Poisoning and Privacy

If you’re familiar with extensions like trackmenot and AdNauseam, the TL;DR of this post is about extending their techniques to ActivityPub.

Poisoning is about changing the responses an instance sees when it is blocked, rather than outright rejecting the requests.

In fact, this technique already exists. You can use poisoning today with e.g. Support custom responses · Issue #1 · lexi-the-cute/block-meta-from-fedi · GitHub, but there is a caveat: this only provides passive protection. In other words, it only changes the responses that were actually requested.

We can go further. ActivityPub allows servers to push new posts out to followers on other instances. Thus, we can extend this technique to preemptively poison responses before they’re even requested. This would provide active protection, in the form of active poisoning.


just came across a fully-featured implementation of activitypub poisoning: https://puckipedia.com/4th-wall--talki

really neat.

Is this based on authorized fetch and whatever domain is associated with the HTTP Signature?

we believe so.

but in the context of poisoning, the system wouldn’t reject malicious requests, it would just recognize them and do something else in response. probably not much different from a “shadowban”.