diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php
index 22dbaad84..1fa8b3979 100644
--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
@@ -829,8 +829,7 @@ class Activity {
 		if ($iconfig && array_key_exists('iconfig', $item) && is_array($item['iconfig'])) {
 			foreach ($item['iconfig'] as $att) {
 				if ($att['sharing']) {
-					$value = ((is_string($att['v']) && preg_match('|^a:[0-9]+:{.*}$|s', $att['v'])) ? unserialize($att['v']) : $att['v']);
-					$ret[] = ['type' => 'PropertyValue', 'name' => 'zot.' . $att['cat'] . '.' . $att['k'], 'value' => $value];
+					$ret[] = ['type' => 'PropertyValue', 'name' => 'zot.' . $att['cat'] . '.' . $att['k'], 'value' => unserialise($att['v'])];
 				}
 			}
 		}
@@ -2674,8 +2673,8 @@ class Activity {
 			$s['item_private'] = 2;
 		}
 
-		$ap_rawmsg = '';
-		$diaspora_rawmsg = '';
+		$ap_rawmsg = [];
+		$diaspora_rawmsg = [];
 		$raw_arr = [];
 
 		$raw_arr = json_decode($act->raw, true);
@@ -2704,14 +2703,14 @@ class Activity {
 
 		if (!$ap_rawmsg && array_key_exists('signed', $raw_arr)) {
 			// zap
-			$ap_rawmsg = json_encode($act->data, JSON_UNESCAPED_SLASHES);
+			$ap_rawmsg = $act->data;
 		}
 
 		if ($ap_rawmsg) {
 			IConfig::Set($s, 'activitypub', 'rawmsg', $ap_rawmsg, 1);
 		}
 		elseif (!array_key_exists('signed', $raw_arr)) {
-			IConfig::Set($s, 'activitypub', 'rawmsg', $act->raw, 1);
+			IConfig::Set($s, 'activitypub', 'rawmsg', $raw_arr, 1);
 		}
 
 		if ($diaspora_rawmsg) {
diff --git a/Zotlabs/Lib/Config.php b/Zotlabs/Lib/Config.php
index cd8b08991..139affa09 100644
--- a/Zotlabs/Lib/Config.php
+++ b/Zotlabs/Lib/Config.php
@@ -132,8 +132,8 @@ class Config {
 			$value = App::$config[$family][$key];
 
 			if (! is_array($value)) {
-				if (substr($value, 0, 5) == 'json:') {
-					return json_decode(substr($value, 5), true);
+				if (str_starts_with($value, 'json:')) {
+					return unserialise($value);
 				} else if (preg_match('|^a:[0-9]+:{.*}$|s', $value)) {
 					// Unserialize in inherently unsafe. Try to mitigate by not
 					// allowing unserializing objects. Only kept for backwards
diff --git a/Zotlabs/Lib/IConfig.php b/Zotlabs/Lib/IConfig.php
index 3540c2b24..87a9bdf0c 100644
--- a/Zotlabs/Lib/IConfig.php
+++ b/Zotlabs/Lib/IConfig.php
@@ -44,12 +44,24 @@ class IConfig {
 			dbesc($family),
 			dbesc($key)
 		);
+
 		if($r) {
-			$r[0]['v'] = ((preg_match('|^a:[0-9]+:{.*}$|s',$r[0]['v'])) ? unserialize($r[0]['v']) : $r[0]['v']);
-			if($is_item)
+			if (str_starts_with($r[0]['v'], 'json:')) {
+				$r[0]['v'] = unserialise($r[0]['v']);
+			} else if (preg_match('|^a:[0-9]+:{.*}$|s', $r[0]['v'])) {
+				// Unserialize in inherently unsafe. Try to mitigate by not
+				// allowing unserializing objects. Only kept for backwards
+				// compatibility. JSON serialization should be prefered.
+				$r[0]['v'] = unserialize($r[0]['v'], ['allowed_classes' => false]);
+			}
+
+			if ($is_item) {
 				$item['iconfig'][] = $r[0];
+			}
+
 			return $r[0]['v'];
 		}
+
 		return $default;
 
 	}
@@ -73,7 +85,7 @@ class IConfig {
 
 	static public function Set(&$item, $family, $key, $value, $sharing = false) {
 
-		$dbvalue = ((is_array($value))  ? serialize($value) : $value);
+		$dbvalue = ((is_array($value))  ? serialise($value) : $value);
 		$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);
 
 		$is_item = false;
diff --git a/include/text.php b/include/text.php
index b66c2abcd..05700072a 100644
--- a/include/text.php
+++ b/include/text.php
@@ -4098,7 +4098,7 @@ function unserialise($x) {
 	if (is_array($x)) {
 		return $x;
 	}
-	$y = ((substr($x,0,5) === 'json:') ? json_decode(substr($x,5),true) : '');
+	$y = ((str_starts_with($x, 'json:')) ? json_decode(substr($x, 5), true) : '');
 	return ((is_array($y)) ? $y : $x);
 }