Evan Prodromou@evan@cosocial.ca

Home | Notifications | New Note | Local | Federated | Search | Logout

Evan Prodromou@evan@cosocial.ca

He/him. Board member at CoSocial.ca.

Research Director, Social Web Foundation.

Author of "ActivityPub: Programming for the Social Web" from O'Reilly Media.

Founder of Wikitravel, StatusNet, identi.ca, Fuzzy.ai.

Creator of pump.io. Co-creator of GNU social.

Former co-chair of the Social Web Working Group at W3C. Co-author of Activity Streams 2.0. Co-author of ActivityPub. Co-author of OStatus.

Grad student in CS at Georgia Tech.

Greek, Arab, Palestinian, American, Canadian, Montréalais.

Personal: https://prodromou.pub/@evan
Work: https://social.openearth.org/@evan
Blog: https://evanp.me/
Social Web Foundation: https://socialwebfoundation.org/author/evanprodromou/
Joined: 2026-05-02 04:31:54
14 notes, 0 following, 0 followers


Evan Prodromou@evan@cosocial.ca (2026-05-26 07:38:46)
It's interesting reading the nodeinfo for #tagspub. We've seen ~320,000 hashtags over the last 3 month. Of those, 182,000 have been used in the last 30 days. The rest? I don't know. Honestly, it seems like an awful lot of hashtags! #serverstats


Evan Prodromou@evan@cosocial.ca (2026-05-25 09:59:49)
This is cool as hell! https://ieeexplore.ieee.org/document/10361296 #ActivityPub #IOT #UPOD


Reply to @silverpill@mitra.social
Evan Prodromou@evan@cosocial.ca (2026-05-24 05:03:52)
@silverpill 

I don't think this makes sense: "Servers MUST NOT allow clients to publish activities where embedded objects are owned by another actor." 

We've never had this requirement; it's not built into ActivityPub; it's not how federation work.

- Like
- Announce
- inReplyTo
- Follow
- Accept
- Reject

I think two way verification is a better mechanism than same-origin. So, check that the `object` of a `Create` has the same `attributedTo` as the `actor`.


Evan Prodromou@evan@cosocial.ca (2026-05-18 05:01:03)
For the #ActivityPubAPI, we need a profile of OAuth to use for accessing the actor's data. There's a suggested flow here: 

https://github.com/swicg/activitypub-api/blob/main/OAuth%202.0%20for%20ActivityPub%20Activity%20Diagram.png

There's an example client here:

https://swicg.github.io/activitypub-api/examples/oauth/index.html

It tries discovery via RFC 8414 or getting the endpoints straight from the actor.

It then provisions a client ID using CIMD, FEP d8c2, or DCR (in that order).

It then tries to do an authorization code flow.

I'm interested in seeing it tested with more ActivityPub API servers.

#ActivityPub


Reply to @adele@social.pollux.casa
Evan Prodromou@evan@cosocial.ca (2026-05-15 20:46:56)
@adele yes! 

https://github.com/swicg/activitypub-e2ee/

It uses MLS to implement encrypted messaging over ActivityPub. Bonfire and Emissary have working implementations, and Mastodon will implement it later this year.


Reply to @julian@activitypub.space
Evan Prodromou@evan@cosocial.ca (2026-05-15 03:32:03)
@julian @reiver @silverpill There are about 390M registered domain names. The system has, in fact, been used for decades. The Web and email depend on DNS.

Cryptographic keys as the root of identity are extremely hard for people to use -- about 10% of all Bitcoin wallets with money in them are lost for good. And there's actual money in those.

DNS >> cryptographic keys


Evan Prodromou@evan@cosocial.ca (2026-05-14 10:57:21)
I participated in #Mastodon #DiscoveryWeek today. It was great! 👍🏼

If you haven't signed up for a session, I highly recommend it. It's professional, participative and friendly. I was glad to be there; I felt like it mattered. 

https://app.hi.events/event/7599/mastodon-discovery-week-2026


Evan Prodromou@evan@cosocial.ca (2026-05-12 03:08:37)
Hey, all. Thanks so much. I'm yes, but. I find that using AI to scan code and documents can be really helpful in finding high-level errors. But it's not perfect, and has false negatives and false positives. I think it's a good tool for people who understand the problem space, but might not be great for someone who isn't familiar with what the code does or the docs mean.


Evan Prodromou@evan@cosocial.ca (2026-05-07 05:11:03)
So, I am on a medium-small instance. I don't see everything that happens on the Fediverse. In particular, I don't see every conversation about https://tags.pub/ .

If you see a conversation or questions about #tagspub and you don't think the author would mind, please feel free to tag me in. I'm not awake 24/7 and even when I am awake I'm sometimes doing other things, but I'd really appreciate the chance to answer people's questions or concerns.


Evan Prodromou@evan@cosocial.ca (2026-05-05 06:16:03)
I just want to say thank you to all the server admins and Fediverse users who have enabled #tagspub sharing. Everyday I'm seeing more and more interesting posts coming through the service, and it's because people like you are knitting the Fediverse network more tightly together.


Evan Prodromou@evan@cosocial.ca (2026-05-03 07:27:41)
I believe the Fediverse can connect people in meaningful ways and that so joined we can make a more just, equitable and sustainable world.


Evan Prodromou@evan@cosocial.ca (2026-05-02 18:36:31)
Hooray #ActivityPub movies! 🎉 🎥🍿

https://movies.pub/movie/Q107105860

UPDATE: I'm at the #wmhack2026 hackathon this weekend, working on mapping movies from Wikidata to ActivityPub objects. It's not for end users. If you don't like JSON, these URLs won't be for you.

I'll try to make that clear from now on.

It's nice for me to share my progress. If you don't like it or you don't care, please be as respectful to me as you would be to other people on the Fediverse sharing things they made.


Reply to @evan@cosocial.ca
Evan Prodromou@evan@cosocial.ca (2026-05-01 18:26:16)
@silverpill @julian @fedimtl @ozoned @reiver @johannab @j12t @paige @mayel also, let me extend a personal invitation to come to the next Fediforum. It would be great to have you there.


Reply to @silverpill@mitra.social
Evan Prodromou@evan@cosocial.ca (2026-05-01 18:20:27)
@silverpill @julian @fedimtl @ozoned @reiver @johannab @j12t @paige @mayel In this case, yes! I was only briefly in this session, and I didn't talk about Web Monetization.

SWF received money from ILF to work on four research projects: Fediverse sustainability, creator economy, cooperatives, and Web Monetization in multimedia Fediverse apps. We're not a buzz marketing agency.

I post about our work in our blog, but I'm also happy to answer your direct questions any time.