ActivityPub makes it easy for servers to talk to each other. It uses familiar web technologies—HTTP, JSON—so developers can build compatible software without learning new concepts. It has a real ecosystem and real users. These are genuine achievements.

Our work centers on a few principles that ActivityPub doesn't address:

Content integrity. In ActivityPub, content lives on servers and can be changed at any time. There's no built-in way to verify that what you're reading is what the author actually wrote. You trust the server.

Permanent links. When an ActivityPub server shuts down, all the links to content on that server break. The content may exist somewhere as a backup, but the addresses stop working. Links are tied to servers, not to content.

Author signatures. ActivityPub uses signatures to verify that messages came from a particular server, but it doesn't sign the content itself. This means you're trusting the server operator, not the author directly.

These are design choices that led to an easy-to-adopt standard. ActivityPub was built to federate social interactions across servers, and it does that. But if you care about content that stays verifiable and linkable even when servers come and go, you need different foundations.

Protocols like HMproto take a different path. Content is signed by authors, not servers. Links point to content itself, not to fragile URLs. Anyone can verify that a HM document is authentic, and links work as long as anyone, anywhere, still has a copy.

This approach has tradeoffs too. It's harder to build, harder to explain, and the tooling is less mature. We're still figuring out many of the details.

We don't think ActivityPub is bad. It brought decentralization to people who had never thought about it before. That's valuable.

But we think there's room for protocols built on different assumptions: protocols where your content truly belongs to you, where links don't rot, and where trust grows from cryptography rather than server operators.

That's what we're building toward.