Föderation EN So 01.12.2024 00:06:48
Christine Lemmer-Webber, ActivityPub co-editor and founder of @spritely, recently answered the rhetorical question, 'How decentralized is Bluesky really?'
https://dustycloud.org/blog/how-decentralized-is-bluesky/
Christine has the soul of a diplomat and the technical chops of a master, so her nuanced take is worth the read.
TL;DR
"Bluesky and ATProto are not meaningfully decentralized, and are not federated either. However, this is not to say that Bluesky is not achieving something useful"
(1/?)
Föderation EN So 01.12.2024 00:12:56
You may worry that Christine's judgement, like @evan Prodromou's, is biased by her intimate involvement in AP. But @rabble says similar things about BS. He was happy to jump ship from Scuttlebutt (Planetary.social) to Nostr (Nos.social) because he thinks it's technically better as a protocol. If ATProto was better, he would have pivoted to that instead.
The most generous, true thing we can say about BS right now is that theoretically, it could become decentralised in the future. But ...
(2/2)
Föderation EN So 01.12.2024 00:26:06
Coda:
One way I've seen people describe the blockchain that BitCoin runs on is 'physically distributed, but logically centralised'. Think of the Borg in Star Trek, or the Cylons in Battlestar Galactica; many bodies (apps, wallets, miners, etc), one overmind (the public ledger).
The net, at its deepest level, is the opposite; physically centralised (the fibre "backbone") but logically distributed (many independent servers and clients).
BlueSky is like BitCoin, ActivityPub is like the net.
Föderation EN So 01.12.2024 01:07:34
Note: I was referring to public posts.
"But you may notice! Bluesky provides direct messages! So surely not all information is publicly available, because otherwise else direct messages would simply not work! So how do direct messages work in Bluesky?
The answer, if you guessed it, is centralization. All direct messages, no matter what your Personal Data Store is, no matter what your relay is, go through #Bluesky, the company."
#ChristineLemmerWebber, Nov 2024
https://dustycloud.org/blog/how-decentralized-is-bluesky/
(1/3)
Föderation EN So 01.12.2024 01:12:12
"Why would Bluesky roll out a direct message system that they have acknowledged is not the long term direct message system they would like long term?"
Exactly the same reason Mastodon added DMs (now called Specific People posts) in response to an earlier mass exodus from Titter;
"... Bluesky wanted to provide a feature-complete platform from the perspective of a user who is looking for an exit from Twitter now."
#ChristineLemmerWebber, Nov 2024
https://dustycloud.org/blog/how-decentralized-is-bluesky/
(2/3)
Föderation EN So 01.12.2024 01:16:50
But at least @Gargron did *not* do what BlueSky have done, and implement a totally centralised system where every DM runs through mastodon.social. He made Mastodon Direct posts decentralised, like any other kind of post.
After a few teething problems (eg devs of other fediverse software not realising they existed and displaying them as public message), we ended up with a system Chistine describes as
"about as private as [unencrypted] email."
This is already streets ahead of BS DMs.
(3/3)
Föderation EN So 01.12.2024 01:31:09
More quotes from #ChristineLemmerWebber, Nov 2024
https://dustycloud.org/blog/how-decentralized-is-bluesky/
"I find it surprising and alarming that reusing the same key per user was ever the case."
Indeed.
"It feels like this flies in the face of the fundamental goals one would have around building a DID system and it is difficult for me to fathom how such a decision could ever have been made."
Easy; "move fast and break stuff". Instead of building slowly and carefully from spore to mycelium network, as fediverse devs do.
Föderation EN So 01.12.2024 04:59:16
"The truth of the matter is: Bluesky controls users' keys, and therefore even if users "move away" they must trust Bluesky to perform this move on their behalf. And even if Bluesky delegates authority to that user to control their identity information in the future, there is still a problem in that Bluesky will always have control over that user's key, and thus their identity future.
#ChristineLemmerWebber, Nov 2024
Föderation EN So 01.12.2024 08:31:20
To be fair to the BlueSky team, a lot of the features Christine is point out their system and its protocol don't really have, are things the fediverse doesn't have either. At least not in the current usage of ActivityPub. Which is what we'd need to talk about to make a fair comparison to Christine's analysis of ATProto.
I guess the difference might be that we don't promote the verse as having these things inherently. We try to be clear about what's current and what's in R&D. I think?
Föderation EN So 01.12.2024 08:43:08
"Blaine Cook said that the correct version of ActivityPub and the correct version of ATProto are "the same picture" at one point. This is true insofar as I believe addressing the serious issues of both converges on a shared direction"
#ChristineLemmerWebber, Nov 2024
https://dustycloud.org/blog/how-decentralized-is-bluesky/
Hmm. Intriguing. Christine goes on to explain some ways each one could evolve, and how that would make them more similar.
It seems very much RSS and Atom all over again.
Föderation EN So 01.12.2024 08:55:00
You know how people say things like, 'that's an hour I'll never get back'? How do you say exactly the opposite of that?
I got massive informational value for the time I gave to reading Christine's article, as well as getting to bask in some refreshing self-awareness and emotional intelligence along the way.
Great stuff, would go again : P
Föderation EN So 01.12.2024 18:51:43
@strypey aw thanx :)
Föderation EN So 01.12.2024 18:51:43
@strypey aw thanx :)
Föderation EN So 01.12.2024 18:56:16
Föderation EN So 01.12.2024 08:31:20
To be fair to the BlueSky team, a lot of the features Christine is point out their system and its protocol don't really have, are things the fediverse doesn't have either. At least not in the current usage of ActivityPub. Which is what we'd need to talk about to make a fair comparison to Christine's analysis of ATProto.
I guess the difference might be that we don't promote the verse as having these things inherently. We try to be clear about what's current and what's in R&D. I think?
Föderation EN So 01.12.2024 08:43:08
"Blaine Cook said that the correct version of ActivityPub and the correct version of ATProto are "the same picture" at one point. This is true insofar as I believe addressing the serious issues of both converges on a shared direction"
#ChristineLemmerWebber, Nov 2024
https://dustycloud.org/blog/how-decentralized-is-bluesky/
Hmm. Intriguing. Christine goes on to explain some ways each one could evolve, and how that would make them more similar.
It seems very much RSS and Atom all over again.
Föderation EN So 01.12.2024 08:55:00
You know how people say things like, 'that's an hour I'll never get back'? How do you say exactly the opposite of that?
I got massive informational value for the time I gave to reading Christine's article, as well as getting to bask in some refreshing self-awareness and emotional intelligence along the way.
Great stuff, would go again : P
Föderation EN Mo 02.12.2024 02:41:36
@strypey
> The Bluesky PDSes therefore hold these signing keys custodially on behalf of users, and users log in to their home PDS via username and password. This provides a familiar user experience to users, and enables standard features such as password reset by email.
When she talks about user keys is she talking about Bluesky's hosted PDSes at bsky.social or is she talking about self-hosted PDSes?
Because Self-hosted PDSes have their own keys and don't depend on bsky.social.
Föderation EN Mo 02.12.2024 04:03:43
@JNogueira
> When she talks about user keys is she talking about Bluesky's hosted PDSes at bsky.social or is she talking about self-hosted PDSes?
Can you clarify @cwebber?
> Because Self-hosted PDSes have their own keys and don't depend on bsky.social
How sure are you about this?
Föderation EN Mo 02.12.2024 05:17:54
@strypey @cwebber 100%
The current PDS implementation has its own private signing key for the DID.
Also see: https://github.com/bluesky-social/pds/blob/main/ACCOUNT_MIGRATION.md
Föderation EN Mo 02.12.2024 14:06:41
@strypey @JNogueira Yes I was talking about the vast majority of users who *started on* bsky.social's "mega-PDS node"
Föderation EN So 01.12.2024 01:07:34
Note: I was referring to public posts.
"But you may notice! Bluesky provides direct messages! So surely not all information is publicly available, because otherwise else direct messages would simply not work! So how do direct messages work in Bluesky?
The answer, if you guessed it, is centralization. All direct messages, no matter what your Personal Data Store is, no matter what your relay is, go through #Bluesky, the company."
#ChristineLemmerWebber, Nov 2024
https://dustycloud.org/blog/how-decentralized-is-bluesky/
(1/3)
Föderation EN So 01.12.2024 01:12:12
"Why would Bluesky roll out a direct message system that they have acknowledged is not the long term direct message system they would like long term?"
Exactly the same reason Mastodon added DMs (now called Specific People posts) in response to an earlier mass exodus from Titter;
"... Bluesky wanted to provide a feature-complete platform from the perspective of a user who is looking for an exit from Twitter now."
#ChristineLemmerWebber, Nov 2024
https://dustycloud.org/blog/how-decentralized-is-bluesky/
(2/3)
Föderation EN So 01.12.2024 01:16:50
But at least @Gargron did *not* do what BlueSky have done, and implement a totally centralised system where every DM runs through mastodon.social. He made Mastodon Direct posts decentralised, like any other kind of post.
After a few teething problems (eg devs of other fediverse software not realising they existed and displaying them as public message), we ended up with a system Chistine describes as
"about as private as [unencrypted] email."
This is already streets ahead of BS DMs.
(3/3)
Föderation EN So 01.12.2024 01:31:09
More quotes from #ChristineLemmerWebber, Nov 2024
https://dustycloud.org/blog/how-decentralized-is-bluesky/
"I find it surprising and alarming that reusing the same key per user was ever the case."
Indeed.
"It feels like this flies in the face of the fundamental goals one would have around building a DID system and it is difficult for me to fathom how such a decision could ever have been made."
Easy; "move fast and break stuff". Instead of building slowly and carefully from spore to mycelium network, as fediverse devs do.
Föderation EN So 01.12.2024 04:59:16
"The truth of the matter is: Bluesky controls users' keys, and therefore even if users "move away" they must trust Bluesky to perform this move on their behalf. And even if Bluesky delegates authority to that user to control their identity information in the future, there is still a problem in that Bluesky will always have control over that user's key, and thus their identity future.
#ChristineLemmerWebber, Nov 2024
Föderation EN So 01.12.2024 08:31:20
To be fair to the BlueSky team, a lot of the features Christine is point out their system and its protocol don't really have, are things the fediverse doesn't have either. At least not in the current usage of ActivityPub. Which is what we'd need to talk about to make a fair comparison to Christine's analysis of ATProto.
I guess the difference might be that we don't promote the verse as having these things inherently. We try to be clear about what's current and what's in R&D. I think?
Föderation EN So 01.12.2024 08:43:08
"Blaine Cook said that the correct version of ActivityPub and the correct version of ATProto are "the same picture" at one point. This is true insofar as I believe addressing the serious issues of both converges on a shared direction"
#ChristineLemmerWebber, Nov 2024
https://dustycloud.org/blog/how-decentralized-is-bluesky/
Hmm. Intriguing. Christine goes on to explain some ways each one could evolve, and how that would make them more similar.
It seems very much RSS and Atom all over again.
Föderation EN So 01.12.2024 08:55:00
You know how people say things like, 'that's an hour I'll never get back'? How do you say exactly the opposite of that?
I got massive informational value for the time I gave to reading Christine's article, as well as getting to bask in some refreshing self-awareness and emotional intelligence along the way.
Great stuff, would go again : P
