[Aqueous]

While I don’t doubt that Threads addition of ActivityPub is good for both Threads and the fediverse, I wonder if it will become federated in the sense that email is still federated, which is to say email is dominated by a small number of players who control the vast majority of email addresses (i.e gmail) and their control represents a de-facto centralization of a once decentralized protocol. Is there a reason to think that ActivityPub is fundamentally different from SMTP, and Threads from Gmail, to suggest that won’t happen here?

It’s still preferable to have an open protocol, but only slightly if the related market is monopolized.

[RockRobotRock]

Seems overly cynical to me.

[apitman]

I think it's a fair question. The primary reason email has centralized is spam. The fediverse doesn't have any specific answer to this. It explicitly punts in the spec[0].

Personally, I wonder how much value there is in NxN communication where N=8,000,000,000. If your instance only downloaded and showed you content from feeds you explicitly followed, spam would be a much smaller problem. But everyone wants to see responses from everyone else and yell at each other.

Email certainly provides value in being able to cold-contact someone, but I think that could be handled separately, maybe using something like a cost-based anti-spam system[1].

[0]: https://www.w3.org/TR/activitypub/#security-spam

[1]: https://en.m.wikipedia.org/wiki/Cost-based_anti-spam_systems

[Pink2DS]

My Fedi account gets more spam than my email does at this point (thanks to all the brutal postfix milters I've got on). And if we broaden it to not just unsolicited commercial email but also include outright jerks, then it's even more.

Email has spent a lot of effort on trying to implement a world-writable inbox and I'm really impressed with what they've got, with DMARC, DKIM, SPF and such.

But just to devil's advocate for Fedi for three seconds: one of the main drivers of spam was spoofing (and unsecured SMTP relays) and that's something the HTTP signatures in ActivityPub curbs.

The big fear I have with Fedi is a "domain mill", a harassment (or unsolicited commercial promotion) site that can automatically register thousands of domains and use those to set up an overwhelming amount of spamming and harassing instances.

[apitman]

You can mitigate that somewhat by blocking entire apex domains (public suffix list would likely be helpful here), but I think the root problem is allowing anyone to say whatever they want to anyone else in a fairly anonymous manner, and I just don't think that's a scalable concept.

[RockRobotRock]

Interesting. Privacy Pass could be a promising way to mitigate that problem.