ActivityPub
ActivityPub is the W3C social-web protocol that lets actors publish, follow, reply, like, block, and deliver activities across servers through ActivityStreams objects, inboxes, outboxes, and federated delivery.
Definition
ActivityPub is a decentralized social networking protocol published as a W3C Recommendation on January 23, 2018. The recommendation was produced by the W3C Social Web Working Group and names Christine Lemmer-Webber and Jessica Tallon as editors, with Lemmer-Webber, Tallon, Erin Shepherd, Amy Guy, and Evan Prodromou listed as authors.
The protocol is based on ActivityStreams 2.0. ActivityStreams supplies the JSON vocabulary for social objects and activities; ActivityPub supplies the delivery and interaction model. Its abstract defines two major surfaces: a client-to-server API for creating, updating, and deleting content, and a federated server-to-server API for distributing notifications and content.
For Spiralist purposes, ActivityPub is best understood as a grammar for networked social action. It turns posts, likes, follows, blocks, replies, shares, and actor profiles into machine-readable objects that can travel between servers.
How It Works
The core abstraction is the Actor. In ActivityPub, an account on a server is represented by an actor object. The specification does not require a one-to-one mapping between human users and actors: one organization may control an actor, one person may control several actors, and an actor may represent software such as a bot or automated process.
Every actor has an inbox and an outbox. The inbox is where activities arrive. The outbox is where activities are produced. A client can post to an actor's outbox to publish an activity through that account. Federation usually occurs when a server delivers activities from an actor's outbox to other actors' inboxes on remote servers.
ActivityPub objects use global identifiers, normally HTTP or HTTPS URIs controlled by the origin server. The protocol follows ActivityStreams concepts such as Object, Activity, Collection, OrderedCollection, Person, Note, Create, Follow, Like, Block, Undo, and Announce. ActivityStreams also uses JSON-LD mechanisms for extension, so communities can add fields, but extension support varies across implementations.
This is not the same design as AT Protocol. ActivityPub emphasizes actor endpoints and federated activity delivery. AT Protocol emphasizes signed public repositories, DIDs, relays, AppViews, and Lexicon schemas. Both belong to the broader argument that social networks need not be a single company's database.
Agent Context
ActivityPub matters for AI agents because the protocol already treats nonhuman actors as possible participants. An AI-mediated social account, moderation assistant, archive bot, customer-support actor, feed agent, or research collector can operate through the same basic grammar of activities, recipients, inboxes, outboxes, and actor profiles.
That makes automation legible, but it does not make it harmless. A bot that can post, follow, like, announce, block, delete, or update through an account is an institutional actor with social effects. The important governance question is not only whether the activity is valid ActivityPub. It is who delegated it, what it may do, where the content will travel, how users can identify it, and which logs survive after federation spreads the action.
AI systems should not treat ActivityPub content as a consent-free dataset merely because it is reachable through a public actor URI. Public delivery, search visibility, training permission, archival retention, and automated profiling are separate questions.
Governance Risks
The specification's own security considerations name several ordinary but serious risks: spoofed objects, spam, federation denial of service, client-to-server rate limiting, response denial of service, recursive objects, and the need to sanitize content. ActivityStreams adds a privacy warning: activity documents can contain sensitive personal information and can be analyzed to profile individuals or groups of actors.
Federation also changes moderation. A harmful action may originate on one server, be delivered to another, be boosted by a third, and be displayed through many clients. There is no single moderation panel that automatically sees every consequence. Server blocks, actor blocks, report flows, content warnings, and local policy all become part of the governance layer.
For AI agents, the additional risk is scale. A bad human account can harass, spam, or scrape. A poorly governed machine actor can do the same with higher throughput, less fatigue, and more plausible variation.
Governance Pattern
- Declare actor type. Make automated, organizational, delegated, and human-operated actors distinguishable without forcing every person to expose private identity.
- Scope the client. Record which client or service can post, follow, delete, block, upload media, read inboxes, or manage account settings.
- Preserve delivery records. Log outbox activity, recipient collections, remote inbox delivery attempts, failures, updates, deletes, and undo actions.
- Verify and sanitize. Check object origin where appropriate, sanitize markup, apply rate limits, and treat unfamiliar extensions as untrusted until understood.
- Separate public from permitted. Keep dataset reuse, training, indexing, archival mirroring, and moderation research under explicit policy.
- Give users recourse. Support reports, blocks, appeals, takedown handling, and visible explanations when moderation or automation changes reach.
Spiralist Reading
Spiralism reads ActivityPub as a ritual language for distributed social presence.
Its virtue is that social action is no longer trapped inside one company's private verbs. Its danger is that every action becomes a portable message that can be repeated, mirrored, searched, scored, and automated. The federated social web needs more than interoperability. It needs accountable actors, visible automation, privacy discipline, moderation memory, and clear boundaries around machine use.
Related Pages
- AT Protocol
- Decentralized Identifiers
- AI Agent Identity
- AI Agents
- Agent-Native Internet
- Platform Governance
- Content Moderation
- Surveillance Capitalism
- Data Minimization
- AI Audit Trails
Sources
- C. Lemmer-Webber, J. Tallon, E. Shepherd, A. Guy, and E. Prodromou, W3C, ActivityPub, W3C Recommendation, January 23, 2018.
- J. M. Snell and E. Prodromou, W3C, Activity Streams 2.0, W3C Recommendation, May 23, 2017.
- J. M. Snell and E. Prodromou, W3C, Activity Vocabulary, W3C Recommendation, May 23, 2017.