such as `https://example.com/users/alice`.
+
+Servers also may accept delivery of messages addressed as 'public' to a shared inbox available to all on the server, but are not required to. Social network implementations with public feeds may publish posts to the public inbox, such as `https://example.com/inbox`.
+
+"Like"s and "Follow"s may be used by servers to determine which public messages to accept/retrieve.
+
+The "outbox" is a URL where an actor's recent activities can be retrieved from.
 
 There is no global search capability, as each server monitors a different set of messages. Searching for the same keyword on different instances yields different results. The federated timeline shows public posts that the user's server knows about. Essentially, users have access to posts of people followed by people on their instance.
 
-### User experience
-
-ActivityPub is most widely used in Twitter-like applications (Mastodon, Pleroma). Some other applications that federate using ActivityPub include PixelFed and PeerTube.
-
 ### Privacy & Access Control
 
-Server to server federation is authenticated using HTTP signatures in conjunction with the signing key from the actor's publicKey field. To verify object integrity, linked data signatures are used to sign the object with hte publicKey of the actor who authored it.
+Server to server federation is authenticated using HTTP signatures in conjunction with the signing key from the actor's publicKey field. To verify object integrity, linked data signatures are used to sign the object with the publicKey of the actor who authored it.
 
-A [2017 discussion](https://github.com/w3c/activitypub/issues/225) of how to do encrypted messaging in ActivityPub.
+When a remote server receives a POST to its inbox, it verifies the signature on the HTTP request by checking it against the sending server's publicKey.
+
+Mastodon is currently [adding e2e encryption to ActivityPub](https://github.com/tootsuite/mastodon/pull/13820). Previously, messages were unencrypted on the server.
 
 ### Interoperability
 
-Any service that implements the ActivityPub protocol can interoperate with the ecosystem. A service like Twitter would need to add Webfinger and JSON-LD representations of users and tweets.
+Any service that implements the ActivityPub server-to-server protocol can interoperate with the ecosystem. A service like Twitter would need to add Webfinger and JSON-LD representations of users and tweets.
+
+The client-to-server protocol is rarely used in practice, but defines a standard way for user client software to connect to ActivityPub servers, creating a universal client ecosystem. If it were widely used, a user application could mix and match different servers like Mastodon, Pleroma, PixelFed, and any new service that implemented the client-to-server protocol.
 
 Diaspora, another federated social network, chose not to adopt ActivityPub. A Diaspora developer's reasoning for the decision is detailed in [this blog post](https://schub.wtf/blog/2018/02/01/activitypub-one-protocol-to-rule-them-all.html).
 
@@ -62,9 +76,11 @@ The ActivityPub ecosystem scales up by adding more server capacity to the networ
 
 [W3C Implementation Report](https://activitypub.rocks/implementation-report/)
 
-[Mastodon](https://mastodon.social/about) (the largest federated network built on ActivityPub) has 2699 nodes and 2.6M users as of 5/2020 (Mastodon home page asserts 4.4M, a bit more than what the-federation.info stats provide; maybe some servers are not counted)
-
-[Pleroma](https://pleroma.social/) According to stats at [the-federation.info](the-federation.info), Pleroma has 620 nodes with 35K users as of 5/2020.
+- [Mastodon](https://mastodon.social/about) (the largest federated network built on ActivityPub) has 2699 nodes and 2.6M users as of 5/2020 (Mastodon home page asserts 4.4M, a bit more than what the-federation.info stats provide; maybe some servers are not counted)
+- [Pleroma](https://pleroma.social/) is another federated social network. According to stats at [the-federation.info](the-federation.info), Pleroma has 620 nodes with 35K users as of 5/2020.
+- [PixelFed](https://pixelfed.org/) is an ActivityPub based image-sharing platform.
+- [Friendica](https://friendi.ca/) is a decentralized social network with support for ActivityPub, as well as the OStatus and diaspora protocols.
+- [PeerTube](https://joinpeertube.org/) is a free and decentralized video platform.
 
 ### Related
 
@@ -79,3 +95,5 @@ The IndieWeb protocols and community are also related to ActivityPub through a s
 [W3C ActivityPub Spec](https://www.w3.org/TR/activitypub/)
 [Social Web Working Group](https://www.w3.org/wiki/Socialwg)
 [SocialHub, ActivityPub discussion forum](https://socialhub.activitypub.rocks/)
+[Notes from an ActivityPub implementator](https://flak.tedunangst.com/post/ActivityPub-as-it-has-been-understood)
+[Reading ActivityPub](https://tinysubversions.com/notes/reading-activitypub/)