Hey, i'm a software developer and i'm considering trying to build a site using ActivityPub, but i have a few concerns about it.
My first concern is that if the platform is open source someone can host a malicious version of it, where certain requests may be ignored (such as deletion).
This leads into my next concern which is GDPR, because now i can't be certain that a users data gets deleted upon their request and i'm not certain whether i would be liable since my instance federates with the malicious instance (which may also not be hosted in the EU which is itself problematic, and even if i'm not liable it's still not great).
I considered if it was viable to make the platform invite based somehow, so that it doesn't federate with everything by default, but that also sort of defeats the purpose of using ActivityPub.
The loss of control over content is also something that i don't particularly like, since some people may use their own instance for harassment or something else gross, but i guess that wouldn't be my problem since i just wrote the code and wouldn't have anything to do with the hosting of such sites.
i'd appreciate any feedback since i think the technology and the fediverse is very interesting, i would definitely like to try it out, but i'm not sure how to go about these challenges.
Just so you know, this is not a fefiverse specific issue. Third party websites have cropped up to scrape sites like Reddit and post archived versions of undeleted posts for decades. I'm not sure your concern relates to the fefiverse at all.
For one of the OG federated systems, 3^rd^ party Usenet news cancellations were a thing that was dealt with back then too. Many sites not honoring deletion at all to try to stay out of the fray of different groups trying to censor each other (e.g. entities in China trying to cancel any post mentioning Taiwan). It was far easier to not honor deletion at all (or only from trusted spam canceling entities).
This also touches on the "if deletion is honored, what stops a 3rd party from spoofing a deletion request of your content?"
For a current instance of Usenet news and their cancel and supersede policy: https://www.eternal-september.org/index.php?showpage=faq#cancellock