I Was Right About ATProto Key Management
92 points by mtset
92 points by mtset
For all its quirks and faults, ActivityPub remains the choice for Actually Existing Federation if you care about that.
At the same time, AT's design means that several features AP has like private posts and DMs just can't be implemented in AT (bsky DMs don't go through atproto at all; I'm not sure if there's even theoretically a mechanism for someone on Blacksky to DM someone on Bluesky).
(bsky DMs don't go through atproto at all; I'm not sure if there's even theoretically a mechanism for someone on Blacksky to DM someone on Bluesky).
Not yet, but private data has been an important priority of the team and they've been trying to work through a design.
You'll have to forgive me if that doesn't strike me as particularly heartening. The whole system is designed around entirely public repos, with all private state held by the centralized actors. My experience here is a great example; the protocol has a vulnerability - people acquiring domains referring to deleted did:webs and resurrecting them - and they resolved it by... breaking the experience of decentralized users in their centralized system.
People (not just me!) told them they would have issues with things like this from day one of the protocol being discussed openly. If they wanted to support private data, from DMs to posts, follows, and so forth, why not build in a mechanism for that from day one, rather than having to migrate to a protocol that supports it?
You'll have to forgive me if that doesn't strike me as particularly heartening.
I wasn't trying to 'hearten' anyone, I was just trying to answer the question the parent asked.
If they wanted to support private data, from DMs to posts, follows, and so forth, why not build in a mechanism for that from day one, rather than having to migrate to a protocol that supports it?
Because you don't always get to pick when you ship. Sometimes, you have to start somewhere and then build on to more things later. Bluesky's early history is fundamentally intertwined with Twitter/X's, and outside events shaped what has transpired just as much as decisions by the team have.
That said, that doesn't mean you have to like what they shipped. But that doesn't mean that there aren't reasons for choosing the things they've chosen and the order they've chosen to do them in, even if you personally disagree with those choices.
I wasn't trying to 'hearten' anyone
Apologies, I read your invocation of the roadmap as reassurance. "This feature doesn't exist, but it will soon!"
I understand they were under pressure to ship. What I don't understand is why they didn't work with any of the existing and actually decentralized social media projects out there.
The very first thing Jay (bluesky ceo) did that got her involved with the project (before it was even a company!) was making a colossal spreadsheet listing every single decentralized social media project they could find, including many obscure ones, and document in detail the specific pros and cons of each of them as a foundation for a Twitter replacement.
They did work with other decentralized projects extensively, and continue to do so.
What I don't understand is why they didn't work with any of the existing and actually decentralized social media projects out there.
I find it frustrating that you always presume bad faith.
They did extensive research on what was out there. Previous work did not meet their needs. It's as simple as that. I have never found the team to be hostile towards other projects. A bunch of folks had even worked on some of those other projects! They just have different design goals, and therefore, different systems get built because of it.
I, and others, have spent several years going "hey look this part of the system is centralized" and hearing, from you and others, "just wait, it'll be decentralized eventually!" or "it's decentralized in principle, even if not in practice!" or, worse, "no, I promise, it is decentralized" before finding out that it is not. (That was even on here!) I have been literally, actually, directly lied to by people about whether or not certain software components are available outside of the Bluesky platform. That's as bad faith as it gets!
But in this case... I don't really think I am assuming bad faith? I didn't say, "why didn't they evaluate other projects." I absolutely believe they did. You say those other projects didn't meet their needs, and I'm curious about how, specifically, they didn't.
A big way ActivityPub didn't meet their needs is that binding user identities to specific named server instances was a major UX regression compared to Twitter, and a founding philosphy of Bluesky was "no UX regressions compared to Twitter". Ordinary people don't want to have to figure out how to pick an instance and worry about the consequences of that. They want to be able to just go with whatever thing they heard of from their friend and have a way to deal with changing their mind about that later if they need to once they understand the app and ecosystem better.
Yeah, I absolutely agree. I think portable identity is really cool, and the work Bluesky and Spritely have done there is worthwhile and interesting.
What I don't understand is why they didn't do that work on top of existing server implementations that already did most of the rest of what they wanted, which would have then benefited the users of those servers!
Look, I agreed with you when I first heard about this project. But then it actually launched and I read through the specs and designs and built my own things on top of atproto.
There was no way to get the features they wanted on top of the existing decentralized social media protocols. User identity systems are really foundational, and it's extremely hard to work around their limitations if they don't fit your desired feature set. ActivityPub and the fediverse were okay with user identifiers being tied to specific DNS domains hosting them. Bluesky wasn't okay with that, for UX reasons. So there wasn't really an option of "just build on top of activitypub" - it would have required completely changing the fundamentals of how accounts work. It was discussed, and the existing ecosystem wasn't interested in that.
Fair enough! I'm still looking with interest at some of the proposals to build DID-like mechanisms into the Fediverse, and of course, as ATProto continues to become more decentralized, I'm becoming more interested in it, too :)
I don't really believe that you're having an honest conversation, and so I'm just going to bow out. I answered the question that was being asked, I'm not really interested in re-litigating all of this with you.
Steve, between this exchange and how I've seen you approach talking about LLMs I'm suspecting it isn't possible to have a "good faith" discussion that isn't just agreeing with you. Seems a little... bad faith!
I have plenty of disagreements with people about LLMs and about atproto! All the time! And they're good discussions.
They often don't happen on lobsters, because I find that posters on lobsters tend to be not particularly interested in having discussions. They're more interested in posturing about how they're right.
The parent has made it very clear over and over again that they're more interested in lecturing from their own opinions about things than engaging in a real way. I actually find what's in the post itself to be fairly decent, if you're willing to strip away the desire to cast atproto in as poor a light as possible. For example, pointing out that all of this is very undocumented? Yes, that's a great point, and it's also very true. But ultimately, that's not what this post is about. And that's why, you'll note, I didn't engage with the parent until they engaged with me.
I originally quit this site for six years because of friendlysock's repeated behaviors. I came back because I couldn't stand someone I respected being attacked publicly in bad faith, and decided to stick around again, because things had improved. But now, I see this site as mostly being a collection of friendlysocks, rather than just one. It's actually gotten worse.
So yeah, sure, I'm out again. Maybe I'll answer questions about jj from time to time, because it's a technology I truly care about enough to put up with all of this. But don't expect posts otherwise. Maybe I'll come back in a more real way in years again.
But now, I see this site as mostly being a collection of friendlysocks, rather than just one.
You know, I haven't seen anything particularly egregious in this thread (from you either) until this comment right here. That and your snarky comment to your Bluesky followers linked below does actually lead me to think that the parent comment might be correct. But I know we can't all be perfect on the internet 100% of the time. I just want to say that I was enjoying the conversation up until this point and I don't think lashing out at the lobste.rs community is really an appropriate reaction here.
For those curious about intriguing upvote totals in this thread, it is being brigaded after being linked from the parents' large social media account https://bsky.app/profile/steveklabnik.com/post/3mdbpu2budk23
Instead of assuming malice, maybe assume there are Lobsters users like myself who don't really care for the earlier discussion but agree with ~steveklabnik that the tone of the discussion was not in good faith. It was snarky and rude about developers who've clearly worked really hard on a protocol, and then disrespectful to Klabnik, by pretending not to know what he means. ATproto isn't perfect, but it's being worked on. "It'll be decentralized eventually" is a valid position for a project to hold on something they rushed to market to capitalise on an exodus of Twitter users.
Not specific to this topic - for promises of future functionality coming from the tech industry, I place very low weight on things that have yet to materialize after a generous grace period of several years. Call it hype fatigue. ActivityPub-based stuff isn't immune to this either. Cross-forge PRs have been in limbo for a while.
Right, and it's not like DMs or private posts are some new feature people only just realized they wanted.
To be realistic, not a single decentralized social network in existence has Solved private communication. Every existing attempt either has critical security issues, UX problems, or there is an adoption/implementation gap. ActivityPub, ATProto, and Diaspora all currently lack any mechanism for actually private communication.
NoStr has, after many failed obsoleted extensions, most recently published extension support for MLS but it's contingent on your client's implementation and behavior, and is not exactly battle tested yet. There exists an extension to SSB called Private Box, but essentially all of the SSB GUI clients that support it have been discontinued for several years.
It absolutely should not be undersold as some oversight that devs forgot to hack together and ship overnight without issue. These two features are, I think, the most difficult to get right on a protocol level.
To me there is a difference between not having E2EE chat baked into the protocol and having no concept of any way to limit information from being available to anyone who asks for it. I agree that encrypted communication in a decentralized network is difficult. I don't agree that less public information is.
If you trust your operator and all the nodes they communicate with in the network to not read your private content, then yes it is not technically complicated to just arrange that an API not expose certain things to clients on their endpoints based on who should see it and shrug your shoulders at all the avenues where such an approach can easily be defeated.
However, I suspect that such half measures would end up more like a way to do security theater that makes users feel more secure in their use of a system than they actually are, which is incredibly dangerous. Taking such half measures would just erode any trust people have in a network the day that their supposedly private information is all leaked and people get dox'd and swatted.
If I were any of the reasonable people involved in the development of any of these protocols, I would also oppose such half measures being baked into their API's.
If you trust your operator and all the nodes they communicate with in the network to not read your private content
This is exactly how my longest-lived fedi account is: it's a locked account on a server run by a friend, connected to servers run by friends and friends-of-friends, and I post only followers-only.
This is not proof against all attack, but it's security commensurate with the threat model. I post emotionally vulnerable things, but nothing incriminating or unethical.
I'm not at all asking for E2EE, just "some way to send another user a message or make a post that isn't in the big atproto firehose".
that has nothing to do with atproto then, that is centralized messaging, which bluesky the application has already implemented outside of atproto, minus the private posts part
Lobsters still require invites to get accounts and vote, though, so it seems less likely to be subject to brigading by random social media followers than most. As of a minute ago, Lobsters has 19,550 users.
What fraction of them 1) saw Klabnik's comment on BSky, 2) weren't already active on Lobsters, and 3) chose to login and start voting on this? (Only 2 users joined since this article was posted, so there's certainly no rush of signups to defend him.)
I think the upvote totals are more likely to reflect actual sentiment from regular users.
At the time of posting the replied-to message had accrued an anomalously high number of votes within ten minutes. It was pretty conspicuous for something buried like eight comments deep.
None of the absolute vote totals in the comments are high enough to make me bat an eyelash.
As for the depth, so what? It's easy to read all the comments of a post on Lobsters, because there's just not that many. If anything, deep comment threads indicate something of interest to people.
I think you're seeing nefarious activity where there's none.
For people like me who follow all comments via the /comments page, rank within a specific comment tree is irrelevant.
Even taken out of context, the comment (id 1ynvf2 to confirm what we're talking about) has enough info to invite a sympathetic member to upvote it, in my opinion.
I'm just stating this as a possible explanation to a sudden burst of upvotes, regardless of it receiving exposure on other sites.
This is not just embarrassing behavior, it is a violation of the Lobste.rs Guidelines:
Lobsters is more of a garden party than a debate club. We're learning things we didn't know to be curious about and sharing what we've made. Disagreements are normal but fights are not; it's OK to make your point, share a resource, and let someone be wrong. Abuse and bigotry are unwelcome.
This conspiratorial idea that the microscopic crossover of Bluesky users that also follow Steve and have an account here, are gaming the upvotes, a metric which nobody actually cares about anyways, is clearly just a way for you to continue to direct abuse at Steve for speaking out about a piece of technology you don't like!
It's not like I even have a dog in ATProto vs ActivityPub. They are just similar technologies made by different people that made different trade offs; ok, so what, it's honestly not that serious. But I upvoted Steve because he rightfully called the behavior in this thread as non-sequitur abuse, which in my opinion is doing no favors to anyone, including those who react to the standard of discourse on this website, and especially those who advocate for ActivityPub.
Yeah, I wasn't sure whether to flag it or not, since I have no prior experience with most of the people in this thread.
I don't yet know if it's an isolated mistake or a regular pattern, but I use a userscript called UTags to attach tags to usernames, which quickly surfaces repeat bad behavior.
I'm now on lobste.rs since 7 years and from my observation you do seem to end up in these heated discussions about things you really like and others don't for various reasons. I was once involved helping in one of these where things were simply factually wrong from my (and your) POV.
Honestly ? Simply staying out of these discussions or just stating some facts and logging out is the best. A submission with 93 upvotes, 112 comments (more than upvotes) and a title like this screams mud fight (or editor fight) to me. No way the comment section of lobsters is going to resolve long standing tradeoffs between decentralized-, centralized- and systems in the middle.
Hope you're staying here for the actually interesting topics (or rather topics for which it's not as much a question of priorities and preferences).
The purpose of commercial enterprises (like bluesky) is to make money for shareholders. Not to act in good faith (or bad). Nobody is claiming you are acting in bad faith, and nobody should expect any commercial enterprise to act in "good faith" because moral good and bad are meaningless concepts in a boardroom.
It's undeniable that there's a lot of money in being at the center, not so much in making tools to build a system with no center.
According to Wikipedia, Bluesky Social is something called public benefit corporation: „Benefit corporations explicitly specify that profit is not their only goal”.
This seems performative to me. It's still a for-profit corporation, the people who stand to make that profit are still making the decisions.
Yes, Public Benefit corporations are in fact entirely performative. All it requires is that you specify that you can have pro-social goals other than profit; there is no requirement that you actually do anything positive. Any company whether decent or vile can claim to be a public benefit corporation just by amending their bylaws to say so.
Companies that do this often benefit from confusion between "Public Benefit Corporation" and B Corporation, which is a certification that actually does have qualifications that must be met beyond just saying "yeah trust us guys, we are good."
In the USA, a benefit corporation has two goals: profit, and passing a corporation-specific annual audit. The audit is arbitrary and advisory; benefit corporations get to have some non-profit goal but they do not have to pick a goal which benefits society.
Sadly, that seems to be just words on paper, and there's no actual laws to keep them on track. At least when you compare to EU non-profit laws.
I hope they can figure something out, but lately I've been at the point where I don't really put much stock in "they're working on a design" for technical projects (not just bsky here). I can't evaluate whether any of the technical proposals linked elsewhere in this thread are any good, but my default stance is that it won't happen any time soon, if ever.
There is probably a way to do private stuff on ATProto, which is how they solve everything else basically: by introducing a new "app" (i.e. a new server, with a custom backend/AppView) that deals with encrypted data and introduces yet another centralized point-of-failure that is impossibly hard to migrate out in practice, like Bluesky.
No, this is not how it will likely work out. The current proposals seem to be starting with introducing a protocol extension to the PDS to allow it to store records that don't get sent out of the firehose. Paul Frazee summarized some of the approaches being explored here: https://www.pfrazee.com/leaflets/3lzhui2zbxk2b
I think email is a fine choice, its the only one I can reliably reach all my friends and family.
Agreed. I have been putting a lot of effort towards moving my social connections to e-mail, and I really enjoy connecting with people that way.
Maybe we just all need to be on a big listserv.
I enjoy emails so much that I made a new "reply" feature for the offpunk browser which is simply "sending an email to the author if I could find that email". After only two days of testing, I’m already sold to Gemini+Email as my social network of choice ;-)
100% I thought about implementing comments for my blog/capsule, but then I just added a footer that says "send me an email". I occasionally get some!
Honestly, getting an email about my posts or things really makes my day. To me it's almost as good as getting a real letter in mail. It feels more personal, thought out, and gives me the warm fuzzies.
And it sometimes create meaningful exchanges. That’s why I wanted to make it easy for me to send a mail to reply to a blog post/gemlog I’m currently reading.
Only because you and all your friends and family use e-mail from the same 3 big companies :)
Slightly off-topic, but does ATProto have something analogous to the FEP standardization / extension process where changes to the protocol are publically discussed?
Nothing that formal yet. They're currently in the process of turning ATproto into an IETF-owned spec with its own RFCs and such. Once that effort's done, the IETF RFC process will become the manner in which changes to the protocol are made and discussed. You can see the draft specs here: https://github.com/bluesky-social/ietf-drafts
ATProto seems to be "decentralized on paper." Lots of words, but when you try to actually do something, this kind of deal happens. I'll gladly stay on ActivityPub side.
I've definitely remarked that a lot of the downsides people point out of AP (petty server admin drama can blow up your social graph) compared to AT are only downsides because AP has had years and years of federation in practice, compared to AT which... well, hasn't.
That's not to say that those downsides aren't real (there's a reason I self-host AP), but.
I also selfhost my instance, and I think multiple small instances over few big ones is much better, so I do it for that reason alone.
It is sad that people buy the weird decentralization claims of Bluesky, when the entire concept of ATProto is half-baked at best, in theory, with awful incentives, and completely centralized in practice.
Also I don't see how BlackSky having an AppView being available would help in any way. You would basically have to get all your Bluesky friends to use BlackSky (or use both somehow in a way that isn't implemented) in order to read your stuff. And you can still be banned from BlackSky for whatever reason and lose it all again.
"You would basically have to get all your Bluesky friends to use BlackSky (or use both somehow in a way that isn't implemented) in order to read your stuff."
This is not true. Users on either app can follow and read users on the other one. Also appview-level bans don't delete your data, you don't "lose" anything, and PDS-level bans won't make you lose your data if you bother to back up your PDS at all.
If I am banned by Bluesky and create my own AppView and publish there are my posts going to show up for all Bluesky users? No. That's what I mean.
I didn't mean I would lose my data. Data is worthless, backing up data is easy. I meant I would lose my connections.
Suppose I'm banned by Bluesky for whatever reason, then I move to Blacksky: now none of the Bluesky users will see me, but then I go door-to-door and convince all of my friends to move to the Blacksky app so they can see me, then the next day Blacksky decides to ban me. I lose all these friends again and now I have to create Purplesky and convince everybody to switch again.
(The above example is assuming that Blacksky and Purplesky will run their own AppViews, which Blacksky doesn't do today and it costs an absurd amount as it has to process and index data from everybody under the sun.)
A minor correction: Blacksky does indeed run its own AppView, though it is not generally available at the moment.
That aside, I actually think my situation is a great example of what you're saying. My friends who use the Bluesky AppView can't see my posts, so it's not much good to me that I can make those posts unless I convinced all of them to move... somewhere.
It's weird that they can't see your posts. Nothing you're doing should require that other atproto users need to do anything special to see you. Is your PDS talking to relays correctly?
Yes, verified with other users and with https://debug.hose.cam/! There is an undocumented feature of the AppView that, once a did:web-associated account is deleted, that did:web is "burned" forever, and the AppView won't acknowledge it. This has differing outcomes: on bsky.app, I'm invisible; on blacksky.community my username and bio are visible but my posts aren't; and on the Blacksky appview, my profile reads only "Invalid Profile", but my posts are visible.
It's a weird and interesting failure mode!
Ah, right, that's because DNS domains can be resold and nobody wanted a world where forgetting to renew your credit card before it expired meant somebody else got to take over your social media accounts. Really the core problem there is your use of did:web - it's more of an escape hatch for various infrastructure corner cases than a serious alternative to did:plc.
You could use did:plc and just make sure you have rotation keys. That combined with using your own PDS means that even if the PLC ownership went hostile, then provided the community elected a new PLC mirror your account ownership should be unaffected. It might even be unaffected without setting up rotation keys, but I'm less sure about that.
Really the core problem there is your use of did:web - it's more of an escape hatch for various infrastructure corner cases than a serious alternative to did:plc.
Do you see how statements like this lead me to believe that decentralization isn't a serious concern for Bluesky? It's like, don't use the thing that allows you to link your account to a trust root you trust; instead, you should link your account to a totally centralized trust root that Bluesky, Inc. trusts!
When I first brought up concerns about did:plc on here years ago, the response was, "if you really care about that, use did:web." This feels like asserting that one has one's cake after already having eaten it.
You don't have to trust the PLC directory! There's mirrors and auditing and rotation keys. That's the whole point.
Except for the rotation keys, those are tools for making it easier to trust the PLC directory, right? Audits tell you they haven't done anything wrong, which you need, because you can't actually stop them; mirrors are useful so you can, in theory, restore your identity if they do. But every AppView and client still just points at the PLC registry itself, unless I'm very much mistaken.
As for the rotation keys, those are great if another PLC registry springs up and lots of other people start using it, but if not, I don't really see what they get you.
Why weird? It's totally expected that non-Bluesky users aren't allowed inside the Bluesky AppView, otherwise how would they prevent spam or whatever other content deemed evil to insert itself there?
Non-bluesky users are allowed inside the appview. The moderation architecture works in layers, and the details of it are here if you're interested: https://whtwnd.com/bnewbold.net/3m2j6ccx2bs2t
Sorry, but this article says nothing about non-Bluesky users being allowed inside the AppView.
Layered or not, any moderation system is only relevant if creating an account is costly, which requires that the AppView is restricted necessarily.
This is exactly how fediverse server bans work too? With the exception that it's much harder to move between servers or use more than one of them at once.
Yes, Fediverse is very broken in many ways. The only system that has any chance of working is Nostr or something like Nostr.
On the other hand, at least the Fediverse never made grandiose promises or advertised itself as something it wasn't.
The idea that Nostr has a chance of working is laughable.
Hmm... may I inquire why?
(for context, I've recently started looking into decentralized protocols, but haven't been able to figure out the pros and cons of each)
There's a good summary of those pros and cons here: https://shreyanjain.net/2024/07/05/nostr-and-atproto.html
completely centralized in practice
No, no. Now that Blacksky has a full working stack, ATProto is only highly centralized, not completely centralized.
I would like some evidence that Blacksky is running its own AppView (it wasn't last time I checked) and that there exists some group of users who are happily publishing only on Blacksky (and not on Bluesky) in order to concede that it is merely highly centralized, not completely.
But even then I don't know if the distinction means anything. The design is such that the network-effect belongs entirely to Bluesky the company, and even if a miracle happens and the company dissolves and the network doesn't die, the network effect will just be owned by someone else, maybe by the Blacksky guy, it will never be really dispersed and unowned like on Nostr.
You can use Blacksky's AppView by going to https://staging.blacksky.community. One piece of evidence that it exists independently is that Bryan unburned my account from Bluesky after this piece got on HN, but I am still burned on Blacksky's staging server.
As to whether or not there are people who use Blacksky's AppView but not Bluesky's, I hope to be one once the above is resolved, and I'm sure there are a few today, but it isn't in GA yet; there are not many.
I think it's reasonable to call the network centralized socially. It has reached my personal threshold for being decentralized technically.
Blacksky's AppView is apparently opt-in (by going to a different URL), in testing, but operational, last I heard.
I'm finding the choice of font very difficult to read.
I will implement a font toggle in the future, apologies. I promise it's not intentionally grating; I find it very pleasant.
There is something wrong with the rendering of this font in Chrome but I'm not quite sure what.
The page is using a bitmapped font that's supposed to be rendered sharply at a fixed size like the old days, but on visit it stretches out the font and renders with all the standard antialiasing which combines with the size/weight of the font to make everything deviously fuzzy (especially noticeable on busy letters like 'm' and 'w'). Turning on the inspector, the fonts are suddenly rendered sharply like they are supposed to (apart from the bolded elements, which look like they have a fuzzy aura).
The original page of the font renders fine with no problem.
Edit: Disabling the body { margin: 2em auto; } rule fixes the rendering even with the inspector off.
Oh wow, that's bad! That's my fault for not testing in Chrome, apologies. I'll do my best to fix it soon. Thanks for letting me know.
Also, the reader view for iOS renders the Markdown source in a monospace font, which isn’t much easier to read.
Honestly, anyone who has a problem with the font can either just use reader mode, or write a one line rule for Stylus to fix it.
I use this extension for a reason, makes things nicer: https://github.com/bhootd/enforce-browser-fonts
"I would love to use Bluesky, with my own domain name, from my own PDS"
You're not supposed to do that with did:web. You're supposed to do that with a normal DID (did:plc) and with an _atproto TXT record on your domain. Using did:web will bring you pain, and it doesn't really avoid having a central point of authority in control of your account. The authority just becomes a domain registrar instead of the PLC directory.
I evaluate the DNS, which has a large number of registrars and is widely relied on, as less of a likely adversary than the company that runs the PLC directory. DNS is a great example of "credible exit," actually; I used to have my domains on NameCheap, but it got, well, less cheap, so now my domains are at Porkbun.
I absolutely agree that did:web is less than ideal; I'd prefer that ATProto supported, say, did:ipid.
DNS registrars have been hostile adversaries before. Do you not remember the queer.af mastodon server incident?
The PLC protocol is a bit more technically resilient there, since it has a cryptographic audit trail and mirrors that actually do audit it. There's plenty of folks who are planning for a potential PLC hostile exit and improving the infrastructure to make that endurable. I can point you towards their work if you're interested in learning more.
I'm familiar with it! It's fine for your threat assessment to be different from mine, but since I already carry a lot of risk around Donuts, Inc. going evil (who, I will mention, is not particularly likely to be taken over by the Taliban, which is what happened with the .af ccTLD), I don't feel that it's particularly unreasonable for me to continue trusting them as much as I do with, say, e-mail.
I don't really think it's fair to call it decentralized when the authority over your identity could easily and unilaterally revoke it but you think it's unlikely they will, then turn around and call it centralized when the authority would actually have a really really difficult and likely impossible time revoking your identity, but you think it's likely they'll try.
I think we just disagree about who we trust, and that's fine. A key tenet of decentralization, at least to my mind, is being able to choose who you do and do not trust! You don't have to rely on the DNS, and I, ideally, wouldn't have to rely on the PLC registry.
The PLC directory, which is owned and hosted exclusively by "Bluesky Social Public Benefit Corporation"...
No, it isn't. It was spun off into a separate company based in switzerland. And there are multiple independent mirrors of it. Your knowledge is very out of date.
Having seen all of the glorified grift around ATProto, and having done similar audits of it as BlueSky transitioned from invite-only to public, I can't be surprised. This was all a stunt to grift the decentralized web community and vulnerable communities fleeing from Twitter.
The fediverse is the only good alternative. For now.
Written 3 years ago and still : https://ploum.net/2023-03-03-bluesky.html
Still wrong?
ActivityPub wasn't niche at that point, it was the most popular of all the social network protocols that existed. Even Donald Trump's website was based on it. Years before that (relatively) big right-wing sites like Gab and Minds had tried to integrate it (and failed).
At the time you wrote that article Jack Dorsey had already given up any plans he had for Bluesky and lost all control over it. He was much more enthusiastic about Nostr and shortly afterwards he resigned from the Bluesky board. I don't think you will dispute that Nostr is much more decentralized than any of the alternative protocols, so that disproves the claim that Jack doesn't "get" decentralization (to be honest I can't say how much he gets it, but it's certainly more than the AT shills). See https://www.piratewires.com/p/interview-with-jack-dorsey-mike-solana maybe.
But if the main point of the article was just to say that AT can't be decentralized and that all the promises of future decentralization are unfulfillable then yes, I agree. See also https://fiatjaf.com/ab1127fb.html.
i purchased a domain and unfortunately used it for my email ID on government websites, immigration services etc. and now i am forced to continue to own that domain. i would absolutely want all these websites to "burn" my account if they thought my domain switched hands.
this post highlights anti-features of did:web and the Bluesky appview (and of any service that assumes a DNS entry will be held by a single entity for ever), and not atproto!
did:plc would resolve this, i have read your prior blog and concerns over did:plc and i share the same thoughts: it is not a DID method that is presently decentralized, but this is changing. bsky is letting go of ownership over PLC. there are clones of PLC. it is possible for users to run these clones, verify and apply each identity operation happening across the network. and it is possible for implementors to depend on these clones for DID/handle resolution.
this post highlights anti-features of did:web and the Bluesky appview (and of any service that assumes a DNS entry will be held by a single entity for ever), and not atproto!
One of the main things that went wrong was Bluesky’s protection against domain ownership changes was triggered by something other than a domain ownership change, and the domain became unusable with Bluesky.
sure, that is an implementation hole of Bluesky (and a design hole of did:web)
bsky was being too conservative in detecting this (a deleted account came back up on the same domain, and thus "burned").
i'd argue that false positives here are much safer than false negatives.
ATProto, and specifically Bluesky, is the same; I have friends who don’t post anywhere else. Today, I follow them by RSS, but can’t interact with their posts.
FYI, there is a bridge service now which includes 2 way interaction with Mastodon: https://fed.brid.gy/
Thanks for mentioning it. I had believed that my instance didn't federate with bridgyfed due to their not having an opt-in consent policy, but that appears to not (no longer?) be the case, so I'll ask my admin to give it another look!
I use lots of systems I don’t love, like Signal, Matrix, and Mastodon.
I don’t like Bluesky, or ATProto; I wish we lived in a world were community-driven projects got megabucks and we were all self-hosting little social media servers for our communities.
This seems true.... does somebody have a public list of wishes and requirements and of problems with existing solutions so the next iteration can be better?
Jesus, that blog is hard to read. At what point is one just torturing the reader?