Draft RFC 001 - Bluemoji spec #1
Conversation
aendra-rininsland
changed the title
|
Really excited about this! Especially how the Bsky/AT infrastructure itself allows for such community-driven efforts and how supportive the devs are.
I'm curious, what's the reason behind making
I wanna add that bitmap comparison should be used as extra verification. The bluemoji must match its copyOf record's image to be considered valid, both to prevent false "attribution" and because it simply wouldn't make sense. I also think it would be a good idea to prefer inheritance from an emoji's existing copyOf field (so it would end up referencing the root every time), but that's an implementation detail. I had also mentioned an idea of creating bluemoji signatures. The main benefit is that this extra attribution data would persist if the original record (what would have been in copyOf) is deleted or inaccessible. Signatures would be based on an author secret + image data/metadata, kinda like a jwt (verifiable, cannot be simply forged). Having to copy a self-signature prevents malicious attribution to someone else (you can't sign someone else's name on a malicious bluemoji, and the signature is based on image data so that has to match too). You can still right-click save and self-sign to "steal" attribution, but yeah (also mentioned below). Both solutions suffer from the issue of unattributed copying (right-click save), but I don't think there's any true way to protect against that, as much as I'd like to let people declare bluemoji as personal/private. If you get the image pixels (or SVG shapes etc.), you can always replicate the raw data. Adding extra friction is likely pointless, since one person copying it manually would be enough to let a private bluemoji spread freely. Dunno, short of using unspecified digital ledger technology to literally hash the image data itself, or using a central authority, I think that all bluemoji should be expected to be freely copyable. Copyright is related to this, but that would likely be dealt with the same way that uploaded images work. This is where discouraging copying would make sense ("don't copy this, it's copyrighted/private-use anyway and you'd be DMCA'd" etc.), but I don't know if it's really worth it without adding even more friction at every step and needlessly harming the experience of regular users. |
For what it's worth, everything else also uses also reverse domains they actually have authority over. I assume @aendra-rininsland has registered
I think that's a good idea and has precedent with how threads work. It definitely would make this easier to implement for AppViews, and the network of who copied from which intermediary shouldn't be recorded if it's not also clearly communicated to the user that this is done.
There's potentially a legal conflict there with right-to-be-forgotten implementation. It's not a hard one as long as the signature/attribution can be stripped without further breakage downstream, but generally speaking, putting any form of PII into someone else's repository should be done as sparingly as possible and the original author should have a convenient and easy way to break the attribution unilaterally. |
|
What's the rationale for the I normally would expect an AppView to always derive this information from the self-labels as needed, but maybe there's a legal quirk that I'm not aware of that this helps with. |
|
Thanks both @qazmlp and @MetaflameDragon for feedback —
Again, thanks for bringing this all up, I've definitely thought through packs the least so your input has been really helpful! 💚 |
It definitely shouldn't be omitted. I think it's fine to copy Bluemoji without active validation that the original PDS is still online (that might cause scaling issues if something peaks in popularity?), but validating against the AppView state seems reasonable. Denying copies if the AppView knows the account is deactivated or that the original has been deleted is a good idea in my eyes, and that should then also apply if an AppView (recoverably) fails to initially resolve the record on demand. What if the original has become mismatched? Should the app deny the copy and offer to copy the updated original instead?
Worse, it introduces a race condition regarding which "original" is resolved first by an initialising AppView. You'd need either a record-keeping authority or a distributed ledger to solve this, which… likely does more harm than good from a technical point of view. There'd also be the case where the first "original" is infringing or bridged in from a different network, and that shouldn't prevent the original author from uploading their identical copy.
It may be a good idea to add some simple guidelines on user-facing presentation for cases where the original isn't available/active and how an emoji enters and exits that state. Should apps show only "original missing" or should they distinguish "original deactivated" and/or "original mismatched"? I assume they shouldn't show the author information in the former two cases. |
|
I may break this proposal into two normative parts, the record and sharing. The sharing stuff seems a bit more contentious so should probably separate it out from the implementation section. |
|
Slack has a 128kb limit on uploaded emojis. Keeping the same limit could encourage people to use some of the Slack emoji packs that adhere to the same size limit. |
|
@ngerakines The usecase on Slack is a bit different, Slack is centralised so a user wanting to use a custom emoji on Slack has to effectively download it once. A copy of the same emoji might be used by many different people so would need to be downloaded many times, ergo reducing the size of that payload where possible is important IMO. Tbh in general I would like to disincentivise people from using GIF as a format for emoji (it's heavier and generally looks worse compared to alternatives) but I suspect it would slow adoption to not have it. |
|
Apps are likely to deduplicate these on their end, I think, since they'll want to use hash-based URLs anyway in order to avoid a cache query round-trip. They might also re-encode or at least minify them. That said, the issue remains that each user is likely to see many more distinct emoji over time than on Slack, so their size remains a larger problem than there. |
|
For what it's worth, the upload limit appears to be 256KB on Mastodon (which is probably on the low side for ActivityPub software) and Discord's seems to be the same. They're both less likely than ATProto apps to experience a build-up in any one place with limited resources, though. |
|
Wondering if that :colon-delimited: moniker limited to Latin alphabet is reasonable? Every language except English will have to transliterate. Could be very annoying to people not using Latin alphabet in daily lives. |
|
Separately, the regex for :colon-delimited: format seems to allow dashes on the outside |
Interestingly, the Japanese text emoji on misskey.io do use For what it's worth, Windows's emoji picker is fully localised and only accepts search input according to the currently selected input locale (much to my annoyance). In terms of compatibility, neither Mastodon nor Misskey appear to specify Latin in their respective features (but I have not checked the source code!). Personally, I think the character set limit is not a good idea because it would disadvantage speakers of languages that are hard to transliterate. Due to the use of facets, there also doesn't seem to be an interop hazard regarding Unicode normal forms here. I think it would be a good idea to suggest implementations give the opportunity to rename an emoji in the user's own library and when copying it into there from elsewhere. The UI for showing the original should probably also show the original's (current) shortcode, then. |
|
First of all: really cool to see what you have created here!! I'd drop the recommendation to use the Dotted Circle as fallback and only strongly recommend to display :alias-name: This is what applications that do not implement blue.moji would do as well. Maybe add an optional What is the The Why is
|
I've raised before that there should be room in the AT URI syntax for CIDs, this would solve this problem quite elegantly but for now you could use a strong ref type that includes a URI and a CID. See thread Regarding sharing emoji: We're thinking about building Communities into Frontpage and I think custom emoji would form a part of this. We're looking to support adding emoji to a community and attributing emoji to a community. This is a slightly weaker definition of attribution because it's only there as a way to signify that you part of a community when posting somewhere else - it's a badge on a tote bag. All this to say that I think the ability to use someone else's emoji in your record is a really important and powerful thing. |
You may want to look at very low-friction copying from communities instead, I think. Discord gets around the "controlled by someone else" problem by using unique IDs internally I believe, so if an emoji is deleted by a community/server, that shouldn't automatically make it unavailable in past messages there if I'm not mistaken. (I haven't tested this.) It would be a problem if Bluemoji didn't have an equivalent property. Would communities be ATProto profiles? If so the Bluemoji could be created by/attributed to that community profile and its bio could link to the community as seen through Frontpage under the existing schema, I believe. |
I tried to write a better regex for this: ...But then I realised rkeys are restricted to latin characters, alas. See: |
Is this any better? bluemoji/rfcs/0001-bluemoji.md Line 39 in 43fa031 |
|
I have updated the RFC and created a second RFC for sharing. Please provide feedback on the most recent diff. My goal is to get the base implementation solid and add sharing secondly. |
| wrapped in `:` character (e.g., `:alias-name:`), hereafter referred to as a | ||
| "colon-wrapped alias" or simply "dotted-alias". | ||
| to render the Bluemoji. The record name itself must match | ||
| `^\b(?<!-)[a-z0-9-]+(?!<-)\b$` and does not include `:` characters; when |
There was a problem hiding this comment.
Which RegExp syntax is this? In JS this should probably be ^(?!-)[a-z0-9-]+(?<!-)$ for negative lookahead and lookbehind -, respectively. \b isn't needed at the start or end of the string.
| approach that may become popular as more clients begin to support Bluemoji in | ||
| the future, especially given that the facet contains more accessibility | ||
| information than the colon-wrapped alias provides. | ||
| there's no way of enforcing that given how ATProto facets work. |
There was a problem hiding this comment.
Removing the non-descriptive fallback from previous revisions here seems good to me 👍
The full fallback may be a bit annoying with the low character limit in the protocol, but that's app-specific to Bluesky, so I agree it's best not to suggest a less useful alternative in the general case.
This is the initial draft of the Bluemoji RFC. Constructive feedback is very much welcome. ✨💚
Please see rfcs/0001-bluemoji.md.