It just occurred to me how some governments like blocking social media, and how blocking Mastadon would be a neverending nightmare.

@skanman sadly it'd be trivial: detect and block the ActivityPub protocol and you take out the entire fediverse with a single rule.

@shadowsonawall I thought Mastadon only implemented activitypub for server to server, and client to server had a plethora of connection methods, so I thought blocking the protocol would only stop new servers from being connected in the country, but not block clients connecting to servers outside the country. Now I'm not sure.

Follow

@skanman it's an all-in-one kind of thing. Client/server, server/server - all under the same umbrella. Would you need multiple rules to identify the components? Dunno. Still very simple though :blobsad:

@shadowsonawall activitypub.rocks/implementati
According to this chart, the protocol is broken down in to various modes and component's and has Mastadon as such. Through analysing the feature usage and modes. I draw the conclusion that they could create "rifts" in the fediverse hosted inside their territories but not outside. But regarding, client access to the fediverse outside the territory, would involve packet filtering, and header detection. While typically this is simple, the client to server connections to be filtered are standard tcp/udp 80 443, and the request headers wouldn't be simply http https ws wss, but also a slew of API request headers. To filter all of this would require enormous processing power.

But let's say they did it anyway. The solution is simple. By redacting and redirecting certain components of the activity pub protocol, it would be simple to initiate an "activity pub proxy protocol" in which users can install gateways instead of servers that search for open connections to the fediverse that make requests using an undefined headerset, and translating them. This would make using the entire fediverse accessible inside the blocked country, in a similar way that no country has successfully blocked torrenting. While it's possible to detect it and block it, the client would simply change ports, redefine it's connection to the proxy and continue business as normal. If even one of the connected proxies is located outside the country anywhere in the world remained active, it couldn't be stopped. More good news, these could be installed along side already running Mastadon installations, without interference.

@skanman it's easy to imagine "if they did this then that would overcome it" scenarios. They are significantly harder to implement from a practical perspective. Take a look at the version numbers for fedi servers. Even if a new protocol was agreed upon (no easy feat), implemented, and everyone upgraded to the newest version, implementations would still be open source and trivial to "detect".

going through the protocol definitions it looks like you'd need two firewall rules to effectively disable the activitypub protocol. Denying anything with content matching either "/\/@\w+\/inbox/" or "/\/@\w+\/outbox/" regex. That'd disable inbound and outbound messaging across whatever network boundaries you controlled :blobshrug:

@shadowsonawall I see what you mean, let's hope it never comes to that.. clearly my firewall knowledge is out of date, I didn't realize you could match regex through traffic. That's gotta be super intensive to filter an entire country. Thanks for the info 👍 hopefully it'll make me a better developer.

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.