ActivityPub Development Strategy

Hi team,

I found this community this past November, The Husk strongly motivated me to learn more about the details of how Mastodon is implemented and ActivityPub in particular. I was motivated by my exodus from twitter but almost instantly recognized that ActivityPub could accelerate my work in healthcare tech.

I’m Carty, I’m well into my career as a software product development leader and have been working largely on my own for the last couple of years on something I am very passionate about: better patient user experiences in healthcare and in particular building apps to increase access to healthcare in the US. I had done some FHIR stuff before, it’s a step in the right direction, ActivityPub has much more potential at the app level.

I started with this most awesome doc:

and concluded, cleverly I think :slight_smile:, that rather that use the Mastodon API, I’d spoof Mastodon messages. I code in Python (unless I can’t), HTTP sigs in particular was a challenge, I posted notes here:

Then I built a Mastodon server for my friends who were also leaving twitter, it was good timing.

Then I built a first very simple HealthPub™ server, an ActivityPub conformant personal medical records app.

As you know, there are a lot of messages ya’ll, and they just keep coming. I needed to get my async code act together so I built another instance to log the messages from both the ActivityPub and HealthPub™ servers and I was able to debug.

That’s all just context for my actual question. How are you all approaching strategy in building on ActivityPub?

ActivityPub and the Fediverse have a proud heritage of independence from commercial influence. It’s time for me to raise money though, I am not going to move the needle on how patients experience healthcare with no money no matter how committed I am. I cannot scale my ideas without building a team.

I am accustomed to raising venture capital, it’s fast and low overhead, I get that it has not traditionally been accessible to everyone, I’d love to help with that.

Are there “Fediverse/ActivityPub friendly” VCs? Are there better ways to raise a little, not a ton (~$8-$10M) , in this very cool community?

Whether I raise money or not (not a foregone conclusion my friends and colleagues all think I am insane) I’ll continue to contribute as much as I can here.

Hey my realtime ActivityPub message logger? I began to transform the messages to organize them a bit and it occurred to me that it’s a very early ActivityPub message router. I was at Cisco in the 90s I am easily impressed with how important routers can be in a new domain.

OK cool, thanks,


You might apply for R&D grants, e.g. by applying to programs offered by the Next Generation Internet.

1 Like

I would be interested in hearing more about how this is architected and what “ActivityPub conformant” means for medical records. This seems more than a bit risky if not handled with great care.

No, and as I’m sure you’re aware, this space is quite hostile to VC, and to capitalism in general. The preferred model is using crowdfunding, grants, and donations to finance our survival as we work on building a digital commons. Any ideas that you’d like to “scale” will likely be evaluated within that culture and framework. Again, I would be interested in hearing what those ideas are and what they entail.

etc: you may wish to look at HEART WG | OpenID for a more secure take on accessing patient resources

Thank you trwnh, that’s consistent with much of what I hear and observe.

I’d like to keep the discussion somewhat practical. If people will be willing to rely on the Fediverse/Activity Pub they will be moving to an ecosystem that competes with venture capital (the existing ecosystem).

It took Mastodon and ActivityPub 10 years in relative obscurity to scale into the mainstream, no other app or protocol will ever have that opportunity again, the world has changed. Grants? Trying, they are slow, embedded in the status quo, and a very difficult way to innovate.

I don’t need the Fediverse to like VCs, I need a VC that will take a risk on the Fediverse. I can handle the (non commercial) experience the my patients will have, I am not worried about that.

I get that this sounds negative, I really need help. I get the social aspects of the Fediverse - the early ActivityPub people are truly admirable - that’s one of the reasons I’m here.

You are right, and I am not ready to talk in any detail here, I have been rigorous about contributing back to the community as I build assets. I would be happy to talk about architecture in a less public venue, you can reach me at

TCP/IP was not at all secure at first, was it?

Here’s a teaser, your current medical record solution is not “social” at all, is it? In the US “security”/HIPAA has been an excuse for a generation of sw developers to build awful apps for providers and patients, I’m changing that, I’m going to use ActivityPub, and I need help including money.

1 Like

This sounds horrifying without any context. Typically I would want my medical records to be “private” and “secure”, not “social”. But I suppose that we can discuss that over email, as you have invited.

trwnh think more generally about how people access and consume healthcare, and in particular what inhibits access for Americans, the confidential clinical information in one’s EMRs is only a small part of it.

We will handle that clinical information safely, that’s not a new or even difficult problem. I’ll show up here and elsewhere for the discussions of Fediverse security, identity, encryption, and safety.

I’d love to crowdsource but Epic and Cerner are not crowdsourcing, HealthPub™ needs to scale and compete effectively if we are going to actually help patients.

perhaps it would be helpful for my understanding if you could explain how “email but http+json” was relevant to personal medical records, much less any “social web” integration. i don’t generally go about publishing my personal medical records on my website, or syndicating them to any others.

now, i may be missing something here, seeing as i’m not familiar with Epic or Cerner and i don’t have general access to healthcare in the USA. but it just seems like the wrong conceptual model. if it were just about sharing informational resources between healthcare providers, i’m confident you would be better-served by the HEART WG’s work on OAuth 2 scopes for their standard.

you don’t need an email-like message passing protocol unless you intend to have healthcare services process side-effects of those messages, like Follow activities or pushing notifications about when new records are Created or Added and therefore should be fetched, cached, or refetched. but there’s no way to easily know who sent a Follow request or what they will do with any activities you send them. there’s a potential to accidentally send your personal medical records to some hypothetical software actor that might interpret them as a blog post or social media status.

@CartyBoston you might considering tracking some ideas in the newly created fediverse-ideas repository, which are discussed here on SocialHub.

I can imagine some use cases where HealthCare and social networking combine well. For example Patient Support Groups. A doctor may advise a patient with a certain diagnosis to join a group of people with similar medical affliction to talk about their experiences in a safe environment. Besides patients this group may also have other qualified members in various medical roles that give professional advice, etcetera.

(Still lotta care for privacy needed, but depending on case may be less restrictive than medical records)

I love doing HealthPub™ design and I am looking forward to discussing the ActivityPub interface and behavior here, but to be clear my goal in this post is to build a community who can develop some important software now in a focused way while not starving.

But since people are interested :grinning: consider:

It’s a baby step that we can be all over, to the benefit of tens of thousands of Americans today.

We have not yet involved a provider or a prescription!

I’m a fan of both things:

  • Not starving
  • Writing important software

However, I must admit a lot of the discussion in here goes over my head. For example, all privacy related statements lack the context if we use “ActivityPub” as a protocol, or as something that will be “Mastodon”-compatible. Answers very much depend on it.