#social 2019-09-14

2019-09-14 UTC
heluecht[m] joined the channel
# 05:44 
heluecht[m] I've got a question concerning account deletion and tombstones. Would you place a tombstone immediately - or would you wait with this until the account deletion messages had been transmitted and processed?
# 05:59 
trwnh heleucht[m]: why wouldnt you put the tombstone immediately? what happens locally should happen instantly.
# 06:19 
heluecht[m] We are transmitting the deletion message. Then one can argue that at that time the profile still had to work, so that the signature can be checked.
xmpp-social joined the channel
# 06:25 
heluecht[m] BTW: Mastodon seems to not use a tombstone, but immediately return a "410 gone" HTTP error.
hellekin and LukasMatt[m] joined the channel; etjet[m] left the channel
# 14:07 
fr33domlover heluecht[m], good question! Hmm I'll need to decide this too. Hmmm idea: instantly switch to Tombstone, but for an hour or so, have the tombstone specify a public key ^_^ hmm but nope this won't work if implementations reject Tombstone as a potential actor (do they? need to check)
# 14:08 
fr33domlover I've been avoiding deletions so far, for various reasons, but it's time to code them :p
# 14:09 
fr33domlover heluecht[m], trwnh, the idea of delaying the actual deletion for a bit doesn't sound too bad to me, are there examples where that behavior causes problems
# 14:11 
jaywink[m] wonders what is the average time implementations cache public keys for? Socialhome does it forever currently. Deletion is immediate and permanent, after sending it out to the network. There is no Tombstone even left after deletion.
# 14:12 
heluecht[m] Well, it would be good to not forget a key, once it had been received. And it should never be updated to avoid identity theft.
# 14:13 
heluecht[m] Just think of some AP server that goes down and the domain is deceased. Then someone else is registering this domain and opens up another AP server.
# 14:14 
jaywink[m] well, in that case you could argue the new owner of the domain now owns the domain ;)
# 14:14 
jaywink[m] and since identifies in AP are basically URL's
# 14:14 
jaywink[m]  * and since identidies in AP are basically URL's
# 14:15 
heluecht[m] I'm not sure if every AP server prevents you from deleting an account and then creating a new one with the same nick name.
# 14:16 
heluecht[m] This could be ... interesting.
# 14:18 
jaywink[m] if a receiver respects the delete - it's basically a new identity after created again. if they don't, they'll probably reject the new messages?
# 14:18 
nightpool[m] there's no reason for the profile to be able to be checked to transmit the deletion message
# 14:19 
nightpool[m] if the server knows about the account, then presumably they know the public key. if they don't know about the account, then they don't need to delete it
# 14:19 
heluecht[m] BTW: Later I read the specs about this: https://www.w3.org/TR/activitypub/#delete-activity-outbox
# 14:20 
heluecht[m] "If the deleted object is requested the server SHOULD respond with either the HTTP 410 Gone status code if a Tombstone object is presented as the response body, otherwise respond with a HTTP 404 Not Found."
# 14:20 
nightpool[m] that's for the c2s API
# 14:20 
heluecht[m] So Friendica now is immediately sending a 410 with the tombstone in the body.
# 14:20 
heluecht[m] Örgs
# 14:21 
nightpool[m] although it's probably a good guideline to follow
# 14:21 
heluecht[m] I know, I shouldn't have a look at specs, I'm always misunderstanding them 😬
# 14:23 
nightpool[m] the distinction between the c2s spec and the s2s spec is always a little murky
# 14:26 
heluecht[m] Whatever "murky" means ;-) But I guess I understand.
# 14:27 
heluecht[m] So the question stays what you do when you receive a delete activity? Do you check if the profile still is present? Or do you check if it responds with either 404 or 410?
# 14:27 
heluecht[m] And what do you do with the cached messages from that account? Do you delete them?
# 14:29 
jaywink[m] Socialhome deletes all the messages stored locally for a remotely deleted user. But this is something really not in scope of ActivityPub what to do inside a partciular platform.
# 14:30 
jaywink[m] From a privacy point of view personally it would be odd if messages were not deleted for a delete request 🤔
# 14:30 
jaywink[m] once could even view it as going against things like GDPR
# 14:46 
nightpool[m] heluecht: in this case, murky means unclear or poorly specified
# 14:46 
nightpool[m] literally, "like dark or muddy water"
cjd_ and trwnh joined the channel