Relocation message

While transforming Friendica into a full AP based system, we are still having problems, supporting all message types that Friendica currently supports.

One of the currently not transformed message types is the relocation message. On Friendica, users can export their user data, including the public/private keypair. When the old system went away, people can upload this data to create a new user on another server. After this had been done, a relocation message is sent to the user’s contacts (the contact is is also part of the exported user data).

I’m still struggling to create a “relocation” message type in AP. Problem is: How can we create a message that tells: “Hey, I’m X, you know me, but now I’m Y, please update your contact data so that we keep our relation”?

2 Likes

This would make a great extension. For completeness, linking a few previous discussions w3c/activitypub repo and social cg repo.

I think the actual move message can be very simple, something like Gargron proposed, and doesn’t even need an extension.

{
  type: 'Move',
  actor: 'uri/to/alice',
  object: 'uri/to/alice',
  target: 'new_uri/to/alice'
}

The tricky thing is what do platforms do when they receive the move message? The could be an extension indicating what kind of move it is to signify a Mastodon style “I’ve moved” manual move and a Friendica style “system migration”. The latter indicates the source account is closed or doesn’t even necessarely exist any more. The latter reason indicates that there needs to be a signature to prove that that the sender has the right to send this move message, since it might not originate from the actor ID being moved.

Other side effects like fetching new keys and such could be documented in the migration process. I’d look at both Friendica and Diaspora migration specs to reach a similar extension specification for ActivityPub based on additional properties on the existing Move activity.

1 Like

When moving we keep the key pairs. So technically we would be able to send this message from the new system, but we could use the old URI as actor and would sign with this as well. Systems that already do know this account would had the key, so this shouldn’t be a problem.

Question is: Is this secure? I - of course - want to avoid any situation where (due to some design flaw) an attacker could take over a foreign account by delegating the followers to the own account.

1 Like