And once you go to the site, your browser will remember it anyway so you don't need to type the monstrosity.
Or is it a really bad idea™?
so to offer it for free means somebody has to subsidize it. letsencrypt can operate because big companies with lots of money want their ads to be delivered without being intercepted by an ISP. what's the motivation for anybody to subsidize free domains?
Supporting DNS all up should be possible but organizing the other decentralized services (compute, storage) is the hard part
The decentralized services need not be attached to some blockchain due to the resource constraints. But there are examples like Filecoin and such.
I guarantee you I can store and make available over DNS the less than 1 KiB of data for less than a penny a year.
Instead of free, charge a flat $1, put it in long term US treasuries at 5% / TIPS at 2.5% and you’ve covered your hosting costs forever. The principle will never need to be touched.
https://github.com/topics/free-domains
Another thing, the thing that you mention is really similar to how tor onion links work... Except they offer encryption and prevents MITM/any other ways while still having your ip hidden.
Another idea which I use sometimes is to use something like cloudflare tunnels or ssh forwarding with things like serveo.net or any ssh based remote forwarding in general like pinggy or even ngrok.
If you are using this in some internal thing, I can also suggest something like piping server which I really like and I want to build something like a web browser tor-onion links esque but on top of piping server, its really really cool
You're essentially talking about IPv6 addresses.
Interestingly, most residential ISPs these days already issue your home network an IPv6 /64 or better! But they (sadly) just firewall off use of most ports that residential users have no purpose for — on my own network, even if I configure my router to allocate each machine on the network a public-routable IPv6 address, the only port the network (not the router!) is willing to allow non-established incoming flows to is 22/tcp.
But even if they worked, they'd still be ephemeral. At best, even if your ISP keeps the allocation the same, you'd lose it if/when you switch ISPs. (Similar problem to ISP email addresses.)
The real key here, would be if someone was freely giving out tiny slices of IPv6 https://en.wikipedia.org/wiki/Provider-independent_address_s... to individuals; and there were hosting providers / residential ISPs willing to add BGP routes in their ASN for these tiny prefixes. Then you could have a stable and portable and free IPv6 address for life. (It's certainly possible in theory, just not built yet — similar to how LetsEncrypt was "certainly possible in theory, just not built yet" until it was built.)
---
That being said, if you really want this to be DNS (not sure why; if it's not a short memorable name [and thus inherently competed over by typosquatters], then DNS is the wrong tool for the job), then you could do what systems like ngrok do, but directly serving those dynamic records as domains under its own gTLD, rather than serving them as subdomains under a domain. Maybe with each domain getting its own DNS zone and everything. That'd certainly be neat.
Note that way back when, the .me ccTLD sort of did this — they gave away .me "domains" for "free"; but with all web traffic on those "free" domains being intermediated by their L7 reverse-proxy servers, where they'd inject ads into any delivered HTML pages.
This is basically where did:plc comes in, for atproto. https://web.plc.directory/ provides free ID numbers. For example, mine is https://plc.directory/did:plc:3danwc67lo7obz2fmdg6jxcr .
Your domain then uses a txt record to indicate that you want it to be associated with that particular did:plc.
If you drop the TLD part though, you can do whatever you want with any domain you want, up to and including handing out free subdomains to anyone who asks. As usual, though, if you try to do this, the dark internet will make you regret it as one day, quite suddenly, you'd find you were hosting the DNS of some massive scam email or other, or any of who-can-even-enumerate ways of making you sorry you put this service up because of their abuse of it. Just like anyone can make a URL redirector, and many people even use it as a sort of "learn this language project" but if you actually put it up online you will rapidly regret it.
It's a bummer and I'm not celebrating this fact, but, yeah, it's not something you want to do.
DNS is not a sybil resistance mechanism
Special networks can do as they like, but then they won't be DNS.
Facebook sued the operator (Dutch company called Freenom) for facilitating phishing and now we can't have that anymore.
https://en.wikipedia.org/wiki/OpenSocial
It was a complete disaster
Apparently I wrote about it a fair bit back then, mostly noting how confusing it all was: https://simonwillison.net/tags/opensocial/
If the answer is that most people should just make a bluesky account, that defeats the whole purpose because then everyone will still be on one or two large providers.
This also completely misunderstands the architecture. Things don't hinge on the relays at all and they don't act as routers.
There isn’t such a thing as “Bluesky getting federated” — that doesn’t on its own mean anything. In Mastodon world, “getting federated” means many copies of the same webapp emailing each other. In atproto, you don’t create many copies of the same app. Instead, it’s shaped like the web — individual users can host their data in different places, and apps aggregate over that data. There’s no point in having many copies of the same app.
The BGS server you’re referring to is the “relay” mentioned in the article. Running your own relay is possible (Blacksky does it, as mentioned in the article). It costs about $30/mo with the current traffic. However, note that a relay is very dumb (it’s just a retransmitter of signed JSON over websocket). It’s cool that anyone can run one but by itself this isn’t a vanity metric to chase. We’ll probably see more independent relays but usually someone would run one for a reason — to insulate a company or a community from upstream failures, or maybe to censor things (in repressive governments).
If I'm going to delete my Facebook/Instagram account then why am I trying to pick up a new drug to replace it?
I think many people find social media useful. If you aren't one of those people, fair enough. But not everyone is angry and addicted all the time.
I'm not going to claim that social media can't have negative consequences for young people, lots of things do. But the hyperbole behind the discourse makes it obvious there is also a moral panic at work. In every case, technology is blamed for a failure of society's responsibility to educate and raise children properly.
There is not a whole lot of scientific evidence for it being good from what I understand.
I would also argue that if you broaden the definition of social media too far you’re not really talking about social media anymore. Calling your friends on Signal isn’t “social media.”
And the definition of social media is broad. I would argue Signal is social media. It lets you form social networks, chat and share different kinds of media. That's all social media is. Social media is more than Twitter, Facebook and TikTok. And I have trouble with the argument that being able to form social networks and share different kind of media is somehow ontologically evil. There are hundreds of social media platforms around the world and countless apps integrating social features, but only a few American platforms seem to be a problem. So maybe it isn't "social media," maybe it's American culture and Silicon Valley capitalism.
The addiction loops, surveillance, data mining, radicalization through algorithms promoting extremist content, etc. aren't fundamental to what social media is, they're aspects of how specific social media platforms have been implemented. It is possible to have social media without all of those negative externalities.
The Bsky team regularly highlights other apps, custom feeds, and moderation choice
The end user just sees they can subscribe to a moderation list that hides any post labelled as "Beans", or that they can have a feed next to their Discover feed that's an endless stream of people getting ligma'd.
Or that they can use their account to log into a seemingly unrelated site.
That’s also why it frames the benefits in the concrete way that shows up in the products — like products being able to riff on each other’s data.
My audience for this article is slightly technical so I put some focus on the technical parts. I don’t try to avoid mentioning the “protocol” for the same reason why teaching to make websites involves mentioning HTTP.
I 100% agree with you though and that’s important for broader communication. What people care about are good products.
I'm a bit concerned that the open web only won because of first mover advantage. What gives me hope is OSS winning.
I'd love to see something like atproto win though. It's clear that a major issue with social media is network effects preventing better apps from becoming popular.
One thing ATProto does is enable real competition in social apps, assuming they all run on the atproto fabric. One of the core hopes is that we can get everyone over to something like atproto once, to get them out of the silos, such that this is there last time they have to "move" their social network
Oh how times have changed. . .
On one side I find these ideas extremely compelling. This is aligned with the Indie web body of work, that pictures anyone having a personal website of their own content and ownership over that. And this page an article are beautifully put together.
On the other hand, we haven’t really seen a lot of developers adopting these standards for their own projects (like using this for their personal website or open source project). Nor from casual users (including people who make their own blogs and websites).
I am deeply concerned about the apathy people have towards the idea of ownership, openness and interoperability. It gives the idea that people just want to be fed TikTok and Instagram reels.
I respect the vision and the work. Will personally see if we can use this for our work. But I wonder how we make this into something that’s not just a micro niche hobby.
One never knows, but for sure it won't happen when we do nothing.
There are several protocol components you can run independently, each filling a different role and having different complexity levels
If you mean the PDS, not sure if it is simpler than the unknown point you are looking to compare against. Bsky did just announce that you can migrate back to their PDS hosting to make trying out alternatives a one-way trip
I know we can do all this by just posting to Bluesky. But I want to give usernames, host the data on our end, and I’d prefer using the protocol but not be directly associated or dependent on Bluesky.
1. Run the PDS, many people who would not group themselves with technical folks do this. (data hosting, handles)
2. Use or create an alternative client app, depending on if you want to intermingle Bsky data
3. Relay, moderation, algorithms. If you want to divest completely from Bluesky, there is more to run. If you build your own lexicon, you have to do all the moderation and algorithms, among the many other things.
There are also a couple of discord channels and even a server for PDS self-hosters
Can you expand on this feeling? Why is it deeply concerning? Why should people care about the abstract concept of data ownership? People were totally fine when they had zero ownership or agency over media and they were fed TV, books, movies, radio, etc. Most people do just want that, their primary motivation to engage with media is just to be entertained in that moment.
Now that they have places where they can publish stuff and their friends and family and maybe even some other people might see it, why should they care that they don't "own" their Instagram post, whatever that means?
No I think it's predicated on creating a product that people like to use. That's the Step 1 that OSS zealots miss when they focus entirely on these niche lofty ideals. I highly doubt the average Instagram user is yearning for - or would even be enticed by - a version of that same experience that has a lower exit cost.
That's the problem with these Twitter clones. "It's just like Twitter, but RESPECTS your data ownership" is not compelling. Just create a freaking compelling and original user experience (the actual hard part that made the big platforms successful) and secretly do whatever you want on the back end.
The entire value of a social media platform is in the network. Accumulating and maintaining one is the actual hard part that made the big players successful.
None of these platforms started with a network. They weren't cooked up by evil investors and MBAs looking for a rent-extraction scheme. Nor were they designed by a committee of philosophical experts saying "oh we'll just copy their thing and make it more esoteric and confusing so that maybe one day we can aggregate content from 14 competing Twitter-like platforms and you can switch between them whenever you like!" They were started largely by kids goofing around and making fun things for people.
Your question:
> why should they care that they don't "own" their Instagram post, whatever that means?
From the article:
> The web Alice created—who she follows, what she likes, what she has posted—is trapped in a box that’s owned by somebody else. To leave it is to leave it behind. On an individual level, it might not be a huge deal. However, collectively, the net effect is that social platforms—at first, gradually, and then suddenly—turn their backs on their users. If you can’t leave without losing something important, the platform has no incentives to respect you as a user.
Your question:
> can you give examples of good and bad incentive structures in this context?
From the article:
> Maybe the app gets squeezed by investors, and every third post is an ad. Maybe it gets bought by a congolomerate that wanted to get rid of competition, and is now on life support. Maybe it runs out of funding, and your content goes down in two days. Maybe the founders get acquihired—an exciting new chapter. Maybe the app was bought by some guy, and now you’re slowly getting cooked by the algorithm.
> Luckily, web’s decentralized design avoids this. Because it’s easy to walk away, hosting providers are forced to compete, and hosting is now a commodity.
I think you’re right that the average person doesn’t care so much as they just want to be entertained or reach a large network, but apathy is not an argument in favor of the status quo.
At this point my argument is that the ability to switch providers is not a major concern to most users of these platforms. I don't want a generic social media hosting provider. I want the Facebook experience, or the Instagram experience, or the Twitter experience. I'm happy to be in the garden and on the rails because it's easy and tightly curated. I don't want some Frankenstein amalgamation of data from all these things. I don't want to shoehorn my Instagram world into something else.
People that really want to preserve and archive their content find a way to do it and manage it separately. I have all the pictures that I've posted to Instagram. I have anything I've written that I cared enough to keep. If and when IG dies or I move onto the next thing, am I really going to want to meaningfully preserve and transfer the specific contents of that walled garden somewhere else? Maybe. I can definitely see the value, but it doesn't seem super compelling to me yet.
There is something to be said for the uniquely curated walled gardens and the centralized trust and organization and opinions they bring. When I started an Instagram account, I didn't want to transfer my Facebook world, it's a new world with a fresh start. I didn't want the same friends, the same voice for myself, etc. I certainly wouldn't have wanted to dig through all of that to figure out what made sense to carry over.
And yet, I don't lament that 10-15 years of my online life have "vanished" - I was an ignorant little snot back then, and actually, am VERY glad they HAVE vanished. And thankfully I've generally used aliases / usernames instead of my actual name in most places (other than the usenet posts that were from my university account) so that wayback can't be used against me easily. Heck - I wish I could assert/enforce a "right to be forgotten" (vanish) on some websites. Rarely have I wished (especially in this current administration) that I was MORE visible / persistent online.
Disagree. The punk phenomenon was largely about reclaiming that ownership and agency over cultural output, and it was massive in the 70s/80s/90s. The early web was very punk in attitude, with people basically self-publishing. Even in the '00s, there was still a clear distinction between "corporate" portals and grassroots.
This phenomenon where even creatives and intellectuals are Just Fine with playing in someone else's heavily-tweaked, hyper-monetized sandbox, is a new development.
But there's a lot of work developing on that front, and the next 6-12 months will be super exciting to watch.
The longer story is that most people don't understand that ATProto is more than just Bluesky, and the usecases are wayyyyyy broader. That's going to take more time to play out in the market.
Basically our thing would give that ecosystem the ability to have personal pages that can look like Patreon, YouTube, Instagram and others
I’d prefer running our own thing separate from bluesky. We’d give people something like username.page.app and they’d make posts there. If people wanna follow on bluesky they can, and we provide a username that’s just the url.
I know we can do all this by just posting to Bluesky. But I want to give usernames, host the data on our end, and I’d prefer using the protocol but not be directly associated or dependent on Bluesky.
I know we can do all this by just posting to Bluesky. But I want to give usernames, host the data on our end, and I’d prefer using the protocol but not be directly associated or dependent on Bluesky.
> or dependent on Bluesky.
If you want to take this to an extreme, and are uncomfortable with how did:plc has not yet moved into its own org, then you'd want to also run your own plc server, etc. The problem with doing this is:
> If people wanna follow on bluesky they can
You lose this. Because you're now not running on the main atproto system, but instead a fully parallel one of your own.
Anyway, you could start on this by running a PDS via the reference implementation here: https://github.com/bluesky-social/pds and then building your own appview (application).
You could also take a look at Blacksky's implementation https://github.com/blacksky-algorithms/rsky and if you end up using it, consider throwing them a few dollars. Alternative implementations are super important!
We already built our own platform independently from Bluesky, so we have a timeline in the wrong post and everything. I’m just trying to give our users into opera ability. So that when they make a post on our platform, people can also follow your Bluesky and see on their timeline. Am I correct to assume then that we would not require our own app view?
> Am I correct to assume then that we would not require our own app view?
Well, given that you have built a platform, and you then want to interact with the atproto eocsystem, that means you'd be making your platform an appview, in a sense. An appview is just a service that reads the underlying data from the network and does something useful with it.
Can you also do one for NOSTR?
The functioning is similar, albeit there is no need for hosting user data since it can be sent to multiple relays and live reachable to others from there.
Thanks in advance.
Quite a lot of food for thought today. Thank you for that.
Lost me right there. Open source is the infrastructure that powers closed cloud. None of the openness makes it to the end user. It only benefits highly technical users and businesses.
Open source was made irrelevant (to non-technical users) by the shift to services and cloud.
In theory additional dids could come into existence too, those are just the two that blueksy supports at the moment.
It’s worth noting that PLC can’t fake your data because each edit is recursively signed. So you can verify a chain of updates. However, PLC can in theory deny you service or ignore your updates.
Also someone from Nostr made a tool that let you upload image files and encode them (split into parts) into plc directory records…
> Your goal here is to make the best YOUTUBE videos possible. That’s the number one goal of this production company. It’s not to make the best produced videos. Not to make the funniest videos. Not to make the best looking videos. Not the highest quality videos.. It’s to make the best YOUTUBE videos possible.
When I glance at the Bevy discussion link you shared, my reaction is:
> Your goal here is to make the best GITHUB OPEN SOURCE game engine possible. It's not to make the most performant game engine. Not to make the game engine that powers the best games. Not to make the best looking graphics in a game engine. Not the highest quality game engine or game editing experience. It's to make the best GITHUB OPEN SOURCE game engine.
That sounds awful if applied to Bevy, and seems you misunderstand what "Mr. Beast" is trying to say.
They're not saying make the best game engine, but make the game engine that would do best by GitHub-popular metrics, which is absolutely the wrong way to go.
I hope they continue to simply make the best game engine available, as before, and ignore useful metrics or focusing on where it's hosted.
Bevy is still incomplete as an engine. AFAIK there's only one commercially successful game made with it, Tiny Glade, and it doesn't even use Bevy's renderer but a custom one.
Yet the Bevy developers distract the project with essays and debates about the politics of their federated social media presence. You don't need that to build a game engine, but you do to build a "GITHUB OPEN SOURCE" game engine. I don't think there's anything inherently wrong with it, but that's clearly the focus here.
Yes, but the misunderstanding I'm trying to point out is that Mr Beast is not trying to create something of value, they're trying to create something that works well on a specific platform.
In the Bevy analogy, that would be creating a GitHub project that gets the most stars, regardless of how useful or well the engine itself is working.
I'm instead saying the same thing as you, they should continue focusing on building the greatest engine, regardless of the platform for hosting the project.
If Bevy were to follow Mr Beasts advice, they'd focus on flashy demos, engaging READMEs and so on, to increase the success on the platform itself, instead of focusing on the engine itself, which from following their direction almost since inception, they're doing a pretty good job with already.
For another thing, even if there aren't any other specific effects that are desired, there still might be some that are specifically not wanted, and avoiding those might be important. Mr. Beast is a exactly the type of example that demonstrates this point; by focusing on making the "best" YouTube content as measured purely by popularity, he's done all sort of things that someone might very understandably want to avoid. I agree that he's not confusing, but that's not the issue with him. He's extremely transparent in how little he cares about whether what he does actually helps anyone other than himself (or if he hurts other people in the process of helping himself). I suspect this is quite different from the mentality of most open source developers, who are putting in personal time and effort towards contributing to something that realistically has little likelihood of direct personal benefits for those involved. What you're perceiving as a lack of focus comes across to me as having the humility and thoughtfulness to try to look at the big picture and understand one's actions in the context of a larger environment that isn't improved in the long term by pursuing a single narrow goal to the exclusion of literally everything else.
Of course I understand these are different things. Bevy is not at all competing with Unity.
Because Bevy is trying to be best GITHUB OPEN SOURCE game engine. I’m just trying to be a little jocular about how… you know, I didn’t say unfocused, but surely it seems a little silly to write 3000 words in response to a community worried about which open source social media federation protocols to adopt. That giant thread IS the product, it makes perfect sense from the POV that Bevy is trying to be the best OPEN SOURCE GITHUB GAME ENGINE, in the same way that Mr Beast is making the best YOUTUBE videos or Egyptology professors are making the best EGYPTOLOGY writing or painters are making the best PERSONALLY MEANINGFUL FINE ART or whatever. I like Bevy!
Unity and Unreal also have billions of dollars in funding
You're the only one saying this. No one else, including the person working on the project that you originally responded to, have claimed this is their sole goal to the inclusion of everything else. It's hard to tell if you think they literally don't care about anything else but are choosing their actions poorly, or if you think that they have the wrong priorities and should change them, or if you just didn't really stop to consider that maybe your assumption about what you're saying they're trying to do is incorrect and haven't read what I'm saying closely enough to understand that no number of examples of other things that happen to fit what you're saying is relevant if you aren't able to establish why anyone else should agree that it applies here in the first place.
I agree, but why not also apply the same logic to the other two communication platforms you are using (Discord and GitHub)?
Aside, this infuriates me - "here's our open source project/website, join our Discord!" (even Lemmy instances). sigh
One point I disagree on that's also mentioned in the replies: I don't think a global state should be seen as necessary or even desirable. Sure, it helps people who optimize for clicks/likes/attention as a business model But that shouldn't be the only concern. Having some degree of uncertainty around the global state can help reinforce a healthy skepticism towards what you're seeing in general. The 'correct' global number of upvotes on a post, or the majority of what has been said about a subject might still be manipulated to the point of being essentially fake. Optimizing for virality is not desirable if you think of the platform as a public good. Think about what it has done for the centralized platforms, and the consequences it's had in the real world.
This is why Bluesky could never have "private likes" in the same way Twitter or ActivityPub does—every AppView needs to track the like counts of every post in the network manually. It's a huge hassle! I just don't see this architecture winning out in the long term, when compared to the AP feed-subscription architecture.
primarily because multiple programs can access the same identity
We are currently working on something based on https://fedify.dev
Would you consider that can provide more complete AP functionality?
I've thought a lot about ATProto and integrating it in similar ways. I'd love to have a look at what you're doing and how. The struggle I have is that I think the ATProto repos have a fairly strong cryptographic structure compared to AP
If someone requests an object over AP, that object contents can come from anywhere easily, and can be signed easy. So for me, when someone requests an activitypub object of one of my notes via fedify, it just reads the truth from my markdown note files and returns it. If I edit my markdown files, it's no real issue, the next request gets the latest version of that markdown (there's some signing nuances in places, but it's generally straightforward)
With ATProto PDS and repositories use things like Merkle Search Trees and other things which I assume means the backend data needs to be a lot more... consistent. Like the data has to live in the PDS, and that has to become the source of truth to maintain the merkle structures, including updates.
But with AP via fedify, it feels super easy and nice for my source of truth to be whatever backend store I like (markdown notes).
I've done enough with crypto to see the benefits provided by the transparent verifiable history of merkle like structures, but honestly, this is social media not cash: I don't care if someone wants to subtly change something to manage how they come across with their own social media. In that respect, I feel the ATProto repositories overcomplicate things a bit.
A true "ActivityPub server" is almost as simple as a Bluesky PDS—all it's responsible for is 1) storing blobs of data, 2) fanning out subscriptions and 3) collecting incoming data for you to view. In the original way ActivityPub was designed, all of the actual data presentation layers—Mastodon, PeerTube, Pixelfed—were designed to be specialized clients that could communicate with the user's generic server. However, the first popular implementations cut out the client-to-server part of the protocol, so now we're stuck in a place where everyone thinks ActivityPub means you need a separate identity for every client application.
So, what I would recommend for your own username/password site is implementing an ActivityPub client, and recommending that users use it to connect to a third-party ActivityPub server. That way, the user owns the data, and they simply use your service to get access to (filtered version of) it.
Unfortunately, since this is a less implemented part of the protocol, the client APIs necessary to make this a reality haven't seen much development. And you're facing an uphill battle for user adoption. In practice, users don't seem to mind having separate accounts and identities for different clients. It reminds me a bit of the "key management problem" in e2e cryptography. Having a stable cryptographic identity is doable if you're technically minded, but most people just muddle along and don't really care about it that much—they create new keys every time they get a new laptop instead of trying to figure out cross-signing, and everything works itself out more or less fine.
I didn't know "private likes" even existed, but if atproto includes public key encryption, I could publish a record containing a "like" that I have encrypted with the "liked" user's public key. Only that user would know what the record contained. Though, the fact that the encrypted message exists and had a cleartext "@name" is itself informative to adversaries. Concealing that level of info would require other measures.
Why do you think that's different in ActivityPub? As far as I know there's nothing preventing (for example) Mastodon and Pixelfed using the same identity.
This is clearly a wild claim that almost undermines the rest of the argument, but to the extent that we can accept that there are open source software packages that decision-makers deep in that industry will reliably choose for their business...it's not clear how this revolution will extend to "regular people." They just want easy. Make something as easy and fun as Instagram. They don't give a crap about all this, they don't want to think about it.
Either way, with social, and the network effects required, you’re targeting end users. The widest net with the lowest common denominator. Whatever success open source has had among people that live and breathe these issues every day is not replicable there.
I’m probably coming off as just a hater or anti-open source or something but I’m really not, I just feel like there’s a certain perspective that is a lot more niche and esoteric than its proponents realize.
https://kyefox.com/nobody-cares-about-decentralization-until...
- Social today is not healthy
- Single account instead of N
- All apps keep your data in your database
- User level choice over apps, algos, moderation. Esp algos, my social media usage patterns have changed for the better since I started using custom feeds
- Real competition in social media
- Take back our shared digital experience from a handful of billionaires deciding everything and keeping us locked into their attention economy
There's a space here where we can move from nobody having smart phones or hosting digital presences -> everyone having digital presence provided by Facebook/Instagram, and icloud/google accounts -> Accounts w/ something like ATProto where its your stuff, you get to decide where you keep it, and you get to decide who gets access to it.
That OpenAI timeline thing that just launched is more better approach, it solves content problem by just gathering data in background and feeding it to the user anyway. That particular implementation might not work but it sounds correct.
IMO, not much of value of Twitter for most users is in ability to post tweets, it's in data bandwidth. 99.9% of users don't post anything interesting, those might as well be local text file or oit of band shared filler content. The value is in content sourcing, so something like multi-social RSS reader with optional P2P should be the way to go. Just IMdimO, though...
The problem with client-side P2P is you can’t do large-scale aggregation with consistency. Large-scale aggregation with consistency is what normal people expect from social apps.
Re: the OpenAI thing you mentioned, that's actually a perfect example of something atproto excels at. Since the data already exists in the network, you can crawl/index it and run your own tooling that does something proactive on cron jobs etc. See https://github.com/graze-social/iftta for some initial work in that area.
They come up by doing something unique that can't be done on older platforms.
The mode of interaction between users was wildly different from one to the other.
You may be considering their convergent evolution not what caused their rise in the first place.
Here's a selection of things built on the protocol: https://nostrapps.com
I would’ve preferred starting off in an empty room, an experience more like using signal.
Are you asking for an application that does not have other kinds of feeds?
1. Because open social has to actually compete for a user's business, any sufficiently mature platform build in the ecosystem will necessarily trend towards being more responsive to those users needs, which will trend towards a better product than the legacy crop,
2. Precisely at a moment where governments lean on large, visible corporate entities to enact desired policies, splintering that ownership helps ensure a resilient communications network
Lots of people there to direct you to specific resources
In the future, the plan is to also enable some types of private data on the protocol. See these recent notes from Paul on the state of things:
Links to my own efforts on this
- https://github.com/blebbit/atproto (fork)
- https://youtu.be/oYKA85oZc8U?si=DIf09hu8-REw-yHj&t=3758 (presentation I gave last week)
One of the beautiful (but perhaps not that practically relevant) things about ActivityPub is that a Mastodon user can subscribe to a Pixelfed user without anything special being done. It's like if Twitter, Instagram, Reddit, YouTube, and Substack all automatically interoperated.
ATproto's system is a bit more well defined (you HAVE to abide by the lexicon/schema of the data collection to be accepted by implementations, reference implementation and some third-party ones have schema validators to do so) and allows for easier intercompatibility, but I do think that it could be a bit looser than it is right now (selective support for additional fields) to provide proper "sidecar" values in a record (they'll be in the user's PDS but it won't validate and could be rejected by indexers). Bridgy Fed does this to include the originating URL from APub and the original text, which third-party clients could certainly take advantage of if they detect that the post comes from a Bridgy account. (https://fed.brid.gy/docs#bluesky-fields)
In the long-term, ATProtocol will be separated from Bluesky the company and end up as a standards and in some shared governance structure
You can be as cynical as you like but I actually tried hard to avoid tech jargon in the article. I’d appreciate you giving it a read — happy to answer questions or discuss specific concerns.
The arrows do seem to imply that commenting on my posts goes into my repo, but I'm sure that's just an imprecision trying to express an idea. The whole thing seems very cool and decentralized.
When I went to see what it takes to run a separate PDS on AT, though, I see that it's all nice and packaged up and has certain assumptions:
1. It takes care of SSL etc.
2. It will stand up HTTPS/WSS servers to handle a bunch of RPC
So in practice, you don't get https://roshangeorge.dev and at://roshangeorge.dev because for the latter you kind of need https://roshangeorge.dev/xrpc and wss://roshangeorge.dev
Therefore, you probably end up with https://roshangeorge.dev and at://at.roshangeorge.dev and then you can run https://at.roshangeorge.dev and wss://at.roshangeorge.dev
All minor stuff and doesn't take away from the main point, but it was a thing.
Also at:// URIs are of the form at://DID/..., and your human readable handle is bound to your DID through DNS TXT records _atproto.roshangeorge.dev, but applications all know to render that as just roshangeorge.dev. That DID points to a document that specifies where your server lives, so the HTTPS/WSS routes can live wherever you want them to.
Also likes/replies/etc on your posts go in their authors repos not yours, your intuition is correct there.
The way I used arrows might’ve been a bit confusing because I use two types of them.
The solid ones pointing from @alice.com downwards indicate ownership. They’re the same thing as grouping by color. All blue stuff is Alice’s.
The dashed ones pointing between records are links. Those are equivalent of <a href>. Any record can link to any other record, no matter which repositories either is in.
When you comment on someone’s post, your comment goes into your repo, but it has a link to the parent post (which may be in any repo). That’s usually how you want to represent it in the data model so that anyone indexing both records can reconstruct the relationship.
In the example, Bob comments on Alice’s post. So Bob’s comment is in Bob’s repo and Alice’s post is in Alice’s repo.
To clarify your specific point, a person commenting on your post will create record in their repo. In fact one can never create records in somebody else’s repo. That’s the central premise.
Hope that makes sense.
Also not totally clear to me (apologies if I missed it in the post) is where repositories live, I have a bsky account with my own domain, but I am not running anything to host a repo. Am I correct in assuming that bsky is hosting my repo, but I would have the option to self host or move it elsewhere and continue using bsky?
When it receives a post, it creates a row in the Post table. When it receives a comment, it creates a row in the Comment table, which has a column pointing to the Post it's replying to. Then, getting all comments under a post is easy SQL.
About your second question: yes, you're correct. What handle you use and where your data is hosted are completely separate matters.
It would be expensive if you don’t do your own aggregation. The recommendation for social atproto apps is to aggregate the records you care about into a local database and essentially build your app-specific index/cache of the network.
Ctrl+F to this part: “Coincidentally, that’s the exact mechanism you would use for aggregation. You listen to events from all of your app users’ repositories, write them to a local database, and query that database as much as you like with zero extra latency.”.
(One interesting consequence is that indexing the network can also be done by someone on your behalf, see https://slices.network/ for an upcoming experiment in that area.)
> Also not totally clear to me (apologies if I missed it in the post) is where repositories live, I have a bsky account with my own domain, but I am not running anything to host a repo.
Yeah, Ctrl+F here: ”Note that https://alice.com and at://alice.com do not need to resolve to the same server. This is intentional so that having a nice handle like @alice.com doesn’t force Alice to host her own data, to mess with her website, or even to have a site at all. If she owns alice.com, she can point at://alice.com at any server.”
You can inspect where at:// points for your handle in an online browser like http://pdsls.dev. If you put your handle there you’ll see the physical server it resolves to at the top.
Presumably you signed up from Bluesky so yes, Bluesky is hosting your repo by default. You can move it somewhere else with no disruption. See https://whtwnd.com/bnewbold.net/3l5ii332pf32u for how to do this from CLI and https://pdsmoover.com/info.html for something less technical.
I just can't help but think that the whole ethos of Open Social Media is misguided. I think that social media isn't good for us -- not just because of the big companies making it worse, but because the technology itself doesn't promote health.
It feels like trying to make cigarettes open-source. Sure you can stick it to big tobacco but at the end of the day you're still making cigarettes.
1. 99.99% (literally) of AT users are on Bluesky, which is helmed by a for-profit corporation. The argument is that they don't control the protocol but considering it is THE dominating instance of that protocol, what's stopping them from strong-arming the protocol and changing how it works to benefit them? Better yet, what's stopping them from doing a rugpull and closing off their open service? What if bluesky decides 5 years from now that you aren't allowed to move your account? This isn't some hypothetical scenario, this already happened before. A lot of social medias started off with fairly open features and APIs and slowly choked them out for profit.
2. Users don't really care about protocol, they care about momentum and userbase. Piefed/Lemmy/Mbin are all popular-ish Reddit alternatives using AP. It was already a struggle to reach a point where posts could get over a hundred comments a day, how are you going to convince people to move to another platform again? I'm worried this will just end in splintering an already niche community and cause people to just give up and go back to using popular platforms.
Being able to move accounts is a very neat feature but it's not a reason enough to move. You can already export your settings and make an account on another instance in 20 seconds then import your settings again, which would bring back your subscriptions and blocks and all you set up from account 1. To me it's not a huge deal.
See also: https://arewedecentralizedyet.online/
[1]: A fediverse Reddit alternative, e.g https://lemmy.world/ and https://programming.dev/ . See also Piefed which I think is better nowadays https://piefed.social/
But you have the fact that this is the Internet, and somebody will have archived your post no matter what you or your host instance does. So you can rest assured that whatever you wrote on Mastodon is out there somewhere...
Instances don't work like they do on mastodon. There's not really a "dominating instance" in the same way. Heck, even within Bluesky's infra, there are multiple PDSes. Basically, stuff is layered in a different way (which the article shows the details of) and so talking about the structure of things ends up working differently.
> what's stopping them from strong-arming the protocol and changing how it works to benefit them?
This is absolutely a real concern. I believe they have shown themselves to be good stewards, and they also recognize this concern. As the ecosystem grows, this will be fixed.
> Better yet, what's stopping them from doing a rugpull and closing off their open service? What if bluesky decides 5 years from now that you aren't allowed to move your account?
This is built into the protocol! You can back up your CAR file and move it to another host without the approval of your current host.
> You can already export your settings and make an account on another instance
This doesn't work on masto to the same degree as atproto. You lose a lot of stuff when you move on masto, but it's 100% transparent on atproto.
Can i run multiple PDSes with my own single identity to not give one provider exclusive power over access to "my" data?
>Can i run multiple PDSes with my own single identity to not give one provider exclusive power over access to "my" data?
Not really since there has to be a source of truth where the writes happen. I guess you could manually replicate changes between multiple servers but there still has to be one that applications know to talk to. I'm not sure what problem it would solve. This seems similar to "can I have multiple deployments of my site" — you sure can, but you might as well deploy it elsewhere when you actually plan to point to it.
There’s middle grounds here; for example, due to some recent moderation decisions, some users have decided to move away from Bluesky PBC-run PDSes and to self hosting. Those users did not need to proactively backup to move. The proactive backup cases are things like “Bluesky PBC’s servers disappear suddenly” or “they ban your account.”
I don’t think you can run multiple PDSes, but since it’s quick to move the canonical version, I don’t see that as a huge drawback personally. In the same way you’d fallback to the secondary if the primary turns out badly, you’d set up a new PDS and point your identity at it.
The problem is a social not a technical one. It doesn't matter how good AT Protocol is at account migration. The vast majority of AT Protocol users think of themselves as Bluesky users and don't even know what the AT Protocol is. If the official Bluesky clients move away from the AT Protocol, the majority of users are moving with Bluesky.
For all the UX concerns people have with Mastodon/ActivityPub, at least they make it obvious that different users are hosted on different instances, and no one instance has more to gain than it does to lose by defederating.
Think about the Twitter exodus to Mastodon and Bluesky. Now imagine the same thing happening, but with one player saying: Come here, we have all the profiles, posts, feeds and likes and can promise, your data is still yours, when we decide to go rogue (maybe think about this marketing message again).
How have they shown theyselves to good stewards? Its barely been popular and no where near the point where they can start enshitifying it. All the PBC talk is empty and they still maintain complete control.
Maybe it's because I don't like monster of the week political drama, but I still don't see a reason to use them instead of Tumblr, Pinterest, or even TikTok.
That's why I mostly use Lemmy/Piefed because everything is neatly organized into communities that you can subscribe to. I mostly browse tech & gaming communities and my feed is very chill.
I wish that were also my experience with Lemmy. Even the communities and posts not focused on American politics are often about American politics. Discussion quickly devolves into some pretty extreme (and often violent) leftwing American political rhetoric. I understand Piefed can block whole instances, so maybe I should try that before I give up.
It really depends on who you follow. Almost all the talk I see is tagged with #uspol so I could easily filter it out, but even without it, it's not the dominating topic.
* Usually spoilered with "${local_country_code}POL"
Web and websites did the heavy lifting of instant and world-wide information sharing.
With social media, open or closed, there are many non-obvious tradeoffs; I am not sure whether on the whole, we are better off with or without them - time will tell
I want both to thrive, but I prefer AP for small communities.
If you want to fully run a full copy of everything yourself, it's going to be more expensive, sure, but those costs have gone down dramatically over time. The most expensive bit is running $34/month: https://whtwnd.com/bnewbold.net/3lo7a2a4qxg2l
The AppServer, if you want index the full bluesky network (39M users) will run you about 200-300 dollars a month. Again, not really needed but you can if you want. There's also experiments people are trying out to only index smaller parts of the network, e.g. only users you follow which would mean hosting an AppServer would be even cheaper. FWIW, I like both protocols and want them to succeed, anything that gets people off of closed social media.
AP has its issues, namely not being at all consistent, but that trade-off allows anyone to run all the components of the network without breaking their bank.
ActivityPub doesn’t attempt to solve any of the same issues that atproto does — there’s no ability to have a full consistent view of the network. So it’s comparing apples and oranges.
To me Fediverse is basically all the forums we had in the 90s and 00s, but now they can talk to each other. So with that said, I am principally against huge instances like mastodon.social and such.
While bsky is more like decentralized Twitter, meaning it also requires a significant chunk of the resources of Twitter to run consistently. Which is also why it has not decentralized yet, and probably won't any time soon.
We have to ask ourselves, what is the point of decentralization? What is the USP?
To me the USP is that no one person or entity can buy it, sell it, or ruin it.
If we had to start over from scratch then I think AT would be a good way to start, because it would presumably not be federated with bsky and therefore low volume. But as volume grows it becomes harder and harder to maintain for small groups and eventually they all consolidate into big groups that are easier to take over and ruin.
Basically it's a difficult decision we have to make, a trade-off between consistency, and decentralization. Which do you value more?
Me never having been on Twitter, and coming from that era of the 90s and 00s, I value decentralization and small groups participating in a federated network more than large entities.
How I envision the future of social media, all these actors like bsky, Twitter, Meta, Fediverse will continue existing side by side, but Fediverse will likely be the smallest and most niche of them all. Fedi has, to me, taken the place of all those old message boards I used to hang on, while the rest are mainstream social media that made its entrance onto the world wide web back in early 00s with Facebook.
Anyone can run a moderation service. Users subscribe to the services they want. When you flag a post or account for moderation, you choose which service you send the report to.
> How does blocking work?
Blocking works by publishing a "hey I've blocked this person" record in your database. Applications then can use this to enforce that.
> How do people make sure to distance themselves from political enemies?
I'm not sure what this means.
> Do the aggregator cache servers block certain user domains?
They could, and this is also a property that's not really about blocking, that is, you could choose to cache only part of the network if you choose, which could be useful for various reasons.
> How do you ensure that the aggregator returns valid and non-forged comments and likes?
Cryptography, basically.
I'm trying to imagine how a situation analogous to Gab vs Mastodon may arise and play out here, or if the setup is different. Like would they just live side by side, with various frontend aggregators that present one or the other world to you?
> Cryptography, basically.
How do I, the user with a browser verify that? Do I need to use a different client program, or a browser extension? The aggregator site can show me a green checkmark or whatever, but that's just a claim by the aggregator. Am I expected to fire up a terminal window to compute signature validations to check if Alice really put a like on that comment?
You could also use one of the various PDS browser websites to go check their PDS, or a terminal tool, sure. I will be honest and the details of exactly how the cryptography stuff works is not my strongest point when understanding the protocol, maybe someone else can chime in and give you a more detailed description here.
Think Twitter posts, StackOverflow answers, Reddit comments, etc. The stuff you don’t want companies to gradually start locking up for their own gains (as they tend to).
The protocol will likely be extended for private and semi-private data in the future, which would work by granting explicit permissions to apps. For now, app developers would keep private data in databases, same as usual.
I love the idea to define data formats first, and then build on top of that. It's the only way we should do everything, because if you have the data, everything can be re-built on top. Unfortunately the way AT works is all contained in here:
> Social aggregation features like notifications, feeds, and search are non-negotiable in modern social products. [...] Coincidentally, that’s the exact mechanism you would use for aggregation. You listen to events from all of your app users’ repositories, write them to a local database, and query that database as much as you like with zero extra latency. [...] This might remind you of how Google Reader crawls RSS (rip).
In order for the social aspect to work, all data must at some point or another be aggregated in a single place. Said single place must then be huge, as it scales linearly with the activity of the network; in a still-capitalist world this means that this single place will always be run and led by money, unless some extraordinary volunteers-based project like Wikipedia springs up. The example of Google Reader is to the point: it was the biggest tech company at the time, provided a service for free, and decided to stop because it didn't care anymore.
In fact Google Reader is a very good comparison. AT works exactly as if you had websites, each with their own RSS feed, and then a big relay called Google, providing search, feeds, notifications, ... but as we all know by being the middleman between producers and readers Google gained an astonishingly high power. That is the business model described by Cory Doctorow when he talks about enshittification. Put yourself in the middle, and everyone will depend on you.
The only way an AT based product works at scale, ie with everyone easily talking to everyone, is with one or a few mega intermediaries between everyone of us. I fear this is not going to solve any of the issues we have.
What is different in ActivityPub ? Intermediaries are definitely useful for some services, but once your network is built you don't need them anymore: content flows directly between the repository, no middlemen needed.
In short: if we want a single network at large scale, AT requires large scale centralization points, while AP certainly needs them but could survive without them. Either we face that, or we start exploring and living within small-scale networks
This is not so in ActivityPub. The data you post is owned by/controlled by the instance you're on. In the language of the article, you're still a row in somebody else's database.
I was on Mastodon for a while until the instance I was on shut down. I naively assumed that I could export and re-import my posts but that was not so. Everything is deleted. I technically have an archive of it in the form of some JSON files, but as illustrated by the article, this is now dead data. The same will happen again if/when my current instance shuts down. The only way around it is to run my own instance, which for the vast majority of people is a ludicrous proposition.
I do think that you’re underestimating the value of open network for large-scale aggregation. Yes, for big open world you need big indexes. But indexes don’t have to always done by single entity. Some can be shared. Resources can be pooled for apps that need a materialized index of the same data. We haven’t really seen how this plays out yet because big indexes only existed behind the doors so far.
And if all else fails, limiting the scope (by time or community) works in atproto too. It’s just… not as fun :)
The fact that likes count and half the replies are missing is not specific to AP but to implementations not willing to actually follow the AP community: in fact the SocialHub (https://socialhub.activitypub.rocks/) community is the place where all coordinated development happens, and solutions to those issues have already been designed and implemented in multiple softwares, with the notable exception of Mastodon. Maybe that's the issue: people keep looking at Mastodon to understand AP, but Mastodon is one of the worst examples of AP, even when talking only about the technical domain. It doesn't implement the C2S API, it doesn't have portability, likes counts and missing replies as you said, ...
There's no talk about migration in the core spec, but how is it in ATproto in practice ? Does everyone carry their entire repository, live from their own PDS, ready to be remigrated somewhere else ? It does feel like in AT-in-practice people just have a PDS and that's it ? (I've never used it, I might be totally wrong)
Really, if you want a simplistic view of AP, it's easy: it's an INBOX where you receive content, and an OUTBOX where you send content, and the content is activitystreams-formatted JSON. Anything else just makes it easier to work with.
I think that's a great way of putting it, and it it's at the root of a lot of problems we have today. Our society increasingly encourages people to make money by coaxing other people into doing things whose costs are hidden.
It's one of those in-progress things that will get better and easier to use.
For a more technical overview, see “identity” here: https://mackuba.eu/2025/08/20/introduction-to-atproto/
Like RSS, people can host it on github pages, a service would poll it periodically to aggregate.
This would lower the barrier of entry by a large margin.
Maybe not all of bsky functions are viable, but I hope certain core part of "open social" can happen in this way.
But ATProto chose wss:// isntead.
It could definitely work as an alternative for the HTTP based web.
Twitter and Instagram are fundamentally different scenes bc of their restricted formats. Twitter has/had character limits. Instagram was primary for photo sharing. if you try to cram a long political rant in an instagram photo or description.. it is fighting against the app format and limitations. This sculpts the apps "culture"
im sure it can work, creating a hodge podge of random unstructured content.. like the blogosphere or Facebook. But it wont displace the walled gardens. You can make a Kiki app that only shows images, but youre following someone who is using Booba app which allows him to post pictures with descriptions. And suddenly nobody really knows what to expect
A big part of Twitter’s “culture” is creating “threads” to work around the character limit, which kind of defeats the point.
Data in user repositories is treated as untrusted input by apps, and rejected if it doesn’t pass the corresponding schema. Schemas are evolved in a backwards-compatible way with a nudge towards future extension (eg open unions are default).
That’s exactly why you can’t make a 500 character post on Bluesky. The Bluesky server will ignore your record as being invalid.
> Schemas are evolved in a backwards-compatible way with a nudge towards future extension (eg open unions are default).
unions of schemas? Doesnt that lead to a facebook-ized kitchen sink app that does everything?
you can effectivelt filter to .. say .. only photos with a photo-only app. But that doesnt form a app/schema culture
I meant specifically that “unions” default to open. Let me give you an example. A Bluesky post may contain different types of attachments. Image, gallery, video, etc. That’s a union of known schemas. However, that union is open. That means that generated type will include “or unknown” as the last possible value. Apps are expected to ignore that case when pattern patching since they wouldn’t know how to interpret it. However, that leaves Bluesky with ability to later officially support other types of attachments. Because more potential types could be added to the union layer (making some previously “unknown” stuff typed).
This has an interesting consequence that third party clients can “recognize” some type before it’s official. Eg some third party Bluesky client could choose to explicitly support a “Leaflet document” attachment to Bluesky posts, governed by Leaflet schema. If this pattern gets popular, Bluesky could be motivated to also support it, and even to reference a Leaflet document as one explicitly noted subtype of that union. Or it could keep ignoring it as one of the “unknown” values.
More on social issues around lexicons here: https://www.pfrazee.com/blog/lexicon-guidance
It does kind of sound like the app that recognizes the most schemas will likely win. It seems there is no benefit to using a limited schema app - and you'd end up missing content that the creator assumes you see. Ex: You can make an app that only shows pictures, but the people posting pictures will likely assume you also can see.. their Leaflet docs or whatnot. You can't force restrictions on the users - ex: if you use my Freegram schema then well you can't add additional stuff - b/c that's the social space we're building
Unless I'm misunderstanding the doc, the lexicon seems also very limited in what it can express. You can't specify images have to be black and white, or video clips have to be shorter than 15seconds. Or replies have different restrictions from posts.
It's maybe impossible to encode everything - but furthermore a lot of the "app culture" is just due to the app design. The photo description on instagram can be extremely long. You can write a diatribe about.. whatever. But it's hidden behind an collapsible button - which make it so people don't typically engage with it.
That's all to say, I think ATProto is very cool - but there is (maybe unfortunately) still a space for the walled gardens b/c they're providing a certain subculture.
It perfectly illustrates the old saying: a picture is worth a thousand words.
I had never heard of this protocol before (even though I’ve been using Bluesky since the Twitter/X takeover), but after reading this, I feel even more confident that the migration was the right call.
Except for one thing which has been pointed out by others. Anyone can access *all* of my data over this protocol. I like the idea that a lot of my data is directly accessible similar to the early web. But it would be nice if some of that data was only accessible if the accessor was permitted.
I don't really know much about auth tokens but I'm guessing they shouldn't be that hard to incorporate into this thing? When BlueSky or whatever app queries "@username.com/private/documents" the server expects an auth token, whereas it does not when the app tries accessing "@username.com/bluesky/posts".
Imagine a world where a preprint is “published” onto the social web, from which you could aggregate reviews/comments. I eventually ended up thinking about exactly what you raise - it would be great to have some degree of access control on this so both comments and published things can be selectively shared (with an option to make everything public later on, maintaining all the links).
The team decided to tackle public data first because scaling aggregation while preserving meaningful ownership is hard. So far I think they’ve succeeded at that.
Private or semi-private comes with a set of different challenges. Indeed scoped tokens are coming (via OAuth scopes) but that’s used for writes. The same mechanism could be extended for private reads in the future, like you describe. There’s questions about what shape private data would have though.
See https://pfrazee.leaflet.pub/3lzhmtognls2q and https://pfrazee.leaflet.pub/3lzhui2zbxk2b for recent thoughts on this topic from Paul who works on atproto.
But going back to this obsession about data. It's really an obsession with control. But none of you really have control. You hope that you can "engineer" your way into control of your own lives, of your data, even of the way the world works. But engineers do not have power. Businessmen do. Until you realize that, you will continue writing technical specifications like this, making micro-communities, and missing the big picture. Control requires power. Power requires money. If you can't monetize it, you have no control.
Whatever federated thing you think is going to win, isn't going to win, if there isn't enough money to back it. Because someone with money will just make the biggest "federated thing" (or not; it could be completely proprietary and billions of people will still use it), and eventually close it off once they have enough users. You cannot engineer your way out of money, politics, or human nature.
In short, I don’t think ActivityPub solves any of the stated problems (ability to walk away without cooperation; forking products; giving new life to old data). In that sense it doesn’t mirror “open source but for data” and doesn’t match the premise of my post.
The assumption of the article is that ISPs are stable and net neutral enough that one would not worry about the ISP going under or seeking some personal vendetta against you and booting your domain. A separate entity may no longer be hosting our data, but a private entity is the gatekeeper of whether anyone is able to see your data.
All that to say, if we want true ownership of domains, ISPs need to be a nationalized, democratized service.
It is quite common for national TLDs (like .de, .jp or .cn) to be managed by not-for-profit entities, under contract with their respective governments... which might also not be great wrt censorship.
There is also the general issue of equal access, where shorter, more memorable domains get more expensive and hodling domain names is only disincentivized for people without enough funds. I would very much like to see an alternative system to domain names, probably something more in the web of trust space.
It's getting harder to change DNS settings on Windows, even systemd makes it a PITA to update DNS entries.
There’s a bunch of alternative DNS roots out there, that are similarly hierarchical, but really interesting: https://en.wikipedia.org/wiki/Alternative_DNS_root#Implement...
All jokes aside, an educated guess on what to trust (or not) is necessary. Otherwise you wind up on a slippery slope that goes in circles and always results in 'we need more laws'.
Long way to say that I think 'owning' a domain name and publishing on there is way better than the silos we're accustomed to nowadays. The open web never stopped working as intended, the genie is out of the bottle for 30+ years yet, make use of it if you want.
Also, you technically "own" your data on any social network. If you put a public key in your bio and archive every post, you can move to another network. Then use friends and close followers to broadcast your new location; those who care will probably find you without much effort, but if not, Open Social doesn't solve this problem either.
However, I still think Open Social is an improvement. Most social networks are really bad these days: manipulated engagement-driven algorithms, locked-down data accessible via poor UI, toxic community, and inconsistently-applied unspoken rules. These issues all have workarounds, and can still happen on Open Social (BlueSky's community is toxic, I don't know if its algorithm is gamed or its global moderation is reasonable). But it certainly makes them harder to form and easier to avoid:
- If everyone's data is available raw via API, it's easier to create your own algorithm and frontend (or realistically, use someone else's which is better designed and more suited to you personally than what a generic social media company would make)
- With all data available, it's more likely people will develop better algorithms to filter out toxicity and discover interesting posts. At minimum, it's more acceptable and easier to create whitelisted groups, where one person maintains an "algorithm" that simply selects posts they (and others who are granted invites) have determined are not trolls.
- If data access and ban lists are separate, the same network can have multiple ban-lists, so being banned isn't "all or nothing". You can choose a ban-list with rules you agree with and continue to see posts that most others would prefer banned. If no ban list is dominant, there's a good chance the rules that the ban-lists share are reasonable; you can worry less about being banned inconsistently or for a widely-considered unfair reason (e.g. upsetting a specific moderator), because in those cases you'll only be banned from one list.
- If having a public key and archive of your data is the default, and your followers' frontends automatically recognize the key and find your new domain/hub (e.g. if someone links it to the old hub), it's easier to move. If BlueSky shuts down tomorrow, some clients can just be updated to point to another domain with all the data and continue working as if nothing changed. Whereas if Reddit shuts down, in theory one can develop a clone from scratch and populate it with the archived data, but users would have to re-register and it would be a huge mess (+ legal issues).
I've actually tried to separate the two in the article although it might be subtle (because I didn't want to make it confusing).
Owning a domain means you own your handle. Not data. In atproto, a domain is just a handle — you can swap it out without breaking links. (This relies on a centralized auditable repository which is currently being moved out of Bluesky as a separate independent entity. If you don't want to rely on that, yes, you'd have to tie your identity to the domain.)
Owning "data" is not related to owning the domain per se. It has to do with the fact that you can point your identity at a different physical server over time without breaking links. So your hosting doesn't have any real leverage over you. That's what I mean by meaningful ownership.
I've sort of conflated domains and persistent identity in the article to simplify the picture a bit. Your identity is not tied to a domain, but a domain serves as a bidirectionally verified user-friendly alias for it. If you lose control over the domain, you can tie a different one to the same identity later. This doesn't break links between records or functionality.
In my case it's to remix pedagogical exercises. So I need :
- actual content (e.g. exercise and assets) to remix (imagine changing the language)
but also optionally
- author ID for attribution - a stable URL for provenance, again from attribution but possibly metadata (e.g. how many times played on origin server, language, etc)
Decentralization is also more complex for the developers and particularly for the users, this creates a market for people offering services to operate decentralized systems, which ends up centralizing the network. This is how the WWW, Email, Git, BTC all got more and more centralized.
We have this cache thing via wss connections. Do they invalidate this messages from user B? Is user's A worldview now completely dead?
Owning a thing in the internet is a complicated topic i guess.
Preserving past information via copying what a user said so that it does not get lost maybe also in the interest of some users (equivalent to the webarchive). I understand that this contradict the whole "owning your data" premise, but fundamentally since it was open in the first place the thing always can be copied right?
Whatever content is produced in this "open social" network, some of it may have long lasting "value" to an individual. Is there anything to make sure that what they interacted with can not completely broken by the other site of the party?
If the user's repo just goes down (e.g. the host is down), then indeed it won't be available upstream and only cached versions will remain. It might be that the user is having problems, and the repository will be up on a different host later. It's up to each application how to handle this, but it seems reasonable to keep serving cached content since there was no explicit deletion instruction. E.g. I presume Bluesky would keep showing both replies in the conversation.
>I understand that this contradict the whole "owning your data" premise, but fundamentally since it was open in the first place the thing always can be copied right?
Yeah this is a tricky thing. The general guideline is that the user expresses intent (e.g. can delete post or entire repo) and well-behaved apps respect that intent. But of course there can be non-well-behaved apps that don't, or that permanently archive everything ever emitted.
Ideally, if I see a post or comment, a process that I control should be able to establish whether the user is trustworthy, by asking the intermediate nodes whether the next hop is trustworthy. Essentially, I should be able to walk that chain of trust to see whether the information comes from a trustworthy source (and possibly input user's own evaluation of the chain links and nodes).
Unfortunately, social media companies do not let users access the social graph, because not being able to ascertain provenance of information is what makes paid advertising possible. It would also greatly help to combat bots.
[0] A collection is basically an app's particular set of records stored in a user's PDS repository. Here's an example using the Bluesky CTO's follow records: https://pdsls.dev/at://did:plc:ragtjsm2j2vknwkz3zp4oxrd/app....
These are summed up by Bluesky's app server (app view) and then used to fill out following lists in apps that connect to that server through its API.
A fact checking or web of trust tool could pull these records down and use it for exactly this purpose. It could even weight by who they repost, for example.
Obviously I'm being hyperbolic, but I think eventually if society survives past this phase, our descendants will look back and judge us for letting psychological manipulation be a valid economic process as a way to generate dollars, in much the same way we might judge our ancestors for ever building up a whole industry to hunt whales for oil for fuel (meaning, they might acknowledge that fuel is important and necessary to power an industrializing society, but they would mock us for not understanding how to refine petroleum sooner, and how silly going through the tech tree of fucking whale hunting is, just to get some fuel).
It is fucking silly/absurd/dangerous, that we go through the tech tree branch of psychological manipulation, just to be able to sell some ads or whatever.
It could be interesting to see what other apps may be born out of the protocol though!
Yes, down in every measure over the last 6 months. I think it's primarily used by a lot of people to organize sockpuppet-aided raids on twitter towards people who are instantly banned by mass-reporting the second they create an account on bluesky. It's basically old 4chan for unfunny people who think they're better than everybody else.
I'd be positive about any distributed social protocol, though, no matter who delivered it. The problem is that this was a Dorsey project that he already abandoned and denounced because it took a bunch of VC and is just waiting for the rugpull. Now you're supposed to trust a bunch of people you never heard of and a few famous paid evangelists.
Question:
> What’s more interesting is that Tangled prefilled my avatar based on my Bluesky profile. It didn’t need to hit the Bluesky API to do that; it just read the Bluesky profile record in my repository.
I'm a bit confused by this. If a bluesky avatar contains an image, isn't that stored (at least by default) within bluesky? Meaning that Tangled will have to hit the Bluesky API?
Or maybe Dan is saying that his own repository is not hosted with Bluesky in which it would make sense, if wherever his repo is stored is getting hit to retrieve the image.
> Self-hosting a Bluesky PDS means running your own Personal Data Server that is capable of federating with the wider ATProto network.
So pds (personal data server) is like the container where you chose to store the data and it follows a certain standard.
If the container is hosted is bluesky, i still consider it a "bluesky api" but I understand the nuance better now.
... or am I misunderstanding?
Also, does everyone need to have their own domain name in order to have an identity cuz that seems like a non-starter.
If you're creating a social app, website, or whatever, you still have to host all your users' data regardless. This is just about the protocol you use which enables universal compatibility, meaning users have the choice to store elsewhere.
> Also, does everyone need to have their own domain name in order to have an identity cuz that seems like a non-starter.
Not really. Bluesky is a good example; when you first sign up it does it for you under their own top domain by default iirc, but the great thing is you can actually use your own domain.
However, this post was about the at protocol, which seems like you just hand-waved in one sentence:
> The AT Protocol used by Bluesky has some interesting features, although to be honest I don't know how many of these are just impossible to achieve on ActivityPub or are just WIP lagging behind due to funding constraints.
I don't think the debate between them is super useful because their architectures are very different.
You also mentioned an issue with the bluesky relay, but others already exist so it's not techincally tied to Bluesky. Heck, I think the fact multiple can exist at the same, while degrades the social aspect, still makes it decentralized.
As for the identity management issue, they announced just last week that it's getting branched to an independent entity: https://docs.bsky.app/blog/plc-directory-org
Sure, that's true, but I, personally, care mostly about one question: Who holds the keys to the kingdom? In this respect, I think the AT Protocol fails spectacularly, mainly due to the lack of a credible strategy to implement really self-custodian identities.
> You also mentioned an issue with the bluesky relay, but others already exist so it's not techincally tied to Bluesky. Heck, I think the fact multiple can exist at the same, while degrades the social aspect, still makes it decentralized.
Yes, but this is also true for Nostr, Diaspora, Mastodon, etc. The difference being, last time I checked (and of course things might have changed in the meantime) with AT Protocol it was only possible to self-host part of the infrastructure (and hosting the relay is insanely demanding).
> As for the identity management issue, they announced just last week that it's getting branched to an independent entity: https://docs.bsky.app/blog/plc-directory-org
This is another example of gaslighting from Bluesky that just makes me angry. How in the holiest of Hells does an "Identity directory controlled by a Swiss Association" make the whole thing better?
Sorry, not buying it. I don't have a horse in the race, but won't fall for the marketing.
> Who holds the keys to the kingdom? In this respect, I think the AT Protocol fails spectacularly, mainly due to the lack of a credible strategy to implement really self-custodian identities
From what I've read, you can still own the entire stack from top to bottom, none of it is necessarily tied to bluesky. Even the identity managed being discussed only applies to bluesky, and whatever ecosystem subscribed to it; but in theory, you could create your own social platform with a new one (you'd obviously lose that ecosystem). But then again, this would also apply to Mastodon, since whoever owns the instance could always nuke it, and if you own your own instance, you need to build an network that trusts you. There's always an authority involved.
> The difference being, last time I checked (and of course things might have changed in the meantime) with AT Protocol it was only possible to self-host part of the infrastructure (and hosting the relay is insanely demanding).
Well it's definitely not the "50TB" you mentioned e.g here is someone running a relay on a $34/month vps and isn't going to accumulate more disk: https://whtwnd.com/bnewbold.net/3lo7a2a4qxg2l But it's importance is overblown anyway, it's just a json transmitter for signed data. I think the pds and identity managements are the better concern, and I hope there's a better way to decentralize those (if that makes sense).
EDIT: You're still correct that to fully spin up a new bluesky on your own you'd need an insane amount of storage for hosting all that data that's currently stored on bluesky (especially the did:plc and pds). All good arguments against the company, but that's only because people are choosing to store their pds repositories on bluesky. You could just as well point your repo to your own server and use a different social media. They could go under and someone else can create a new app view. I find that really cool; still leaves the identity issue open.
But I wonder, why JSON if the web is already built on HTML documents? Is it possible to just store our data in a web of authenticated html documents and have the protocol be built on that? Are there other open standards we can leverage to reduce the amount of new infra / protocols? I wonder if there's a less complex "good enough" mvp version.
I can’t link to a Bluesky post. I can’t use Bluesky from the browser. It’s a silo’d network.
The indie web has the right idea: Use the web, build ontop of blogs, degrade gracefully. We could have central aggregators just like Bluesky crawling the web with microformats.
The polished experience with Bluesky has little to do with the tech and everything to do with financing and talent. Give me millions of dollars in grants and I’m sure I can build a polished UX too.
What do you mean? Both of these things are trivial.
Here is a link to my most recent post on Bluesky: https://bsky.app/profile/steveklabnik.com/post/3lztkahefs225
You can sign into bsky.app (or deer.social, or anisota.net, or...) in your browser and post just fine.
It may seem inconsequential to some, but AT is fundamentally hostile to the web. The goal of AT is to move syndication and content off the web to another network. No. I’m done with that.
What's different here and why is it better? Do we really need another standard / protocol?
jrm4•4mo ago
I get that theoretically the two should be similar or even identical in practice, but I feel like the way Bluesky goes so hard at "literally individuals maintain control over their own stuff" is kinda too hard for most, and that Mastodon's "just trust the server" way, which ABSOLUTELY has it's own problems, of course -- is still better, mostly because we have better practice in this style, in the form of good ol email.
micromacrofoot•4mo ago
The server shouldn't need to be specific to mastodon/bluesky networks either
Ghost (the blogging platform) is kind of a peek into this — you can host your microblogging account there and interact with other activity pub networks like mastodon
this is the promise of the activitypub standard, anyone that uses the standard can interact with anyone else using the standard...
danabramov•4mo ago
>Social aggregation features like notifications, feeds, and search are non-negotiable in modern social products.
Conceptually, Mastodon is a bunch of copies of the same webapp emailing each other. There is no realtime global aggregation across the network so it can only offer a fragmented user experience. While some people might like it, it can't directly compete with closed social products because it doesn't have a full view of the network like they do.
The goal of atproto is enable real competition with closed social products for a broader set of products (e.g. Tangled is like GitHub on atproto, Leaflet is like Medium on atproto, and so on). Because it enables global aggregation, every atproto app has a consistent state of the world. There's no notion of "being on a different instance" and only seeing half the replies, or half the like counts, or other fragmentation artifacts as you have in Mastodon.
I don't think they're really comparable in scope, ambition, or performance characteristics.
jrm4•4mo ago
My gut is that IT DOES. Put differently, there's presently nothing about TECH of the Mastodon model that prevents building tools that achieve similar "centralized everything" goals on top of Mastodon; only, you know, people and trust, the easiest part </sarcasm>.
Mastodon's probably the best long-term model and it's email that makes me think that.
jpereira•4mo ago
Mastodon requires a complex decision upfront, which server do I trust, which is analogous to where you create your account on ATProto, but unlike ATProto, doesn't give the tools to seamlessly transition later.
The trust lens I think is a good one. You want to let different users make different tradeoffs in effort without having that leading to a worse experience..
jrm4•4mo ago
And it seems to me that the more frictionless model is the one that looks like something people are used to; just "sign up with a thing."
That does leave the interconnection to the servers and others, but that may be how it has to be?
iameli•4mo ago
jrm4•4mo ago
Offloading THAT mentally to a different "service" or "account" I think is easier than this all-in-one thing.
Again, I like the IDEA a lot; if you'd presented it to me like in 2000 before a lot of this stuff took off I would have been all about it.
Today? No, I think it's reasonable to offload that to so-and-so-dot-com, each as a separate account. Like the phrase "I have a facebook" always sounds weird to ME, but I think that's "the way."