Cross-app activity feeds: showing public data in new context + open questions

For context: I’m building Sifa, a professional identity layer on ATProto, e.g. a “LinkedIn for ATProto”. One of the features I’m working on is an activity feed on your personal Sifa profile that shows your ATProto activity across apps: your Bluesky posts, Tangled commits, Whitewind articles, Flashes photos, etc.

The data is public, sitting right there in the user’s PDS, and any AppView can read it by design. But I keep going back and forth on whether aggregating someone’s cross-app activity into a professional profile is the same thing as displaying records within their original app… or something qualitatively different.

(This also very much ties in with Trust Infrastructure on ATproto ).

The 2 extremes

I keep bouncing between these two arguments:

A) Show all cross-app activity from all ATProto users.

This is literally what ATProto lexicons enable. If AppViews can’t read other apps’ data, what’s the point of a shared data layer? @flo-bit.dev started a new event RSVP app and it immediately benefits from previous apps creating events. You don’t have to start from scratch anymore, the data is already there and available to everyone.

Also: even if some users might find it uncomfortable to see all their public posts aggregated in a public place: getting them to be aware of this - even if uncomfortable - could be very much a good thing: not because we should violate privacy/data rights, but because the user already made things public and everyone should be very much aware of potential risks of that (especially when this is connected to your real name/identity). Sifa won’t be showing anything that is not already out there for your current employer/colleague/friends/recruiters to already find today. Sifa can provide an opt-out if you want to “hide” certain apps, but that doesn’t change the fact the the data is still out there in your PDS which is your responsibility.

B) Only do opt-in, don’t aggregate anything from non-users.

There’s a difference between “Tangled shows your Tangled commits” and “Sifa shows your Tangled commits AND your Bluesky posts AND your Whitewind articles, AND your Flashes photos etc. etc., all merged into a professional profile.” The individual pieces aren’t surprising. The aggregation however could very well be, especially if the one doing the aggregating is unknown to you. Feels very Palantir.

How ATproto does things publicly, is a technical underlying feature. Do users who use an ATProto app have a reasonable expectation that apps will read their public records? Us nerds know it, but if we get to a point of adoption by normies, is that still the assumption we can make about our users? The user might not even know what ATproto is beyond “oh neat I can sign in with my Bluesky account”.

Technically, Sifa doesn’t store any PDS post data from users at all, we “just show it”. But to a user that difference probably doesn’t exist. Aggregation into a professional context is a different kind of processing than display within the original app context. Your shitposts on Bluesky and weekend pictures on Flashes look different next to your job title (and you probably know this if you’ve ever googled a job candidate). “The data was already public” has been the defense of every data broker ever, and we should probably aim higher than that.

I feel “don’t aggregate because people might not like it” and “do aggregate it: people should know what everyone can already see about them and they need to be aware of this and act on it if needed” all at the same time.

Legal angle

IANAL, but this is how I understand the current GDPR (I’m EU-based, so this isn’t optional ):

• The Art. 6(1)(f) legitimate interest balancing test gets way harder when there’s zero relationship between the person and the service doing the aggregation.

• Meaningfully fulfilling Art. 14 transparency obligations is hard when you have no way to reach those people. There’s a “disproportionate effort” exemption in Art. 14(5)(b), but leaning on that for a core feature feels like the wrong kind of creative.

• Art. 9 : political opinions and health data are still special category data under GDPR even if publicly posted. There’s an exemption for data someone “manifestly made public” (Art. 9(2)(e)), but the bar for that is high.

Where I’m currently at

Considering the above and (my interpretation of) the legal side of things, I’ve currently landed on this:

Case A: you’ve signed up to Sifa.

If you claimed your profile: we can show cross-app activity by default, with per-app opt-out. The user has a relationship with Sifa, was told at signup what would be displayed, and can hide specific apps they don’t want on their professional profile. This feels defensible both ethically and under GDPR. The data is public, ATProto is built for multi-AppView consumption, and the user actively chose to be here.

Case B: you’ve never signed up to Sifa

If your profile is unclaimed: You do have a basic page with some basic info (handle, avatar, display name), but we don’t show cross-app activity at all. Even if all the things are public, this does not give another app the right to pull it in. No scanning, no badges, no activity aggregation. No trust/reputation assessment.

But that feels SO against the ATProto spirit…. aaaaaargh

So… yeah. Help?

1. Are other AppView builders thinking about this? If you’re reading cross-app data, how do you handle the “user never heard of your app but we still have all this data about them” case?
2. Should there be an ecosystem-level convention for this? Something like a PDS-level preference that says “don’t aggregate my data into contexts I haven’t opted into”? Or would that be against the spirit of ATProto?
3. Where do you draw the line between “rendering public data” and “profiling”? A feed generator that reads your posts to rank them seems fine. An app that scans all your collections across all apps to build an activity profile… maybe less fine?
4. Is the claimed/unclaimed split the right model, or are there better patterns?

No strong conclusions from my side. The model I described works for Sifa (and of course we can still adjust where needed, especially in this Alpha stage) but I’d rather figure out good patterns for the ecosystem than just for one product.

I’m in favor of cross-app activity being opt-in only, if only for clutter management. If I have a professional identity, I wanna be able to curate it for presentation, and in that situation it’s better to have nothing by default rather than everything.

I think you should use “Does this activity match the theme of the app?” as deciding factor for the defaults. I wouldn’t consider my Bluesky posts to be relevant, and my film reviews on Popfeed or book reviews on Bookhive certainly mostly aren’t either, but certain activity from other apps may be. I think there are some apps aimed at researchers networking on ATProto.

In some cases, it would be helpful to include or (especially) exclude specific items.

I think using the Bluesky profile as fallback is usually fine on the other hand when navigated to directly (or, better yet, a series of fallbacks ordered by relevance to the theme), after making sure it’s not labelled adult or graphic. Maybe have a small notice that “Name hasn’t shared anything on Sifa yet. By default, Sifa shows activity from Publishing App A, Professional App B, Portfolio App C…” in place of an empty feed.

nice to see you are dogfooding your work on this not only for the forum project but also for sifa!

my personal take is that i used to love shitposting on twitter but i would never shitpost on linkedin, so connecting my personal twitter shitposts to be visible on linkedin is something i would personally not want to do. (and i also would not want my linkedin professional posts to be visible on twitter) hence, i would not wanna use sifa with my bsky shitposting account either, it would be great if i could create a new account and use this as my professional non shitposter career profile and then selectively connect services i own like my tangled (or services i rent, like my github).

I personally dont want my flashes to be visible on my sifa, but I see other people would enjoy this, so I think giving people the option of approving data for pre-approved appview/services is a nice addition.

In favor of B) opt-in (if signing up with my main account), but would prefer setting up a dedicated new account (personal preference).

But that feels SO against the ATProto spirit…. aaaaaargh

I dont think this is against atproto spirit, just because you can move and display your data across apps does not mean that everyone wants to do this, giving people choice (and data ownership) is what i see as atproto spirit

“user never heard of your app but we still have all this data about them” case

Im building Linkname, and initially it was setup that when you visited linkna.me/mydomain.com it would display mydomain.com connected profile pic, name & description

I also enable people to delete their linkname page, and when someone deleted their page I noticed that their page was “still up” still displaying the pic, name & description. I have since deleted the default to display any url of any pds account. now the linkname urls only display profiles for people who actually signed up for the service, and when someone deletes their page, the linkname url throws a 404

“don’t aggregate my data into contexts I haven’t opted into”

on bluesky users can toggle a preference to “not show me for logged out users” which means when visiting the url on bsky app, the user data will not be displayed unless you are logged in. this provides some privacy but is only opt-in for other appviews to use (honor basis).

I personally think this should be an appview decision (and that appviews should honor this existing toggle for hiding profiles for logged out users), the biggest value of atproto is that the data is portable and owned by the user, and if they post something publicly (which is the default now) that appviews should have the right to use that data, otherwise you lose network effects. how and what you aggregate and display is a question of the appview, but if you need opt-in for every user the data for building an appviews becomes so much less valuable

also this article feels related to this last part, the protocol should be unopinionated The Purpose of Protocols – Connected Places

oh and Nick would prob have some valuable insights on this since he built https://atwork.place/ @ngerakines.me

I’m not gonna be on sifa.id for the feeds so I also want this to be opt-in.

As for what I wanna opt in for, I don’t actually want to see a firehose of my posts. Those are best viewed in the platform-specific context they were posted in.

All I want is a GitHub-like activity-graph:

image1836×434 35.8 KB

Let me opt-in various feeds as input for that. That is a much easier magic-aggregator to get started with, and pretty close to default-on because most people will want to toggle on a couple feed sources to see which squares light up.

But also give me a big ‘enable them all’ button as the first thing I see the moment I’ve signed into sifa.id for the first time.

Where/how does my imported LinkedIn data get stored?

In your PDS in the id.sifa.* lexicon

I think today most users are still accustomed to have their identities siloed on each platform and don’t expect activity to be aggregated without an explicit opt-in. I guess, over time Atmosphere would develop conventions around having multiple identities on atproto for different facets of one’s digital life. Or maybe lexicons get consolidated and standardized to delineate those facets. At this stage of Atmosphere evolution I don’t think aggregating all atproto activity makes sense.

It may be an unpopular opinion, but I personally dislike LinkedIn for all its para-social features like posts, likes and follows. I used it solely as a professional portfolio and an always-up-to-date address book. People I worked with some time ago and may need to connect with later are not necessarily the same people I want to follow. If I want to follow someone, I’d follow them on bluesky or wherever else.

Specifically to sifa.id, the activity stream with out-of-context bluesky replies makes absolutely no sense to me and I wish I could turn it off. One cross-app feature I would find useful is if I could pick a bluesky mention by someone and display it as an endorsement on my profile. Another might be picking selected projects from tangled. But all of those are hand-picked and never a blanket firehose import.

Thx for input/feedback!

Yes, control over the activity feed will definitely be part of the controls you will have. You will be able to either totally disable the feature, or toggle specific apps (or lexicons) on and off

Yes, this is also on the backlog as a “Portfolio/Featured” function where you can add specific items from your ATproto activity stream onto either an addition page and/or be able to connect these items to entries on your profile page (like your career or projects.

Activity feed was just added 2 days ago and is still fully in development, many changes to come still

I wholeheartedly agree, and I strongly suspect this isn’t an unpopular opinion.

I’ve collected some links about the flaws (and latent opportunities) of LinkedIn. It’s an open collection so additions are most welcome:

I encourage @gui.do to ask the professionals of the Atmosphere “what do you want in a professional network/profile platform?” as I suspect many will echo your sentiments. Maybe @christian.bsky.social can lend a hand?

Same!