Using HACK rn and its great ;) I’m new to HN since using reddit less and this app is really easy and snappy to use. I particularly enjoy the “best comments and posts” feature. If I could offer one feature for the future, would it be possible to specify the range of time to view best posts from? Love using the app nonetheless!

> The user data gets submitted to multiple servers and retrieved from multiple servers. Users can add their own servers if they like too.

Can you give us more details? How can you do this without creating double posts from multiple accounts?

Each action from the user (post, comment, votes etc) are signed by their private key. The resulting signature is sent along with the public key. The servers and clients all verify the signature with that public key.

Wait, so using the same private keys on multiple accounts on separate instance can work? When you post a comment from all those accounts with the same private keys at the same time, the servers will accept only one of them? How does replies work? Will replies to your comment get sent to just one instance or all your user accounts in other instances as well. Is this only works on lemmy or is it a hack that's not always supported by all ActivityPub implementations?

Sorry for the barrage of questions. I knew that accounts already have private keys associated with them, but I didn't know it's possible to use them at the same times across multiple instances without any negative impact.

No, I think you might be conflating my implementation with what the Lemmy/Fediverse/ActivityPub does. I am not using any of those. Unlike those, in my LimeReader, there’s no real concept of “accounts” or registration. The “login” phase is mostly used to help users easily generate the public private key pairs. But they don’t necessarily have to do it on my site. Any valid ECDSA p-384 key pair will work.

I am using ECDSA P-384 for the keys and signing. Browsers come with the CryptoSubtle library which does this natively, so I am able to build it all with pure vanilla javascript without frameworks:

https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypt...

The client (browser) creates the public private key pair. The private key pair never leaves the client device. The client uses the private key to sign the records (data such as user metadata, comments, posts, votes etc). These signed records get sent along with the public key and signature to multiple servers hosted by multiple people and then fetched by multiple other clients from these servers. The servers (if they want but highly encouraged) verify the signature of the records using the public key. If verified, then it stores that record as “belonging” to that public key. The public key is basically the user’s identity. It’s also unique. So one public key is one account only. When other clients fetch these signed records, they also verify the signature.

Behind the scenes, there are no “real” accounts on servers. There are only records which have been sent by the public key and been verified. Using these records, the clients create the metadata of accounts, communities etc.

The API will be only 2 endpoints - /search and /create.

The /create accepts the signed records of various types. These are the types of records which can be created for my site which I also think should cover most similar sites: user, community, text, reaction, hide, bookmark, pin, award, view, delete, follow, report, collapse, media

The /search accepts the filters which are enough to build the feed of a link aggregator like website.

The signature of each record is unique due to the benefit of ECDSA signatures. So, the signature also becomes the “id” of your record. The replies to your comment all reference this “id” i.e. the “signature” of the comment they are replying to. These replies get sent to multiple servers (whichever ones the client has configured). Unlike the Fediverse, in my way, the servers don’t talk to each other. The client talks to multiple servers and sends its signed records to them.

I will have a more detailed write up in the coming days. I am having to have all this work as seamlessly as possible so that to a non-techy person, they shouldn’t have to understand such complexity. On the front end, it will look like a simply link aggregation site.

This seems to be very interesting and address the main drawback for current federated apps implementation. I do hope you can support ActivityPub somehow because you can jump start your community by allowing interaction to mastodon and lemmy/kbin instance. You don't have to expose all your feature set, just enough to allow people from those communities to talk to your community

Love HACK. Would you be willing to add a Six Colors icon like Apollo has?

Looking forward to LimeReader!

Thanks for the feedback. I will add that icon in the next update.