New participants in the thread, might want to preemptively federate responses.
> Seems like it could possibly be abused to spam remote servers but idk.
Anything could be used to spam remote servers, really. AP is a spam protocol.
Step 1: write two tiny programs: one provides just enough endpoints to subscribe to a relay and floods it with Announces, the second responds to every request it receives with a fake AP message that refers to other AP messages on servers running that program, creating an infinite chain of replies. The latter could be done with a 20-line program, it's just sprintf/getenv/rand, a handful of hard-coded server names, and a hard-coded ball of JSON with a stock message in it. (For bonus points, make it something people will repost/reply to/etc. Perhaps suggest they join the "Don't Marry Movement". Maybe throw in something that fabricates users, maybe use the URL as a seed so the same object gets fabricated.)
Step 2: drop $5-10 on a dozen shit-tier VPSs.
Step 3: drop $5-10 on the cheapest domains you can. Point the wildcard DNS records at the hosts from Step 2.
Step 4: Get as many LetsEncrypt certs as you can for subdomains on those VPSs. I think the rate-limit is 300 per IP.
Step 5: Sign up for every relay from every subdomain. Politely thank the relay every time it sends you a message, and send the message into the garbage. Have every host start flooding every relay with Announce messages that point at your servers. (Remember, your /objects/ endpoing never 404s because it always responds with a fake message, so this works as quickly as you can toss random garbage.)
Step 6: Wait for the federation backends on every server to jam up, fetching infinitely long threads from an infinite number of accounts across 43,200 (300*12*12) hosts. It's all outgoing requests, people don't even *notice* the DoS half the time. It's all different hostnames and several IP addresses, it takes forever to figure out what's going on. People that figured it out can't communicate with people that haven't figured it out because the federated pipes are jammed up.
Step 7: Everyone's Raspberry Pi fills up its microSD card.
Step 8: Please do not do this.