Verifying Deletes of users who are Gone

When someone deletes their account permanently, their servers often seem to attempt to send a Delete activity, with the user as both actor and object, to every other server in the fediverse.

  1. Should the spec give an official ruling on whether and how this should be done?
  2. Is there really not a better way than spamming the entire world?
  3. There’s a validation problem. If I get a Delete activity from a user who no longer exists, and their key isn’t cached, I have to contact their server to look it up. The server will (reasonably) respond 410 Gone. Now what? Intuitively, in this specific circumstance, that status seems to validate the message. But according to the spec I should drop the message, even if I do have details of the user.

Well, thinking logically, there are only two possible scenarios:

  1. You have that user, complete with the public key, in your database, so you get it from there, verify the request, and delete it.
  2. If you don’t have that user, then what would you delete anyway? Just ignore that request, there’s nothing you can do.
1 Like

The spec explicitly recommends delivering public activities to all known inboxes. However, I do think Mastodon sometimes forwards Delete activities in ways the spec does not approve of, which increases the problem exponentially. However, I do think this is the best scenario we currently have—it allows us to ensure that user content is deleted from servers that may only have received boosts of individual statuses, but never followed the user.

The ActivityPub also says servers are free to filter whatever activities they want to filter—I would suggest you take steps to filter forwarded Delete activities at ingress if you find them too noisy or frequent to process.

We’ve had this discussion before in #social, and @grishka concisely and succinctly explains why I don’t believe there is a validation problem.