Again, IANAL, but I’m pretty certain that’s not correct. My understanding is that copyright is triggered by the act of publishing.
The reason the GNU AGPL was created, and recommended in the Franklin St Statement, is that the act of serving a piece of software over the internet is not considered publishing, which means it doesn’t trigger the copyleft clause in GNU GPL. So companies were free to build proprietary server-side apps by modifying GPL software. AGPL is exactly the same as GPLv3, but with an added clause specifying that using the software in a network service triggers the copyleft obligation.
According to the US Copyright Office, copyright is “triggered” by fixing an original work of authorship in a tangible form of expression. Thus, virtually everything you write, whether or not it is “published,” is subject to copyright. As the Copyright Office makes clear: “Copyright covers both published and unpublished works.”
“Client” in this sense, or “agent”, is referring to HTTP and the World Wide Web. There is no such thing as a separate “ActivityPub” network. There is only the Web. You use ActivityPub to create Web resources and send notifications about them, and those notifications are themselves Web resources. Your Web browser is an agent in this network, specifically a user-agent. There is no such thing as an “account” in ActivityPub; despite the overview referring to the concept of “user’s accounts on servers”, the protocol deals only with actors. The mapping to actors is not 1:1, so you can’t say that any entity is necessarily “represented by an Actor”. You can at most say that a “user’s account on a server” MUST be represented by at least one actor in order to be able to send and receive activities, and it MAY be represented by zero or multiple actors. So sure, “a user is not a (random public) HTTP request”, but rather, a user makes an HTTP request, via their user-agent, which is a client acting on their behalf, and this client can be anything from cURL to a Mastodon instance. Finally, what the overview refers to as “client to server protocol” is specifically the protocol that allows ActivityPub clients to POST to an outbox or GET from an inbox. Beyond that point, you are dealing with Web resources; this happens as a consequence of id generation by the Server, which is also acting as a Web server.
There is very specifically a divide between the concept of “agent” and “authenticated agent” in other specifications such as Web Access Control. An “agent” does not have a bound identity, and represents the general public. An “authenticated agent” DOES have a bound identity, and represents only that identity which is bound to it (that it can claim and ideally prove). In this sense, they are separate classes. The former can be represented by foaf:Agent or as:Public (or other equivalent class IRIs), and the latter can be represented by acl:AuthenticatedAgent.
Well, large numbers of people are wrong about many things, all the time. I bet if you asked enough people, a sufficiently large majority of them would claim that there was a “Mastodon network”. If you asked enough people how Mastodon’s “unlisted” or “quiet public” feature worked, you would get several answers that are pretty much all incorrect. What people think or believe is irrelevant to what is reality, intended or actually-existing. At most, you can say that there is some miscommunication or lack of communication; maybe there is a way to reconcile the design of a certain software or the language it presents to users to better match expectation, but you’re going to have a tough time breaking reality. And the intended reality here is that “Public” means “without authentication”. Software implementations that declare their objects to be “public” while requiring authentication to fetch those objects are, quite simply put, lying. Ideally, they should not lie. They should declare their objects to be “requiring authentication, but any valid identity will do”. The way to declare this is by defining a class to represent the concept of authenticated actors or agents, and then declaring that they will only serve the resource to members of that class. One way to do this is via the use of Web Access Control, as described at WebAccessControl - W3C Wiki or Web Access Control or proposed via fep/fep/7502/fep-7502.md at main - fediverse/fep - Codeberg.org as a way to retrofit it onto ActivityPub’s addressing properties. If you want to go even further, you can use something like ODRL ODRL Information Model 2.2 to add additional restrictions and expectations on how the object is to be used.
I think it can be deferred to specify something for closedwebs, because such server owners usually do not choose federate contents. Even such owner federate “non-free” (i.e. w/ DRMs) or actually “non-redistributable” contents for some reason, you can cover such case by dropping them from or simply ignore on your server. I think your worrying point may be valid, but it’s better to split how “non-free” contents specify their license because it’s close but not coverable on this FEP; I don’t think such author (or company) set machine-readable license according to this FEP.
I can agree we should re-use existent something, but I don’t think ORDL is suitable to approach this FEP because people (and not company) usually pick one (or more, to combine them) of SPDX-defined license (i.e. Creative Commons, FSF-approved, or OSI-approved one) and displays copyright-er. Feels mapping SPDX-defined ones into ORDL schema is introducing unnecessary complexity like JSON-LD.
You said SPDX (or to use SPDX expression) isn’t perfect, like:
Another issue is that SPDX, since it typically just references existing non-machine-readable licenses
I think that’s valid point; SPDX is not perfect. But nothing is perfect. My point is such edge-cases that can’t be covered by SPDX-expression shall be covered by more simpler rules unlike ORDL.
Just wanted to put in that Manyfold, being specifically a tool for managing digital assets, includes license data in ActivityPub messages using the standard SPDX license structure:
For licenses that don’t have a SPDX identifier, I’m using the LicenseRef specifier; for instance, LicenseRef-Commercial to specify a normal commercial sale license (which doesn’t get the @id field).
I’d already standardised on SPDX within the app, so adding it onto ActivityPub was simple, but I think it makes sense. Other FEPs get into content controls like indexing, searchableBy, etc, but as far as applying a standard license goes, which I think is the scope of this FEP, I think we could do much worse than just settling on SPDX.
I’m quite unhappy with this nomenclature, since free licenses are not non commercial licenses: nothing prevents trade with freely licensed items. This is a wrong conception coming from the times Micro$oft and others were actively seeking to destroy free software. Now that they embraced “open-source”, keeping using “commercial license” as opposed to “free license” is but a remnant of an obsolete era. Many commercial entities use AGPL-3.0-or-later, for example, which has a reputation to be adverse to commerce: but it’s not. Only the extractivist mindset wants to believe freedom and commerce are antithetical.
I am interested in archiving posts from Mastodon, and would be a candidate for the use case highlighted by @kevinmccurley:
Maybe an author wants to create a permanent record of their post.
In reference to the discussion about social norms, adding a creative commons license to a public post can be understood as ‘please feel free to save a copy of this’ (with conditions). That’s a double signal for active consent which overlaps copyright and privacy issues: free to view, free to copy.
At the moment there isn’t an ideal way to mark posts in such manner, at least not at a protocol level. This won’t be a problem for AI bots who will happily crawl without permission, but it leaves a critical problem for people who want active consent and are trying to do the right thing.