Conversation
Notices
-
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Friday, 15-Dec-2023 04:47:33 JST 
Alex Gleason
Fellas, I think threads.net might be blocking some servers already.
It does not work on any Pleroma servers yet. But I believe that is an unintentional compatibility issue. However some servers seem to be outright blocked.
Let me explain. Threads requires signed fetches. What that means is that every GET request to a threads.net resource needs to be cryptographically signed. Threads will then look up the signer and verify its signature.
The flow looks something like this:
gleasonator.com -> GET threads.net/zuck (signed by /actor)
threads.net -> GET gleasonator.com/actor
The request to Threads contains a signature, with information about how to verify it. Threads will then verify it by fetching info from the origin server before returning the data.
You can see Threads fetching your own server by looking at the "facebookexternalua" user agent. Try this command on your server:
grep facebookexternalua /var/log/nginx/access.log
If you see logs there, that means Threads is attempting to verify your signatures and allow you to access their data.
On Gleasonator, I am seeing logs there. It is trying to let me establish a connection, even though it fails due to a bug in Pleroma or Threads. This means Gleasonator is not blocked.
However, on Spinster, and the Mostr Bridge, I have no requests from Threads at all, despite sending signed fetches. graf reports that Poast also isn't receiving any requests.
I do not believe they are operating on a whitelist. If so, it wouldn't make sense for Gleasonator and many other widely-blocked servers like gameliberty.club to be able to fetch from Threads.
So then I thought it may just be a caching issue, or a fluke on their end. But when I make a request from Gleasonator, I get the pingback from Threads within seconds. On Spinster and Mostr, there is no attempt being made at all.
So I am starting to think they may be blocking at the server-level already. And they are blocking Poast, Spinster, and the Mostr Bridge.- Pleroma-tan likes this.
- ぐぬ管 (GNU social JP管理人) repeated this.
-
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Friday, 15-Dec-2023 04:57:54 JST 
Sexy Moon
@alex I have logs that they have gathered the actor AP object of my Pleroma instance's internal fetch actor. kaia and Alex Gleason like this. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Friday, 15-Dec-2023 05:01:00 JST
Alex Gleason
@Moon Yep, it looks like that for me too.
That's good to know they're not outright blocking shitposter.club. That at least proves they didn't just block the top 10 list on FBA https://fba.ryona.agency/scoreboard?blocked=50narcolepsy and alcoholism :flag: likes this. -
Embed this notice
silverpill (silverpill@mitra.social)'s status on Friday, 15-Dec-2023 05:03:27 JST 
silverpill
@alex I also see attempts to fetch instance actor in my log, but the last one was ~5 hours ago. Now when I make a signed request, threads.net doesn't react at all, even if I send a signed request as a different actor.
Sexy Moon likes this. -
Embed this notice
rees (rees@breastmilk.club)'s status on Friday, 15-Dec-2023 05:04:13 JST 
rees
@alex >poast was haxxorz!
>me: it's probably an svg exploit
>it was an svg exploit!!
>threads isn't federating
>me: it's probably a GET http-sig
>it was a GET http-sig!!!Alex Gleason likes this. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Friday, 15-Dec-2023 05:06:16 JST
Alex Gleason
@silverpill I am still getting recent requests from Threads, every time I fetch. This proves they didn't turn the service off. They're choosing to deny some requests, possibly by actor origin.
108.162.237.23 - - [14/Dec/2023:20:04:42 +0000] "GET /internal/fetch HTTP/2.0" 200 823 "-" "facebookexternalua"
172.69.71.14 - - [14/Dec/2023:20:04:57 +0000] "GET /internal/fetch HTTP/2.0" 200 823 "-" "facebookexternalua"
172.69.71.147 - - [14/Dec/2023:20:04:59 +0000] "GET /internal/fetch HTTP/2.0" 200 823 "-" "facebookexternalua" -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Friday, 15-Dec-2023 05:07:27 JST
Alex Gleason
@matty @Moon They respond with a 200 of an HTML page saying "this page is not available" Pleroma-tan likes this.Pleroma-tan repeated this. -
Embed this notice
Matty (matty@nicecrew.digital)'s status on Friday, 15-Dec-2023 05:07:28 JST 
Matty
Would this respond with a 400 error if they were blocking you? Pleroma-tan repeated this. -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Friday, 15-Dec-2023 05:08:04 JST
Sexy Moon
@alex @matty world-class web engineers, everybody Pleroma-tan likes this. -
Embed this notice
Matty (matty@nicecrew.digital)'s status on Friday, 15-Dec-2023 05:09:18 JST
Matty
>Response 200: access denied
BrilliantSexy Moon and Pleroma-tan like this. -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Friday, 15-Dec-2023 05:11:49 JST
Sexy Moon
@raccoon @alex I'm hoping they federate openly because I am going to set up a server with an MRF that follows every user and then favorites every post. Haelwenn /элвэн/ :triskell: and Pleroma-tan like this. -
Embed this notice
Trash Panda (raccoon@den.raccoon.quest)'s status on Friday, 15-Dec-2023 05:11:50 JST 
Trash Panda
@alex@gleasonator.com
We're way ahead of them, we blocked threads before it was live, as soon as they announced it we pre-emptively blocked it.Pleroma-tan repeated this. -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Friday, 15-Dec-2023 05:14:13 JST
Sexy Moon
@graf @raccoon @alex apparently traffic picked back up on threads according to my sources -
Embed this notice
anime graf mays ?️? (graf@poa.st)'s status on Friday, 15-Dec-2023 05:14:14 JST 
anime graf mays ?️?
@Moon @raccoon @alex I was looking forward to it because we are one of few servers that can actually handle the load of Federating with something that large (even if it is a ghost town). shame if they did in fact block us -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Friday, 15-Dec-2023 05:14:53 JST
Sexy Moon
@graf @raccoon @alex I was planning on just standing up a server that doesn't even store anything it just sucks down posts and sends back favorites -
Embed this notice
anime graf mays ?️? (graf@poa.st)'s status on Friday, 15-Dec-2023 05:28:08 JST
anime graf mays ?️?
@matty @alex @Moon nah I figured it out 🧠 -
Embed this notice
(mint@ryona.agency)'s status on Friday, 15-Dec-2023 05:28:08 JST 
@graf @alex @matty @Moon :chuffin: -
Embed this notice
anime graf mays ?️? (graf@poa.st)'s status on Friday, 15-Dec-2023 05:28:10 JST
anime graf mays ?️?
@matty @alex @Moon weird Alex's reply didn't federate here. this appears as an orphaned reply on poast -
Embed this notice
Matty (matty@nicecrew.digital)'s status on Friday, 15-Dec-2023 05:28:10 JST
Matty
Fuckin Zucc breaking the fediverse with his lizard magic -
Embed this notice
kijo 鬼女 (kj00@spinster.xyz)'s status on Friday, 15-Dec-2023 05:39:18 JST 
kijo 鬼女
@alex So they went out of their way to block (probably) the least hostile non-masto instance because of the evil women on Spinster posting about their evil crafting projects and evil knitted sweaters and crocheted blankets. And don't forget about their evil cats who can smell you're male. Alex Gleason likes this. -
Embed this notice
silverpill (silverpill@mitra.social)'s status on Friday, 15-Dec-2023 05:48:46 JST
silverpill
@alex I tried to fetch https://www.threads.net/ap/users/mosseri from my other instance public.mitra.social and received a pingback from facebookexternalua. Is it possible that they block mitra.social but not public.mitra.social? Seems unlikely. I think their federation client may simply give up after several unsuccessful federation attempts.
-
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Friday, 15-Dec-2023 05:56:11 JST
Alex Gleason
@silverpill I don't know why they would target mitra.social. Does mitra.social have any requests from their user-agent historically? I have 0 from servers that don't work, which means no attempts were ever made. -
Embed this notice
silverpill (silverpill@mitra.social)'s status on Friday, 15-Dec-2023 06:09:33 JST
silverpill
@alex Yes, mitra.social had incoming requests from facebookexternalua, but at some point they stopped and I can't trigger them anymore
-
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Friday, 15-Dec-2023 06:25:34 JST
Alex Gleason
@silverpill That's weird. That's different from my problem. That means you got blocked after they saw your traffic. Versus blocked up-front. -
Embed this notice
heluecht (heluecht@pirati.ca)'s status on Friday, 15-Dec-2023 07:55:06 JST
heluecht
@alex What I just found out: Friendica does the requests with their system actor. That actor only has got an inbox, but no outbox. After I added the outbox to the profile, I was able to fetch a user. Alex Gleason likes this. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Friday, 15-Dec-2023 07:55:44 JST
Alex Gleason
@heluecht I also figured that out by now and patched it already. Interesting that Friendica has the same bug. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Friday, 15-Dec-2023 08:09:32 JST
Alex Gleason
@heluecht We confirmed it's a required field per the ActivityPub spec. If you dig through my replies there are a few conversations about it. -
Embed this notice
heluecht (heluecht@pirati.ca)'s status on Friday, 15-Dec-2023 08:09:38 JST
heluecht
@alex It's not a bug. Technically a system actor doesn't need an outbox. Also it is no required field according to the specification, if I remember correctly. -
Embed this notice
jaf (jeff@mk.magicka.org)'s status on Friday, 15-Dec-2023 10:38:55 JST
jaf
@alex@gleasonator.com hey @zuck@www.threads.net can you confirm this?
Alex Gleason likes this. -
Embed this notice
heluecht (heluecht@pirati.ca)'s status on Friday, 15-Dec-2023 12:40:19 JST
heluecht
@alex Over night some posts from Threads (from Adam Mosseri) appeared on my system, so this seems to work fine.
One is a video where Adam Mosseri explains the launch in Europe and the steps towards the Fediverse. It appears as if he has got a deep knowledge of this whole topic. For example he made clear that the whole system is the Fediverse, the Protocol is ActivityPub and Mastodon is one of many applications in the Fediverse. Here he is already better than a lot of the Mastodon users of the Fediverse, who always call it "Mastodon".
I'm still not 100% where this will lead to and which motivation they drive. I don't think that their primary target is to dry out the Fediverse. They have got 100 million active users per month, the fediverse around 2. You don't invest such a lot time just for 2% gain.
Same is valid for this "they want our profile data" argument. They can gain some information about which user interacts with other users. But this doesn't help their ad business, since they cannot connect Fediverse accounts with IP addresses or cookies or any other tracking techniques.
By now I think that they want to avoid trouble via the EU because of their Digital Markets Act.
Alex Gleason likes this. -
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Friday, 15-Dec-2023 12:40:41 JST
Alex Gleason
@heluecht Great analysis. I couldn't see the video because the attachment got messed up in transit. I'll give it a watch. -
Embed this notice
Sprate (sprate@nicecrew.digital)'s status on Friday, 15-Dec-2023 12:55:31 JST 
Sprate
I'll say it: most of the people freaking out over the Threads federation right now are neurotic, paranoid, and are desperate to maintain their hugboxes and publicly posture as oppressed victims of a big tech company. Alex Gleason likes this. -
Embed this notice
redditeur (redditeur@poa.st)'s status on Saturday, 16-Dec-2023 03:38:06 JST 
redditeur
@Moon @alex @matty That sort of incompetence in API design has a special place in programming hell. Sexy Moon likes this. -
Embed this notice
silverpill (silverpill@mitra.social)'s status on Saturday, 23-Dec-2023 04:33:52 JST
silverpill
@alex Yeah, and now I'm getting 429's from their server. The other instance (public.mitra.social) federates normally.
-
Embed this notice
Alex Gleason (alex@gleasonator.com)'s status on Saturday, 23-Dec-2023 04:35:51 JST
Alex Gleason
@silverpill Use ngrok to host it on a different domain temporarily, and I bet you it will work. -
Embed this notice
silverpill (silverpill@mitra.social)'s status on Saturday, 23-Dec-2023 04:43:19 JST
silverpill
@alex Sure. If they won't unblock me that is what I'm going to do
Alex Gleason likes this.
All GNU social JP content and data are available under the