- From: Ryan Barrett <public@ryanb.org>
- Date: Fri, 15 Dec 2023 07:28:02 -0800
- To: Jason Culverhouse <jason@mischievous.org>
- Cc: Cristiano Longo <cristianolongo@opendatahacklab.org>, public-swicg@w3.org
- Message-ID: <CA+caGh_3_vo3m+r6rj4+CGWXoo6+v57_JM8ASrRd+ievq9rKAw@mail.gmail.com>
On Thu, Dec 14, 2023 at 12:52 PM Jason Culverhouse <jason@mischievous.org>
wrote:
>
> Has anyone gotten a fetch to work in a federated service other than
> mastodon?
>
Yes, Bridgy Fed (https://fed.brid.gy/) is successfully discovering and
fetching Threads users, following them, and receiving posts from them via
inbox delivery. I doubt they're allowlisting based on User-Agent.
Bridgy Fed uses Accept: application/activity+json; q=0.9,
application/ld+json; profile="https://www.w3.org/ns/activitystreams";
q=0.8, text/html; charset=utf-8; q=0.7 . Here's its code for making signed
fetches:
https://github.com/snarfed/bridgy-fed/blob/44056bee8a0fb2e8348b69a9187ebe1377a7cdcd/activitypub.py#L460-L537
> curl -vv -H 'Accept: application/activity+json' -s
> https://www.threads.net/ap/users/mosseri/
>
> > GET /ap/users/mosseri/ HTTP/2
>
> > Host: www.threads.net
>
> > User-Agent: curl/8.4.0
>
> > Accept: application/activity+json
>
> >
>
> < HTTP/2 200
>
> < vary: Accept-Encoding
>
> < set-cookie: csrftoken=BhQElIcw-0YjRuZGEuVSch; expires=Thu, 12-Dec-2024
> 20:32:04 GMT; Max-Age=31449600; path=/; domain=.threads.net; secure
>
> < set-cookie: mid=ZXtmRAAEAAFKNFXFE5SP61RKS44H; expires=Fri, 17-Jan-2025
> 20:32:04 GMT; Max-Age=34560000; path=/; domain=.threads.net; secure;
> httponly
>
> < accept-ch-lifetime: 4838400
>
> < accept-ch:
> viewport-width,dpr,Sec-CH-Prefers-Color-Scheme,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
>
> < pragma: no-cache
>
> < cache-control: private, no-cache, no-store, must-revalidate
>
> < expires: Sat, 01 Jan 2000 00:00:00 GMT
>
> < content-security-policy-report-only: default-src https: data: wss: blob:
> chrome-extension: 'unsafe-inline' 'unsafe-eval';connect-src *.threads.net
> wss://*.threads.net:* *.facebook.com facebook.com *.fbcdn.net *.
> facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com
> *.cdninstagram.com wss://*.instagram.com:* 'self';report-uri
> https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for
> 'script';
>
> < content-security-policy: default-src data: blob: *.threads.net *.
> instagram.com *.facebook.com *.fbcdn.net;script-src 'unsafe-inline'
> 'unsafe-eval' blob: data: 'self' *.facebook.com *.fbcdn.net *.facebook.net
> 127.0.0.1:* static.cdninstagram.com;style-src data: blob: 'unsafe-inline'
> *.fbcdn.net *.threads.net *.facebook.com *.instagram.com
> static.cdninstagram.com;connect-src blob: 'self' *.threads.net
> wss://*.threads.net:* *.facebook.com facebook.com *.fbcdn.net *.
> facebook.net wss://*.facebook.com:* ws://localhost:* *.instagram.com *.
> cdninstagram.com wss://*.instagram.com:*;font-src data:
> static.cdninstagram.com;img-src data: blob: android-webview-video-poster:
> *.threads.net *.instagram.com *.facebook.com *.fbcdn.net *.
> cdninstagram.com about.fb.com engineering.fb.com www.gstatic.com *.
> fbsbx.com *.giphy.com pps.whatsapp.net;media-src data: blob:
> android-webview-video-poster: *.threads.net *.instagram.com *.facebook.com
> *.fbcdn.net *.cdninstagram.com www.gstatic.com *.fbsbx.com *.giphy.com;frame-src
> *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for
> 'script';
>
> < report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/
> www.threads.net\/ajax\/barcelona_error_reports\/?device_level=unknown"}]}
>
> < x-frame-options: DENY
>
> < x-content-type-options: nosniff
>
> < x-xss-protection: 0
>
> < reporting-endpoints: default="
> https://www.threads.net/ajax/barcelona_error_reports/?device_level=unknown
> "
>
> < cross-origin-opener-policy: same-origin-allow-popups
>
> < strict-transport-security: max-age=31536000; preload; includeSubDomains
>
> < content-type: text/html; charset="utf-8"
>
> < x-fb-debug:
> mIi2vDna/nrQak+dMGHymaJwcYUAH0TUOfq29feqdblO24Cfbd8cJY2VxQoZMmbfTd2/ComCKPKqqc44D28rag==
>
> < date: Thu, 14 Dec 2023 20:32:04 GMT
>
> < alt-svc: h3=":443"; ma=86400
>
>
> Jason
>
>
> On Dec 14, 2023, at 12:22 PM, Cristiano Longo <
> cristianolongo@opendatahacklab.org> wrote:
>
> I get the same response with all the accounts you mentioned.
> On 14/12/23 21:11, Ryan Barrett wrote:
>
> It's evidently a very limited set of accounts; so far I (and others) have
> only seen that @mosseri, @0xjessel, and @christophersu are federating so
> far. Others like @btsavage still aren't serving webfinger or AS2 yet.
>
> On Thu, Dec 14, 2023 at 11:23 AM Cristiano Longo <
> cristianolongo@opendatahacklab.org> wrote:
>
>> Still not working for me. May be I should declare the accepted encodings
>> in the request.
>>
>>
>> Request
>>
>>
>> GET /@btsavage HTTP/2
>> Host: www.threads.net
>> accept: application/activity+json
>>
>>
>> Response
>>
>>
>> HTTP response code 320
>>
>> empty body
>>
>>
>> Headers
>> vary: Accept-Encoding
>> location: https://www.facebook.com/unsupportedbrowser
>> strict-transport-security: max-age=31536000; preload; includeSubDomains
>> content-type: text/html; charset="utf-8"
>> x-fb-debug:
>> 0cHgFvshEWJR5sZU23uOemQcHuGcN+zUO8Wam4ym76dO5OEXTa4pOApVYp2AnEwPBkMl2L0E+IqWIkmcWDQICg==
>> content-length: 0
>> date: Thu, 14 Dec 2023 19:17:07 GMT
>> alt-svc: h3=":443"; ma=86400
>>
>>
>>
>>
>>
>> On 14/12/23 19:31, Chris Messina wrote:
>>
>> Seems like that is working now.
>>
>> <02C65517-12EF-4D8E-A0D0-461492E8F00B.jpg>
>>
>> https://www.threads.net/@0xjessel/post/C010QLJrQCI/?
>>
>>
>>
>> [image: Photo of Chris Messina] <https://chrismessina.me/>
>> Chris Messina <https://chrismessina.me/>
>> Investor • Ride Home AI Fund
>> Previously: Google, Uber, Republic, Y Combinator 🏆 #1 Product Hunter
>> <https://chrismessina.me/hunt-me>
>> [image: Threads] <https://threads.net/@chris>[image: Product Hunt]
>> <https://www.producthunt.com/@chrismessina>[image: Mastodon]
>> <https://mastodon.xyz/@chrismessina>[image: Spotify]
>> <https://open.spotify.com/user/factoryjoe>[image: LinkedIn]
>> <https://linkedin.com/in/factoryjoe/>[image: Instagram]
>> <https://instagram.com/chris>[image: Medium]
>> <https://medium.com/@chrismessina>
>>
>> Sent via Superhuman iOS <https://sprh.mn/?vip=chris.messina@gmail.com>
>>
>>
>> On Thu, Dec 14 2023 at 6:12 AM, Cristiano Longo <
>> cristianolongo@opendatahacklab.org> wrote:
>>
>>>
>>> On 14/12/23 02:43, Ben Savage wrote:
>>>
>>> Hi everyone,
>>>
>>> Ben Savage here from Meta. Just a few quick points:
>>>
>>>
>>> 1. This test is not yet started (debugging some last technical
>>> issues together with Mastodon engineers)
>>> 2. Only a few accounts will be a part of this initial test. My
>>> Threads account (https://www.threads.net/@btsavage) will be one of
>>> those and I'm happy to make test posts to help people who want to work on
>>> Threads integration.
>>> 3. We will share details about how to test soon, once we iron these
>>> issues out.
>>>
>>>
>>> --Ben
>>>
>>>
>>> But requesting content with activity+json mimetype I get a redirect to
>>> https://www.facebook.com/unsupportedbrowser
>>>
>>>
>>> ------------------------------
>>> *From:* Kagami Rosylight <saschanaz@outlook.com> <saschanaz@outlook.com>
>>> *Sent:* Wednesday, December 13, 2023 11:09 PM
>>> *To:* public-swicg@w3.org <public-swicg@w3.org> <public-swicg@w3.org>
>>> *Subject:* Re: Threads testing federation via ActivityPub
>>>
>>> The page source does include application/activity+json: <link
>>> href="https: //www. threads. net/@zuck/post/C0zXcQmxO77"
>>> type="application/activity+json" /> But curl doesn't work as you noted,
>>> perhaps it requires
>>> ZjQcmQRYFpfptBannerStart
>>> This Message Is From an Untrusted Sender
>>> You have not previously corresponded with this sender.
>>>
>>> ZjQcmQRYFpfptBannerEnd
>>>
>>> The page source does include application/activity+json: <link href="https://www.threads.net/@zuck/post/C0zXcQmxO77" type="application/activity+json" />
>>>
>>> But curl doesn't work as you noted, perhaps it requires some additional things to limit it for internal test?
>>>
>>> On 13/12/2023 21:35, Evan Prodromou wrote:
>>>
>>> Mike Macgirving pointed out that I'm not using the right media type! I
>>> tried with ld+json and didn't get any traction, though.
>>>
>>> ```
>>> curl -H 'Accept: application/ld+json; profile=
>>> "https://www.w3.org/ns/activitystreams"
>>> <https://www.w3.org/ns/activitystreams>' https://www.threads.net/@zuck
>>>
>>> curl -H 'Accept: application/ld+json; profile=
>>> "https://www.w3.org/ns/activitystreams"
>>> <https://www.w3.org/ns/activitystreams>'
>>> https://www.threads.net/@zuck/post/C0zXcQmxO77
>>>
>>> ```
>>> On 2023-12-13 2:07 p.m., Evan Prodromou wrote:
>>>
>>> I just saw this post on Threads:
>>>
>>> https://www.threads.net/@zuck/post/C0zXcQmxO77
>>>
>>> "Starting a test where posts from Threads accounts will be available on
>>> Mastodon and other services that use the ActivityPub protocol. Making
>>> Threads interoperable will give people more choice over how they interact
>>> and it will help content reach more people. I'm pretty optimistic about
>>> this."
>>>
>>> I haven't been able to probe WebFinger for threads.net accounts, nor do
>>> Threads URLs reply with Activity Streams 2.0 content.
>>>
>>> ```
>>> curl -H "Accept: application/activity+json"
>>> https://www.threads.net/@zuck
>>> curl -H "Accept: application/activity+json"
>>> https://www.threads.net/@zuck/post/C0zXcQmxO77
>>> curl -v
>>> "https://www.threads.net/.well-known/webfinger?resource=acct:zuck@threads.net"
>>> <https://www.threads.net/.well-known/webfinger?resource=acct:zuck@threads.net>
>>>
>>> ```
>>>
>>> Has anyone else been able to find signs of this "test" going on?
>>>
>>> Evan
>>>
>>>
>
> --
> https://snarfed.org/
>
>
>
--
https://snarfed.org/
Received on Friday, 15 December 2023 15:28:48 UTC