Re: Threads testing federation via ActivityPub from Jason Culverhouse on 2023-12-15 (public-swicg@w3.org from December 2023)

From: Jason Culverhouse <jason@mischievous.org>
Date: Fri, 15 Dec 2023 10:21:39 -0800
To: Ryan Barrett <public@ryanb.org>
Cc: Cristiano Longo <cristianolongo@opendatahacklab.org>, public-swicg@w3.org
Message-Id: <D31761AC-3327-40CC-AF57-A1368E541472@mischievous.org>
> On Dec 15, 2023, at 7:28 AM, Ryan Barrett <public@ryanb.org> wrote:
> 
> On Thu, Dec 14, 2023 at 12:52 PM Jason Culverhouse <jason@mischievous.org <mailto:jason@mischievous.org>> wrote:
>> 
>> Has anyone gotten a fetch to work in a federated service other than mastodon?
> 
> Yes, Bridgy Fed (https://fed.brid.gy/) is successfully discovering and fetching Threads users, following them, and receiving posts from them via inbox delivery. I doubt they're allowlisting based on User-Agent.
> 
> Bridgy Fed uses Accept: application/activity+json; q=0.9, application/ld+json; profile="https://www.w3.org/ns/activitystreams"; q=0.8, text/html; charset=utf-8; q=0.7 . Here's its code for making signed fetches: https://github.com/snarfed/bridgy-fed/blob/44056bee8a0fb2e8348b69a9187ebe1377a7cdcd/activitypub.py#L460-L537
> 
>> 

Hmm… try as I might.  I always get back a html content type This is a get request so the signature header contains just "(request-target) date host” and I use the content type application/activity+json

Signature keyId="https://flipboard.com/users/JsonCulverhouse#main-key",created=1702664065,algorithm="rsa-sha256",headers="(request-target) date host",signature=“…“


Same requests work fine with a secured mastodon server.
Jason



>> Jason
>> 
>> 
>>> On Dec 14, 2023, at 12:22 PM, Cristiano Longo <cristianolongo@opendatahacklab.org <mailto:cristianolongo@opendatahacklab.org>> wrote:
>>> 
>>> I get the same response with all the accounts you mentioned.
>>> 
>>> On 14/12/23 21:11, Ryan Barrett wrote:
>>>> It's evidently a very limited set of accounts; so far I (and others) have only seen that @mosseri, @0xjessel, and @christophersu are federating so far. Others like @btsavage still aren't serving webfinger or AS2 yet.
>>>> 
>>>> On Thu, Dec 14, 2023 at 11:23 AM Cristiano Longo <cristianolongo@opendatahacklab.org <mailto:cristianolongo@opendatahacklab.org>> wrote:
>>>>> Still not working for me.  May be I should declare the accepted encodings in the request.
>>>>> 
>>>>> 
>>>>> 
>>>>> Request
>>>>> 
>>>>> 
>>>>> 
>>>>> GET /@btsavage HTTP/2
>>>>> Host: www.threads.net <http://www.threads.net/>
>>>>> accept: application/activity+json
>>>>> 
>>>>> 
>>>>> 
>>>>> Response
>>>>> 
>>>>> 
>>>>> 
>>>>> HTTP response code 320
>>>>> 
>>>>> empty body
>>>>> 
>>>>> 
>>>>> 
>>>>> Headers
>>>>> vary: Accept-Encoding
>>>>> location: https://www.facebook.com/unsupportedbrowser
>>>>> strict-transport-security: max-age=31536000; preload; includeSubDomains
>>>>> content-type: text/html; charset="utf-8"
>>>>> x-fb-debug: 0cHgFvshEWJR5sZU23uOemQcHuGcN+zUO8Wam4ym76dO5OEXTa4pOApVYp2AnEwPBkMl2L0E+IqWIkmcWDQICg==
>>>>> content-length: 0
>>>>> date: Thu, 14 Dec 2023 19:17:07 GMT
>>>>> alt-svc: h3=":443"; ma=86400
>>>>> 
>>>>>             
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> On 14/12/23 19:31, Chris Messina wrote:
>>>>>> Seems like that is working now. 
>>>>>> 
>>>>>> <02C65517-12EF-4D8E-A0D0-461492E8F00B.jpg>
>>>>>> 
>>>>>> https://www.threads.net/@0xjessel/post/C010QLJrQCI/?
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>>  <https://chrismessina.me/> 
>>>>>> Chris Messina <https://chrismessina.me/>
>>>>>> Investor • Ride Home AI Fund
>>>>>> Previously: Google, Uber, Republic, Y Combinator 🏆 #1 Product Hunter <https://chrismessina.me/hunt-me>
>>>>>>  <https://threads.net/@chris> <https://www.producthunt.com/@chrismessina> <https://mastodon.xyz/@chrismessina> <https://open.spotify.com/user/factoryjoe> <https://linkedin.com/in/factoryjoe/> <https://instagram.com/chris> <https://medium.com/@chrismessina>
>>>>>> Sent via Superhuman iOS <https://sprh.mn/?vip=chris.messina@gmail.com>
>>>>>> 
>>>>>> On Thu, Dec 14 2023 at 6:12 AM, Cristiano Longo <cristianolongo@opendatahacklab.org <mailto:cristianolongo@opendatahacklab.org>> wrote: 
>>>>>>> 
>>>>>>> On 14/12/23 02:43, Ben Savage wrote:
>>>>>>>> Hi everyone,
>>>>>>>> 
>>>>>>>> Ben Savage here from Meta. Just a few quick points:
>>>>>>>> 
>>>>>>>> This test is not yet started (debugging some last technical issues together with Mastodon engineers)
>>>>>>>> Only a few accounts will be a part of this initial test. My Threads account (https://www.threads.net/@btsavage) will be one of those and I'm happy to make test posts to help people who want to work on Threads integration.
>>>>>>>> We will share details about how to test soon, once we iron these issues out.
>>>>>>>> 
>>>>>>>> --Ben
>>>>>>>> 
>>>>>>> 
>>>>>>> But requesting content with activity+json mimetype  I get a redirect to https://www.facebook.com/unsupportedbrowser
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>>> 
>>>>>>>> From: Kagami Rosylight <saschanaz@outlook.com> <mailto:saschanaz@outlook.com>
>>>>>>>> Sent: Wednesday, December 13, 2023 11:09 PM
>>>>>>>> To: public-swicg@w3.org <mailto:public-swicg@w3.org> <public-swicg@w3.org> <mailto:public-swicg@w3.org>
>>>>>>>> Subject: Re: Threads testing federation via ActivityPub
>>>>>>>>  
>>>>>>>> This Message Is From an Untrusted Sender 
>>>>>>>> You have not previously corresponded with this sender. 
>>>>>>>>  
>>>>>>>> The page source does include application/activity+json: <link href="https://www.threads.net/&#064;zuck/post/C0zXcQmxO77" type="application/activity+json <>" />
>>>>>>>> 
>>>>>>>> But curl doesn't work as you noted, perhaps it requires some additional things to limit it for internal test?
>>>>>>>> On 13/12/2023 21:35, Evan Prodromou wrote:
>>>>>>>>> Mike Macgirving pointed out that I'm not using the right media type! I tried with ld+json and didn't get any traction, though.
>>>>>>>>> 
>>>>>>>>> ```
>>>>>>>>> curl -H 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams" <https://www.w3.org/ns/activitystreams>' https://www.threads.net/@zuck
>>>>>>>>> 
>>>>>>>>> curl -H 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams" <https://www.w3.org/ns/activitystreams>' https://www.threads.net/@zuck/post/C0zXcQmxO77
>>>>>>>>> 
>>>>>>>>> ```
>>>>>>>>> 
>>>>>>>>> On 2023-12-13 2:07 p.m., Evan Prodromou wrote:
>>>>>>>>>> I just saw this post on Threads:
>>>>>>>>>> 
>>>>>>>>>> https://www.threads.net/@zuck/post/C0zXcQmxO77
>>>>>>>>>> 
>>>>>>>>>> "Starting a test where posts from Threads accounts will be available on Mastodon and other services that use the ActivityPub protocol. Making Threads interoperable will give people more choice over how they interact and it will help content reach more people. I'm pretty optimistic about this."
>>>>>>>>>> 
>>>>>>>>>> I haven't been able to probe WebFinger for threads.net <http://threads.net/> accounts, nor do Threads URLs reply with Activity Streams 2.0 content.
>>>>>>>>>> 
>>>>>>>>>> ```
>>>>>>>>>> curl -H "Accept: application/activity+json" https://www.threads.net/@zuck
>>>>>>>>>> curl -H "Accept: application/activity+json" https://www.threads.net/@zuck/post/C0zXcQmxO77
>>>>>>>>>> curl -v "https://www.threads.net/.well-known/webfinger?resource=acct:zuck@threads.net" <https://www.threads.net/.well-known/webfinger?resource=acct:zuck@threads.net>
>>>>>>>>>> ```
>>>>>>>>>> 
>>>>>>>>>> Has anyone else been able to find signs of this "test" going on?
>>>>>>>>>> 
>>>>>>>>>> Evan
>>>>>>>>>> 
>>>> 
>>>> 
>>>> -- 
>>>> https://snarfed.org/
>> 
> 
> 
> -- 
> https://snarfed.org/
Received on Friday, 15 December 2023 18:21:59 UTC