Some of you noticed that @HolosDiscover is following you. It's a Fediverse search engine we built to solve a problem: when you start your own server with #Holos, your index is empty. #HolosDiscover provides a ready-to-use content catalog for everyone. Only public posts from consenting users are indexed. Deletions and edits are reflected in real-time through ActivityPub activities.
A privacy-respecting Fediverse search engine built on ActivityPub federation. Only indexes public posts from consenting users (indexable=true). No scraping, no API crawling, just standard federation.
@FinchHaven Totally understood. Blocking is one of the supported opt-out methods. Your content has been removed from our index and you won't be contacted again.
Unlike crawlers, we are fully transparent and respect multiple consent signals before indexing anything. We also explain on our "How it works" page how to stop indexation depending on your Fediverse software. But keep in mind that these settings only work with services that respect them, crawlers simply ignore them.
"Unlike crawlers, we are fully transparent and respect multiple consent signals before indexing anything.
We also explain on our "How it works" page how to stop indexation depending on your Fediverse software."
But here's the core point:
"Your content has been removed from our index and you won't be contacted again."
So you've --> already <-- "scraped my content" without my knowledge or permission and only because -- somehow -- I've managed to be aware of your project at all, am I able to defend myself against being scraped by your bot
Anyone who has never heard of you is by definition defenseless against what you're doing
Every single bright-eyed young coder who has done exactly the same thing -- scraping Mastodon content -- has exactly the same answer since I first got on in very early November 2022
"Oh... you found out we've scraped your data... OK... we'll delete it. And maybe we won't do it again."
Point is, people are sick of that shit and always have been
@FinchHaven We don't scrape. We send a standard ActivityPub Follow, visible in your followers list like any other account. The "indexable" setting exists precisely for this use case.
With indexable enabled, Google already indexes your public posts and keeps deleted content cached for days. We remove everything instantly via ActivityPub.
We're not a crawler. We're a federation participant playing by the rules. @fediversereport
A privacy-respecting Fediverse search engine built on ActivityPub federation. Only indexes public posts from consenting users (indexable=true). No scraping, no API crawling, just standard federation.
I don't know if you know this already, but if you have the "indexable" option enabled in your Mastodon account then your posts will be indexed by every single server you federate with and will appear in their search results. So if you are worried about scrapping/indexing of your posts that setting should be turned off.
@OctaviaConAmore It's consent-based. We only follow accounts that have "indexable" enabled, are not locked, and don't have #nobot in their bio. If any of these conditions isn't met, we won't follow or index anything. Only public posts are indexed. @fediversereport
@OctaviaConAmore You're right that "indexable" is enabled by default on many instances, and we understand the concern. But this setting already has consequences beyond us: with indexable enabled, search engines like Google can index your public posts and may keep them cached for days or weeks even after deletion.
With Holos Discover, deletions and edits are reflected instantly through ActivityPub activities. And we're visible as a follower you can block at any time. @fediversereport
@OctaviaConAmore You're right, we don't hide it. The "indexable" setting is enabled by default on most instances, which makes it de facto opt-out. We wish it weren't the default, but that's an instance-level decision, not ours.
Being 100% ActivityPub means we detect any profile change instantly. If indexable is turned off, everything is removed immediately. That's the advantage of being fully ActivityPub-native: we follow the decisions made by Fediverse developers.
@HolosDiscover@discover.holos.social It's not "opt-in" to assume that everyone who has allowed indexing is opting in to your specific scraper.This is unacceptable.
We heard you. #HolosDiscover has been shut down, all indexed data deleted, and the source code removed. We apologize for the misunderstanding. Our approach was built with the deepest respect for user consent, but we understand it could rightfully be seen as misusing the indexable flag that many users didn't consciously enable. This highlighted a real conversation the Fediverse needs about default settings. Thank you for the feedback.
Holos is a very nice project, congratulations. Note that wrt Holos-Discover, the "How it works" does not explain the search mechanism, and the repo link gives a 404.
Regarding Holos-App the docs mention that it implements a "full ActivityPub server", but it is unclear whether you mean "a full server" (S2S) or the "ActivityPub conformant Federated Server" specification profile, which in a quick peek is not what Holos-App is.. looks like?
We heard you. #HolosDiscover has been shut down, all indexed data deleted, and the source code removed. We apologize for the misunderstanding. Our approach was built with the deepest respect for user consent, but we understand it could rightfully be seen as misusing the indexable flag that many users didn't consciously enable. This highlighted a real conversation the Fediverse needs about default settings. Thank you for the feedback.
I was logging in yesterday on thunderbird with my second email and the amount of gymnastics I needed to finally get to there would grant 3 olympic medals lol
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
The media in this post is not displayed to visitors. To view it, please go to the original post.
Folks, @rania40, like @joynewacc and @aseelfromgz are volunteering with Gaza Verified even as they face the same inhumane conditions forced upon Palestinians by Israel.
If you can, please help as a tiny way of saying thank you 💕
@gaza_verified_campaigns This week, I received only $10 while living in extremely harsh displacement conditions. We lack basic necessities like food, water, medicine, and shelter. We are not asking for luxury—only the minimum to survive. Any help, even small, makes a difference. Please donate or share. Thank you for your humanity. chuffed.org/project/161851-hel… @aral @kathimmel @fabio @casey
my name is kat & i live in scotland. i've started this campaign for my friend, aya rizq, who lives with her mum & siblings in the rubble of a destroyed gaza.
The media in this post is not displayed to visitors. To view it, please go to the original post.
During any #press event, I prefer to stay awake all day on-site, away from my family, to document the moment. Here’s glimpse of the vids I captured at night at Nasser Hospital, documenting the return of patients who completed their medical treatment abroad & returned to #gaza via the Rafah crossing At this location,returnees reunite with their families. For some, however, the moment of arrival is met with heartbreak as they receive news for the first time of the martyrdom of their loved ones
We put a lot of work into both #Fedilab and #HolosSocial. We will never neglect one for the other, both deserve attention. Holos allowed us to push boundaries like E2EE DMs over ActivityPub and portable identity, but Fedilab is the app we've been working on since 2017 and will keep integrating new features. This is your app, not ours. Alongside all this, we are volunteers, so if you can help us financially, that would really help. Thank you.
I'm tagging my friend @tio 'cause this is relevant. He made a documentary series in 2023 talking about the problems of our world, if interested you can watch it on the website here - tromsite.com/documentaries/tro…
TROM II: A Message to the Aliens Year: 2023 / Duration: 4 parts, 5 hours We live in a world where everyone is busy, everyone is consumed, everyone seems confused. Money, social credits, ads, data collection, prices and billionaires.
#Holos is designed around one device per account since each phone runs its own ActivityPub server. Currently, activities are removed from the relay once synced, so multi-device isn't possible yet. However, we could introduce trusted devices linked to an account, where activities are only removed once synced with all of them. This would also need some work on our E2EE DMs feature.
@dennismelhede Moving to a new phone is simpler: just restore from a backup (S3 or WebDAV). Multi-device is about using several phones at the same time, which is a different challenge since each one runs its own server.
Face recognition technology is so dangerous that government should not use it at all—least of all our federal government’s out-of-control immigration agencies. eff.org/deeplinks/2026/02/yes-…
Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) have descended into utter lawlessness, most recently in Minnesota. The violence is shocking. So are the intrusions on digital rights and civil liberties.
As the main developer of Fedilab, I've never used Open Collective funds for personal needs like buying a phone or paying repairs (yes, plugging/unplugging daily has consequences). I feel uncomfortable about how to use those funds. In April I'll need to pay for server hosting. I also need a more powerful computer. Are those kinds of expenses ok for you? Like repairing my phone due to a worn-out USB connector?
You have put a lot of effort into developing these apps, so you deserve the money people donated you. Now if the project have other major contributers then you can ask them about the matter as well, but I don't think they'll disagree much. Getting your phone repaired is important, and depending on the condition of your current laptop/PC getting a new one might also be necessary to continue your work - these are not useless spendings IMO.
@TimePencil Thank you, I appreciate that. I was genuinely unsure whether repairing my phone felt right, even though it's directly caused by development and testing. Your words help.
A lawyer mate of mine once told me, "*Anybody* can steal from an employer, if they are a trusted employee."
Now, donors are not your employer, but they are your supporters, and they trust you. As you know "right from wrong" you'll also know if you've abused that trust.
Be open and honest, apply good judgement, and you'll be fine!
idk, estimate how much labor you've spent on this project, multiply by a living wage, and that's approximately the amount of money that I think you should spend however you need or even want to 🤷 the expenses of a tech project include the labor of the workers, which includes the living requirements of the workers Plus, in this case, they seem like things that also affect your ability to work on this project regardless of your ability to live, which imo is no longer a personal expense
As a dev, ceo and donator at different times, I suggest looking at it like this:
If you did not do this job youre getting paid for (open collective), would you have the amount of costs you have now (you wouldnt) and if you do, they're personal (rent, food, vacation) and if not, they're work related (mobile dev = mobile phone business expense, same for laptop that wears out etc.)
If you want to feel extra ethical, buy a dedicated work phone that is separate which you use the money for.
I'm fine with everything. Use them for things you need.
To maybe ease your mind a bit: A computer also supports app development. And a phone is needed for testing the app. Emulators can only bring you so far. So that would be something directly benefiting app development.
It really depends on what you wrote on the Open Collective requests. My plans if the LibreFaso project was ever successful enough to justify a full-time job¹ was to have a separate tip jar for the project-related expenses and for my own salary, so that people could choose what they want to fund. Basically, as long as you're entirely transparent, it should be fine.
I would be really frustrated if the money going to a software project did not at all contribute to the basic computing needs of the main developer of that project. Like obviously there's a limit at which the opportunity costs become too big but a phone repair does not approach that cost
@Fedilab Apps I would see nothing wrong with you using the funds for things that directly impact the app, I mean you need a phone for actual testing, right? And a computer to create the program? To me that seems to be what the funds are for
I donate to projects because I want them to stay and best case improve/ grow/... So if the money is used for anything that helps in that way I am happy. If that means you can work on the project half-time, full-time or whatever and spend the money on rent, food, cinema or anything else that makes you happy, that is great. I would stop donating if you became a multi-millionair. But I doubt we will ever have to worry about that ;)
On the plugging / unplugging front, have you considered a sacrificial cable / connector board. We use these between dev boards and cables for hotplug or similar testing.
Use your own domain for your ActivityPub identity. No instance to host, pure ActivityPub from your phone. Your identity is no longer tied to the relay. Switch anytime.
Add your domain, configure a CNAME record, verify and activate. Followers are notified via a Move activity.
@juergen Android is the primary platform for now, but an iOS version is planned. Distribution will likely go through AltStore, as mainstream app stores may flag apps with embedded servers.
Regarding multi-device access, Holos follows a "one device, one instance" philosophy. Your phone is your server, with your keys and data living locally. This is what gives you true ownership. Multi-device sync isn't currently supported but is being considered for the future.
Hmmm interesting. So this is basically trading the ability to use the fediverse from multiple devices vs. having a transferable user name independent from the proxy used? I am really curious if this will be embraced by many users.
@juergen It's currently designed as one device per account since your phone is the server. But this can be improved by allowing the relay to dispatch activities to multiple devices per account instead of removing them once consumed. Right now the relay immediately deletes an activity once it's been synced (via WebSocket or during app launch), but reworking this to support multiple devices is definitely possible.
@juergen We will introduce that option, a lot of people are asking for multi-device support. That would need some work on our latest feature (E2EE DMs).
#Holos is designed around one device per account since each phone runs its own ActivityPub server. Currently, activities are removed from the relay once synced, so multi-device isn't possible yet. However, we could introduce trusted devices linked to an account, where activities are only removed once synced with all of them. This would also need some work on our E2EE DMs feature.
@lexinova Migration is fully supported! Holos implements the ActivityPub Move activity, so you can migrate from another instance to Holos or from Holos to any other ActivityPub instance. Your followers will be automatically notified and redirected, just like with standard Mastodon migration.
Regarding F-Droid, the submission is currently in progress.
it would also help if you'd publish releases with their corresponding APKs attached. Only that way, Reproducible Builds can be supported (which we and @fdroidorg have, see e.g. izzyondroid.org/about/security… for a short intro).
I don't know about the size of your APK, so I cannot tell if we could take it in at IzzyOnDroid – but if it's below 30 MB, be welcome to apply (once the APKs are available, as we always ship the APKs built & signed by their devs) @lexinova
@IzzyOnDroid Unfortunately the APK is around 170MB due to the embedded Node.js libraries needed to run the local server. We reduced it by dropping one of the three Node.js builds (from three to two), but it's still well above the 30MB limit. That's why we never submitted to IzzyOnDroid and went directly to F-Droid instead. @fdroidorg @lexinova
I do have my own instance, but it's on GoToSocial. YunoHost, vps. Longing Holos to be usable on iOS so I could have such as elettrona@holos.plusbrothers.net - so that I create mess then LOL!
aw gosh: yeah, NodeJS (and other frameworks) are a size-hell because of their native libs. There are a few tricks there, though – but if those 170 MB were per-ABI, we don't stay a chance. Having an APK at hand, I could check – but at that size, chances are rather minimal. We might et it down to 90 MB, probably, but that would still be too big… @lexinova
So Mullvad VPN has decided to move to WireGuard only and removed support for openVPN since January 15th 2026. And like everyone who had been using OpenVPN to connect to their servers I also had to move to WireGuard. However I had been using their VPN so far with inclusive split tunneling, meaning only a few apps/services will be routing their traffic through the VPN and the rest of my traffic will be unaffected. And I was able to do it thanks to a
So Mullvad VPN has decided to move to WireGuard only and removed support for openVPN since January 15th 2026. And like everyone who had been using OpenVPN to connect to their servers I also had to move to WireGuard. However I had been using their VPN so far with inclusive split tunneling, meaning only a few apps/services will be routing their traffic through the VPN and the rest of my traffic will be unaffected. And I was able to do it thanks to a guide they wrote explaining how to do split tunneling using OpenVPN. But I couldn’t find a similar guide explaining how to do the same in WireGuard, so I was left alone to figure it out myself. And in this post I will explain how I did it.
The new socks5 proxy
So the way this split tunneling had worked in OpenVPN is that you had to manually set up a socks5 proxy in the apps/services you want to route through the VPN, as explained in this guide. For OpenVPN this proxy used to be 10.8.0.1 on port 1080 but for WireGuard you need to use 10.64.0.1 on the same port. Also for WireGuard there is an additional multi-hop feature which you can use through port 10.124.x.x where x can be different numbers depending on which VPN server you want to route through (port is same 1080 as usual). You can get a list of these socks5 proxies for different servers thanks to a project called Mullvad socks proxy list which keeps the list updated by running a script every day using github actions. Alternatively you can also use the socks5 proxy address mentioned in Mullvad servers page which looks like domain names (e.g. al-tia-wg-socks5-003.relays.mullvad.net).
Beware of DNS leaks
If you are using these socks5 proxies there is a chance for DNS leaks, on browsers like Firefox you get an option called Proxy DNS when using SOCKS v5 which you can enable to avoid these leaks, but you may not find such options on other apps/services that you may use this proxy with. So I recommend setting up a custom DNS for your entire system to reduce this problem a bit, pick a good one that you can trust, here is a list of recommended ones - privacyguides.org/en/dns/#reco…
You can check for DNS leaks by visiting this website - ipleak.net
Binding VPN to torrent client
You can of course set up your torrent client to use the socks5 proxy to route all of its traffic through the VPN, but in my experience it is better for connectivity if you can actually bind your VPN to the torrent client directly without needing to use a proxy - as explained in this guide from the qBittorrent Wiki and also shown in this YouTube tutorial:
The solution
Method 1 (doesn't support binding VPN to torrent client)
In your WireGuard configuration you can see this line under the [Peer] section:
AllowedIPs = 0.0.0.0/0,::0/0
As you can see by default this is set to 0.0.0.0/0, ::0/0 which includes all IPv4 and IPv6 addresses, meaning all of your traffic will be routed through the VPN. But if we want to only allow the socks5 proxy addresses to go through the VPN we can change it to this:
AllowedIPs = 10.64.0.1/32, 10.124.0.0/22
The /32 is used to indicate that it's a single IPv4 address (10.64.0.1) and the /22 indicates that it's a subnet (ranging from 10.124.0.1 to 10.124.3.254). This should make it so that only traffic to these IP addresses would go through the VPN.
Notice a change in the logs
So now when you start up WireGuard via the wg-quick up command you will notice a change in its logs... This was the log from before I made the change:
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] ip -6 route add ::/0 dev wg0 table 51820
[#] ip6tables-restore -n
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n
And this is the log after I changed the AllowedIPs option:
[#] ip link add dev wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add [REDACTED]/32 dev wg0
[#] ip -6 address add [REDACTED]/128 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] ip -4 route add 10.64.0.1/32 dev wg0
[#] ip -4 route add 10.124.0.0/22 dev wg0
Looking at these logs I realized that the ip route command is the one that configures which traffic gets routed through the VPN, and that WireGuard will automatically configure it according to the AllowedIPs option.
Limitations
Like I put up in the heading this method won't be suitable if you want to bind your VPN to your torrent client, since we explicitely made it so that only traffic to a specific subset of IP addresses will be allowed through the VPN it rejects any other traffic. But I still wanted to explain this method here because it is good enough for anyone who only cares about the socks5 proxy and it is also the simplest solution.
Method 2 (works for both use cases)
Some context
So in order to archive this we need to do three things: 1. Allow all traffic to be accepted through the VPN, which means we will have to keep this line as is:
AllowedIPs = 0.0.0.0/0,::0/0
Stop WireGuard from automatically configuring all traffic to be routed through the VPN despite the AllowedIPs option.
We need to only route traffic to Mullvad's socks5 proxy addresses (10.64.0.1/32 and 10.124.0.0/22) through the VPN.
So based on these findings this is the solution I came up with, just add these lines under the [Interface] section of your WireGuard configs:
Table = off
PostUp = ip -4 route add 10.64.0.1/32 dev wg0; ip -4 route add 10.124.0.0/22 dev wg0
PreDown = ip -4 route delete 10.64.0.1/32 dev wg0; ip -4 route delete 10.124.0.0/22 dev wg0
You can put it right under the DNS option. On Linux you can run this command to automatically do this for all the .conf files you have in a folder:
sed -i '/^DNS = / a Table = off\nPostUp = ip -4 route add 10.64.0.1/32 dev wg0; ip -4 route add 10.124.0.0/22 dev wg0\nPreDown = ip -4 route delete 10.64.0.1/32 dev wg0; ip -4 route delete 10.124.0.0/22 dev wg0' *.conf
Explanation
The Table = off option disables WireGuard's automatic routing. And then we use the ip route commands to manually add routing for our socks5 proxy addresses when WireGuard starts, and also deletes these routes when WireGuard stops. You might notice that the ip route commands I use are exactly the same ones we saw on the logs I shared above, and yes that made it easy for me to figure this out. And if you're curious this is how the log looks like after I changed to this new method:
[#] ip link add dev wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add [REDACTED]/32 dev wg0
[#] ip -6 address add [REDACTED]/128 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] ip -4 route add 10.64.0.1/32 dev wg0; ip -4 route add 10.124.0.0/22 dev wg0
Not much different from the logs of method 1, just the last two lines are combined into one.
I'm truly in awe at the level of skill I witnessed in this video! I've always admired this guy as a programmer ever since I found his channel, inspiring fellow 🙂
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
I think you've introduced me to a few Queen songs before. And a cousin of mine recommended me to watch the Bohemian rhapsody movie, I started listening to more of their songs after that lol
I imagine it probably uses publicly available data like the posts you replied to, liked or reshared. Apparently the code used to run the bot is FOSS, you can see it here - github.com/Roboron3042/mastoes…
> Using external server was not possible; result may be inaccurate.
I think probably because you're on Friendica it might've failed to get the data from your instance directly so instead relied on federated posts - which are probably incomplete and likely explains why you're seeing people who you don't know. In my case everyone in there was either a friend or some popular account or project that I knew of.
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
- considering branches as "sticky notes" is nice but also somewhat weird, since they're exactly not sticky, but move along when creating a new commit. - Instead of `git reflog` I recommend `gitk --reflog` to see the graph of commits.
Thank you to those who are helping TROM monthly! Our first goal is to reach 100 monthly donors to kickstart a new video series for TROM, bring back TROMnews and provide 20GB storage space for our Nextcloud install (TROM Files) for everyone.
We have a lot of projects and hundreds, if not thousands of people are using our services.
> What powers the global internet? The answer might surprise you: not satellites, but hundreds of thin cables that run along the ocean floor. They’re an absolutely essential technology that’s also incredibly fragile — so fragile that in the beginning, most people thought they couldn't possibly work. Today on the show: the story of a man who *did* think they could work… and the lengths he went to to try and connect the world.
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
Hello Fediverse I want to make a short announcement about the social.trom.tf Friendica instance run by my friend @tio
Currently that instance is going through a big server migration process and it will take a couple of hours for it to get finished. So if you mention or send anyone messages during this time it might not reach them.
Auf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
FinchHaven sfba
in reply to Holos Social • • •#Muted and #Blocked
I do not want even the smallest bit of that
cc @HolosDiscover@discover.holos.social @fediversereport
Holos Social
in reply to FinchHaven sfba • • •@FinchHaven
Totally understood. Blocking is one of the supported opt-out methods. Your content has been removed from our index and you won't be contacted again.
Unlike crawlers, we are fully transparent and respect multiple consent signals before indexing anything. We also explain on our "How it works" page how to stop indexation depending on your Fediverse software. But keep in mind that these settings only work with services that respect them, crawlers simply ignore them.
@fediversereport
FinchHaven sfba
in reply to Holos Social • • •"Unlike crawlers, we are fully transparent and respect multiple consent signals before indexing anything.
We also explain on our "How it works" page how to stop indexation depending on your Fediverse software."
But here's the core point:
"Your content has been removed from our index and you won't be contacted again."
So you've --> already <-- "scraped my content" without my knowledge or permission and only because -- somehow -- I've managed to be aware of your project at all, am I able to defend myself against being scraped by your bot
Anyone who has never heard of you is by definition defenseless against what you're doing
Every single bright-eyed young coder who has done exactly the same thing -- scraping Mastodon content -- has exactly the same answer since I first got on in very early November 2022
"Oh... you found out we've scraped your data... OK... we'll delete it. And maybe we won't do it again."
Point is, people are sick of that shit and always have been
cc @fediversereport
Holos Social
in reply to FinchHaven sfba • • •@FinchHaven
We don't scrape. We send a standard ActivityPub Follow, visible in your followers list like any other account. The "indexable" setting exists precisely for this use case.
With indexable enabled, Google already indexes your public posts and keeps deleted content cached for days. We remove everything instantly via ActivityPub.
We're not a crawler. We're a federation participant playing by the rules.
@fediversereport
FinchHaven sfba
in reply to Holos Social • • •So people need to have detailed ActivityPub knowledge to detect and protect themselves against your operation
And what about people who follow me already and join your little project
Do I get any sort of ActivityPub Follow notification about second-hand scraping of my content from the people I interact with
Oh: and by the way
I'll use the term 'scraping' if I choose
Letting you choose the language you want to frame your side of the conversation changes nothing about the reality of what you're doing
cc @fediversereport
Holos Social
in reply to FinchHaven sfba • • •@FinchHaven
We respect your position. Your content has been removed and you're permanently excluded from our index.
For anyone interested in how it actually works, the source code is public: codeberg.org/tom79/Holos-Disco…
@fediversereport
Holos-Discover
Codeberg.orgFinchHaven sfba
in reply to Holos Social • • •"For anyone interested in how it actually works, the source code is public"
Oh, right
That great FOSS myth:
Everyone on the entire Fediverse fluently and eagerly audits every single line of any and all FOSS software they use
Dude, I've been running Linux since 1995
That whole "you can audit the source code you use yourself!!" applies to maybe < 0.01% of FOSS software users
cc @fediversereport
Rokosun
in reply to FinchHaven sfba • • •Octavia Con Amore Succubard's Library
in reply to Holos Social • • •Holos Social
in reply to Octavia Con Amore Succubard's Library • • •It's consent-based. We only follow accounts that have "indexable" enabled, are not locked, and don't have #nobot in their bio. If any of these conditions isn't met, we won't follow or index anything. Only public posts are indexed.
@fediversereport
Octavia Con Amore Succubard's Library
in reply to Holos Social • • •@fediversereport ok, so it's still opt-out, then
thanks for being transparent, ar least
Holos Social
in reply to Octavia Con Amore Succubard's Library • • •@OctaviaConAmore
You're right that "indexable" is enabled by default on many instances, and we understand the concern. But this setting already has consequences beyond us: with indexable enabled, search engines like Google can index your public posts and may keep them cached for days or weeks even after deletion.
With Holos Discover, deletions and edits are reflected instantly through ActivityPub activities. And we're visible as a follower you can block at any time.
@fediversereport
Octavia Con Amore Succubard's Library
in reply to Holos Social • • •better than the current low bar is definitely better, I suppose
that said, it's noticeable and telling that you seem to not be proudly starting it's opt-out as a selling point
Holos Social
in reply to Octavia Con Amore Succubard's Library • • •@OctaviaConAmore
You're right, we don't hide it. The "indexable" setting is enabled by default on most instances, which makes it de facto opt-out. We wish it weren't the default, but that's an instance-level decision, not ours.
Being 100% ActivityPub means we detect any profile change instantly. If indexable is turned off, everything is removed immediately. That's the advantage of being fully ActivityPub-native: we follow the decisions made by Fediverse developers.
Eve Ventually
in reply to Holos Social • • •Holos Social
in reply to Eve Ventually • • •@EveHasWords
You're right to raise this concern. We've already shut down the service, deleted all indexed data, and removed the source code.
toot.fedilab.app/@apps/1160514…
Fedilab Apps
2026-02-11 10:14:49
Arnold Schrijver
in reply to Holos Social • • •Holos is a very nice project, congratulations. Note that wrt Holos-Discover, the "How it works" does not explain the search mechanism, and the repo link gives a 404.
Regarding Holos-App the docs mention that it implements a "full ActivityPub server", but it is unclear whether you mean "a full server" (S2S) or the "ActivityPub conformant Federated Server" specification profile, which in a quick peek is not what Holos-App is.. looks like?
ActivityPub
www.w3.orgHolos Social
in reply to Arnold Schrijver • • •@aschrijver
We shut down the service. See toot.fedilab.app/@apps/1160514…
Fedilab Apps
2026-02-11 10:14:49