One of the goals for interoperability between platforms that support threaded conversations is the notion that people should be able to see the entire conversation regardless of what platform they are on.
The current technical methods involve sending over a collection of objects or activities that other servers can use to reconstruct the conversation. There are several FEPs on this. This works particularly well when everyone is on the same protocol and actor identities can be verified.
But what happens when posts came from another protocol, or remote posting via single sign on, or an unauthenticated source? Do we drop the unauthenticated posts, or do we trust that the owner of the conversation knows what posts are part of the thread?
Right now different platforms handle this differently, and sometimes inconsistently. For example, on multi-protocol platforms, how it is handled may depend on the protocols involved, accepting unauthenticated posts on one protocol but dropping it on another.
Some example situations:
- Their platform supports multiple protocols, but yours does not. Some posts may come from AT Protocol, Diaspora, Zot, Nostr, Secure Scuttlebutt, etc. These foreign users may not be routable via ActivityPub but are still part of the conversation.
- Their platform supports single signon, such as OpenWebAuth or Login with Mastodon, and allows people to post locally with their fediverse identity.
- Their platform allows authenticated WordPress users to post comments that are not attached to ActivityPub actors.
- There may be unauthenticated posts, especially related to blog posts, coming in via a form, pingback, trackback, or webmention. In many cases, the owner of the blog may have moderation turned on and only approved posts appear.
In some cases it may be appropriate to drop these posts, in other situations it may not be appropriate. Hence this discussion about it. But including or excluding these posts does affect whether the conversation is the same on each platform.
In many cases, there may be possible technical solutions, like figuring out a way to authenticate posts that were remotely posted via single sign on. In other situations, there is no way to authenticate a remote user since the protocol is not supported, they used a local non-federated account, or they posted anonymously.
The easiest thing to do is to drop everything that is not ActivityPub and just remove the rest of the conversation. But that goes against the goal of having a unified view of the conversation regardless of platforms used to view the conversation.
I was curious about your thoughts on how to handle multi-protocol threads and unauthenticated posts that the thread owner claims are part of the conversation, but cannot be independently verified.