Hi! I’m working on building a new social-ish platform called Kowloon that I’ve been chipping away at for a couple of years now. At its heart, it’s basically a microblog and feed reader, but I think more interesting than that sound, and it has some specific implementations of the social stuff that’s a bit different from the usual models. I’m writing it in MERN stack.
I’d really like to have Fediverse/ActivityPub interoperability built in from jump street, but the existing beginner tutorials seem primarily aimed at how to create a Mastodon server or integrate with it; I want to make sure that Kowloon can integrate with Mastodon, but it’s not the same sort of app, really. But I’d like to make it as easy as possible to convert from its built in data structures for posts, users, etc. to ActivityPub, while also optimizing it for the specific unique stuff I’m trying to do.
I’d like to find a community where I can ask really stupid questions so I can get this to some kind of working MVP – not because it’s commercial, it’s all going to be open-source, but because I want to get it to a point where it makes sense to people who might want to join in on the project.
Where would be the best place to do that? Is there a Discord that folks use? A messageboard? Is this the right place, and if so, which categories should I post in?
Thanks for any advice y’all can give me. I’ve never really tried anything of this scope before, so I’m a little lost, but I really think my architecture is worth actually turning into a working app.
OK, so here’s the deal: Kowloon is, basically, me thinking about what’s good about social media and what’s bad for a really, really long time – since Friendster days, maybe even before. (I am an ancient of the old days, aka the Nineties. )
The original idea was “Google Reader, but with blogging tools built in”. But it’s expanded a bit from that. So basically:
A microblog, but there are (for now) four different types of posts: Status (short, with no title), Blog (longer, can have an optional title, can have more formatting), Gallery (audio/video/pictures) and Link (link with a caption and a preview image, ala Facebook). So basically you can use it like Twitter/Mastodon/Facebook, Wordpress, Instagram/TikTok or Pinboard/Del.icio.us or any combination of these. All post types support basic text formatting, because not being able to use italics and bold sucks.
Your timeline can be made up of other Kowloon users, RSS feeds, and anything that can be syndicated or handled via ActivityPub, like other people’s Mastodon timelines. Kowloon is pretty agnostic about where things come from.
Your public posts are visible on your Kowloon server as a public blog – no app or login required to read it.
Private posts can be targeted at Circles, which are arbitrary groups – “friends”, “family”, “annoying people from high school I’m not sure why I’m even friends with but whatever”, etc. Nobody but members of that Circle can see a post that’s targeted to a Circle. (You can also make posts visible to all friends.)
There are no friend requests. Anyone can follow your public posts, because they’re visible on the Web anyway. But you have to invite people to have access to your private posts, and it’s non-symmetrical – if Alice invites Bob, that doesn’t mean Bob automatically gives access to his private posts to Alice. This is more like how actual human relationships work, in my opinion.
The timeline is ordered by reverse chronological order, no algorithms, but you can filter it by Circles and by post type – so you can view only Galleries from your “Family” Circle, or Links from “News” people you follow, or Statuses from “Work Friends”.
The UI is responsive and progressive – so if you just want it to look like Mastodon/Twitter, where you’ve got a plain text box to post in, cool – but select the Post type and all of a sudden you get an optional Title field and Draft.js to play with. It’s not as customizable or full-featured as, say, Wordpress, but you’ll have control over how your timeline is formatted, how your public posts appear, etc.
The server is multiuser, and I want to make it use ActivityPub standards so it can integrate with the rest of the Fediverse – webfinger and inbox/outbox endpoints, etc. It’ll also serve public posts via RSS/JSON Feed, so you’ll be able to subscribe to a Kowloon user in Feedly or whatever you use and see their posts just like you would from a blog.
All open source and free. No built-in tracking or metrics, no engagement nonsense.
Server is written in Node and currently I’m using MongoDB as my data store, though that’s mainly because I personally like it. I want the frontend to be a PWA to start with, and build mobile apps later.
So my first thing I’m currently trying to figure out is how to handle authentication. I looked at the RSS-to-ActivityPub example someone put up on Github, which gave me some clues about how to handle that side of things. But I’m still trying to wrap my head around how public/private key authentication works in ActivityPub, and also how to handle Circle invites and what basically amounts to user privileges, and how to make sure that when Bob’s server queries Alice’s server for new posts, it only returns posts targeted to Circles Bob is in. In fact, this is the biggest hurdle I’ve got, because I’ve mostly figured out the internals and the UI.
This is A Whole Awful Lot for one person to do, especially a 45 year old dude with health problems (I got a crap heart), but I think it’s a really useful project that a lot of people who’ve heard my pitch and seen screenshots, etc. tell me they really want to see happen. I’m working on it part-time, because I’m currently trying to find a remote gig in the US even though I live in London (visa weirdness) and also recuperating from my most recent heart attack. That’s why I’d love any advice or even just links to useful tutorials/code to sort out. If there’s a coding community in London that does meatspace meetups, I don’t know about it, and none of my other coder friends do stuff like this, so I’m really on my own with it, and I’d love not to be.
So: if anybody can help me sort out the auth/permissions stuff, I’d be most appreciative!
Circles will probably mean you lose compatibility with MastoPub, i.e. the ActivityPub Dialect + interpretation of addressing of Mastodon (4 visibility levels: public, unlisted, followers, mentions).
Generally permissions need to be handled outside ActivityPub, as it is a protocol for data sharing. Due to the above fact, there has been little work on how to handle them nicely.
Finally, the obligatory advertisement: If you know python, check out bovine and the two tutorials there to get started. The first one can be done without having access to an ActivityPub Server supporting Client To Server
I barely know Python, but I’ll check it out anyway, thanks! I probably know enough to understand what I’m looking at.,
The Circles thing is pretty core to what I think is valuable about Kowloon, so I’m unlikely to scrap it for Mastodon compatibility, but I think I can map it to Mastodon somehow.
I’m so lost with the auth stuff, I hate that crap. oAuth is the bane of my existence. But I’ll figure it out somehow. Right now I’m just working on turning Kowloon into a package so I can do rapid prototyping in Next.js or create-react-app. I’ve already built most of the UI in pieces, I just need to streamline it and put it all together.
I know eeeeeerrrrrybody wants to build their own app these days, but I really think this particular thing is gonna be useful for lots of folks. I want to avoid a lot of the privacy failures innate to for-profit social networks and try to make something more ambiguous and nuanced that takes bad actors into account from the get-go. It’s taken me years to really architect it in my head, now it’s just implementation.
Circles are nothing more than mailing lists. It shouldn’t be a surprise that all of my fediverse projects (don’t bother trying to list them) have supported them since 2010. But they do sort of depend on having a conversational instead of or in addition to a microblog architecture. You can find all the sordid details in the fep-5624 thread.
unrelated to your question about auth, but i recommend not mixing “subset of followers” with “subset of following”. what you describe as Circles sounds like custom audiences, which should probably be separate from e.g. what mastodon calls Lists
well, ActivityPub is largely the opposite of what you’re expecting here – Bob doesn’t query Alice’s server for posts. Alice directly delivers posts to Bob (or to Bob’s server, in some cases).
you could support fetching posts directly from the server, but this is not a model that most implementations support. in that case, you would have to establish a mechanism for cross-domain authorization or identity verification, and it would have to be supported on both sides. the closest thing to this is HTTP Signatures (Cavage Draft 8), although it certainly has its fair share of caveats. if you want people to view the posts natively at the origin, then you probably want something like IndieAuth or OpenWebAuth.
iirc last i checked, mastodon’s concept of “Circles” is “any post that is not Public, Unlisted, or Followers-only, but has at least one person addressed that isn’t mentioned”. a more ideal way to signal this would be to use audience on the object, but that’s not something most/any of the current implementations do afaik.