The problem is that Fedify's Activity Vocabulary API supports property hydration. Fedify intentionally hides the following three states of properties of Activity Vocabulary objects, which seems to hinder the application of an origin-based security model:

1. When a complete object is embedded within a property of a JSON-LD object.
2. When a property of a JSON-LD object references an object by URI.
3. When it was initially #2, but the property has since been hydrated.