activitypub icon indicating copy to clipboard operation
activitypub copied to clipboard

Published 20 hours ago verified publisher icon w3c

Provide a mechanism for acknowledgements of Delete activities

Open ThisIsMissEm opened this issue 1 year ago • 12 comments

Currently when an origin server issues a Delete activity, it's a fire-and-forget action, and there's no guarantees that the deletion was actually actioned. Given the various data privacy laws around the world, I think we will need some mechanism to acknowledge a deletion request.

We could use Accept though this could be ambiguous given Accept/Reject is more used around Follows and other activity types, and it's not like it'd be a really acceptable position to "reject" a deletion request from the user who's data is present on your instance. As such, I think we may need some sort of "Acknowledge" activity that just references another activity and says "yup, I've done the thing".

In very rough form, this may look like:

// Sally Sends to Fred:
{
  "@context": "https://www.w3.org/ns/activitystreams",
  "summary": "Sally deleted her account",
  "type": "Delete",
  "actor": "http://sally.example.org",
  "object": "http://sally.example.org/"
}

// Fred responds with an acknowledgement after deleting Sally's data:
{
  "@context": "https://www.w3.org/ns/activitystreams",
  "summary": "Fred acknowledged Sally's deletion request",
  "type": "Acknowledge",
  "actor": "http://fred.example.org",
  "object": {
    "type": "Delete",
    "actor": "http://sally.example.org",
    "object": "http://sally.example.org"
  }
}

This could help users' track the deletion of their accounts across the Fediverse, should they decide they want their content's permanently removed; Any instance that doesn't send back an acknowledgement could then be requested to delete the data through legal processes.

ThisIsMissEm avatar Dec 27 '23 17:12 ThisIsMissEm

This is probably a useful feature, especially for services concerned with tracking GDPR compliance of downstream processors. However, it's not currently covered in ActivityPub, and it would probably be a nicely-encapsulated FEP. I'd be happy to comment on, and even collaborate on, that FEP, since it has obvious use.

evanp avatar Jan 03 '24 17:01 evanp

me too! i think lots of diff kinds of implementation need this. tag me in the PR or draft PR!

bumblefudge avatar Jan 03 '24 17:01 bumblefudge

Unfortunately I'm not going to be able to work on this in the near term future, as I've already several ongoing projects. I am hopeful that someone can pick this up though!

ThisIsMissEm avatar Jan 03 '24 18:01 ThisIsMissEm

I think this would make for a powerful FEP, not just for activities that the originating actor asks to be deleted, but also legal/copyright takedowns, etc. my question is whether it makes sense to have a single delete activity just for activities, or whether it might be possible to model this beyond activity objects to also work with attachments, which have a different identification/deduplication story across software (ISCC?) and which are not as neatly "owned" by originating actor.

bumblefudge avatar Jan 04 '24 19:01 bumblefudge

opened a FEP-ideas issue and linked back here, so close away!

bumblefudge avatar Jan 04 '24 21:01 bumblefudge

@bumblefudge do you mean eg media that instances make copies/transcodings of and host themselves, like masto.host on their CDN?

snarfed avatar Jan 04 '24 21:01 snarfed

right, transcodings, upscale/downscale might happen in that form of opinionated federation case, but i'm also thinking about the copyright/IP takedown case where some server may want to detect and/or verifiably remove not just the one version of, say, a copyrighted film that got taken down upstream, but also check its buckets for variants that have been tinted a little or cropped a few seconds short to break its hash.

bumblefudge avatar Jan 04 '24 21:01 bumblefudge

@evanp I think we should probably keep this open, perhaps a "awaiting FEP" label would be appropriate?

ThisIsMissEm avatar Jan 11 '24 19:01 ThisIsMissEm

This issue has been mentioned on SocialHub. There might be relevant details there:

https://socialhub.activitypub.rocks/t/report-errors-in-server-processing/3006/15

ap-socialhub avatar Jan 16 '24 17:01 ap-socialhub

right, transcodings, upscale/downscale might happen in that form of opinionated federation case, but i'm also thinking about the copyright/IP takedown case where some server may want to detect and/or verifiably remove not just the one version of, say, a copyrighted film that got taken down upstream, but also check its buckets for variants that have been tinted a little or cropped a few seconds short to break its hash.

@bumblefudge Yeah, I'd say that's safely out of scope for this proposal; that falls more under a Content ID system which can and absolutely has been abused (see Russian trolls claiming copyright over Ukrainian videos on youtube)

ThisIsMissEm avatar Jan 16 '24 18:01 ThisIsMissEm

@evanp can we change this to needs-fep ?

ThisIsMissEm avatar Feb 16 '24 18:02 ThisIsMissEm

I think it makes sense to leave this open until a FEP exists that provides the necessary functionality. Using Accept and Reject would probably work probably work equally well.

evanp avatar Aug 02 '24 16:08 evanp