From Mew
Jump to navigation Jump to search


activitypub-proxy (APP) is open-source malware written specifically for the purpose of circumventing fediblocks (a consent violation). According to APP's Git repository as of 13:27 UTC and earlier (

A simple proxy for ActivityPub that lets you circumvent blocks by masquerading as another domain name.


So for example, say you want to follow but the woke administrator has blocked you (or your instance blocked them wtf, and you have a proxy at * that would make which you can theoretically follow and fully interact with just like the real user.

APP is currently in use at; we expect more such relay domains to pop up, given the apparent ease of installation.

There is a tool for detecting usage of this malware in development as of 2022-12-24.

TootCat will fediblock any domain found to be hosting this software.

It was authored by fedi user "lamp", a known bad actor.


APP revised self-justification

APP's Git repository has been modified as of 2022-12-24 18:42 (ET) to include this argument in support of using it:

The intended usage of this is as an alternative to using alt accounts or moving your account to circumvent whole-server blocks that have nothing to do with you and are unfairly cutting you off from mutuals, despite your particular account being compliant with their rules.

The stated problem (whole-server blocks that are not the user's fault) is legit, but this is possibly the absolute worst way of dealing with it.

  • Most instances will only silence other instances known to not be festering cesspools, which allows users on the silencing instance to still follow individuals on the silenced instance.
  • If an instance has been blocked completely, it is probably a festering cesspool. If you are not yourself a supporter of festering cesspools, WTF are you still doing there? Go somewhere better.
    • Sure, you're studying the cesspool like a scientist would study a contagious virus. Go for it. But science requires sacrifices, and federation with your cesspool-hosted account is one of them.
  • If you instance is not a festering cesspool and has been fully blocked for other reasons, consider asking your mutual to appeal to their instance admins to remove or soften the block. (TootCat has done this several times within recent memory.)
  • This tool does not merely allow innocent victims of misguided instance-blocking to evade domain-blocks, but also allows individuals who have been directly blocked -- either by an instance or by an individual -- to evade those blocks. Using it signals a willingness to evade other people's social boundaries, and is a bright red flag.

admin-blocks violate consent?

There have also been arguments made that administrative blocking (i.e. the entire instance doing a block, rather than individual users doing their own blocks) is somehow a violation of consent of the blocking instance's users.

This argument is fash bullshit that doesn't really deserve a response, but I will give one for the record.

1. On TootCat at least[1], our users expect us to do this work and are grateful that they don't have to block every single troll themselves. We explain our blocking policy up front, and people join us with the expectation that we will actually act on it; failure to do so would be a violation of that trust, and of their consent.
2. Unless every user on an instance blocks a user, that user's posts will still show up in the federated timeline. Admin-blocking prevents that.

Item 1 in particular shows how this argument is a reality-inversion (as well as DARVO: the defederating admin is now the abuser, and the victims are the admin's own users and the troll), and therefore pure concern trolling.


  1. and, I would hope, most other instances -- with the obvious exception of "free speech" instances that basically don't believe in moderation and will do only that which is legally required