> to provide a simple user experience that does not burden users with complexity arising from the system's decentralized nature.

I think this is the most important factor that Fediverse (and Mastodon) got wrong. My prediction is that Bluesky will be successful because of ease of use, not because of the distributed nature. Most users don't care about being distributed at all.

Except for the fact that it requires a centralized directory server that you can be banned from at any time, with no recourse. And for users, being independent from Bluesky requires owning a DNS name and paying for it yearly—a big step backwards from Mastodon where a group of users can come together and live on a server run by an admin they trust without needing their own DNS names. It replaces social trust that's more accessible for a lot of non-technical users with a more complicated kind of technical trust that requires a high level of technical sophistication (Can you imagine hundreds of thousands of twitter users all signing up for a registrar and buying their own domain names?)

You've identified a real problem but blamed the wrong target. We don't need to avoid using domain names, we need to make them an order of magnitude easier for laypeople to buy and use.

99% of people who could benefit from owning a domain should never have to know what a DNS record or TLS cert is. This should all be managed by apps through a simple delegation system built on OAuth2.

You log on to bsky.app, they say, "want to connect a domain?". You say yes and get redirected to your domain registrar, where you grant access to for bsky.app to have control over bsky.example.com until you revoke access.

DomainConnect[0] should solve this but in practice it's turned out to be very gatekeepy in my opinion.

[0]: https://www.domainconnect.org/

You're only addressing half the issue here. By delegating control of your domain to bsky.app, you're still beholden to a centralized ban list and retain no control over your own instance.

If they ban you then you take everything, including your profile domain, and move somewhere else. This mobility would do a lot to ensure they don't ban users without a good reason. It's incentive alignment and insurance.

Are you saying that if you get banned you have the ability to take your bluesky name and all data to another server somewhere?

I have not ready anything about the protocol yet, is there something in it that keeps all your data accessible to you after a ban?

Is list of contacts, other people's posts and such part of that move or what exactly is left to someone after they are banned?

Edit: oh wait I'm completely wrong, that's not a key, that's an ID in a directory, lol. The public key thing is just a plan.

There's a thing called DID that identifies you. There's a few options, but one is called "DID PLC" with a sample implementation here:

https://github.com/did-method-plc/did-method-plc

With the disclaimer that I haven't dug into it seriously enough, I understand it's a public key (that I can also rotate) that I can use to prove that an account somewhere else is really mine. Note that I have no idea what the private key is, or how to dig it out - I'm sure that's documented somewhere, but I wasn't interested enough for now.

TL;DR: there definitely is a theoretical mechanism for users to "take their toys with them." How it works out in practice is a different matter. I suspect most users wouldn't know they're supposed to keep a bundle of data stored somewhere for a dark hour. I also wonder how the protocol protects itself from people accidentally putting that data in public.

There are no safe haven registrar that are immune from harassment against lawful contents. There's no guarantee that you can port-out domains against registrar's will, even if it's technically your property.

The whole "we can just use DNS names as ID and it'll be unbannable" idea is just relying on the fact that domain names aren't normally used as social media IDs and that more neutrality is expected from registrars, and neither of these presumptions are guaranteed.

Once enough users start using domain names and gets >100k daily likes with anime illustrations, same people as who were problems ARE going to get mad and set up their systems to just hammer Namecheap, GoDaddy, Gandi, Porkbun, until their support gives in just like it always happened. If they didn't, they inject faults in credit card payments, make their authoritative servers unresolvable in UK, Apple devices, on 1.1.1.1 and 8.8.8.8, so on and forth, until they do.

What are you optimizing for and what's your threat model? Personally I'm optimizing for UX and data ownership. One reason centralized services are bad is they tend to turn into monopolies. Once there's no competition there's no incentive for UX to be good. More ads, less useful features, more useless features, etc.

Using a decentralized protocol and providing custom domains is sufficient for me.

If you're optimizing for censorship resistance and your threat model is that registrars want to take you down because there are enough people mad about what you're posting, you're going to have to make UX tradeoffs that most people don't and shouldn't need to.

From GP:

> If they ban you then you take everything, including your profile domain, ...

This reads like censorship resistance against moderation/management going insane on its own, to me. And in reality, that rarely happens. It's ongoing on Twitter, kind of, but that's less than once in a decade occurrence, and the crazy element wasn't internal.

What happens more often is some fundamentalist group or something starts harassing companies, often leveraging advertisers, credit card companies, perhaps some backend APIs too, sometimes even foreign laws way outside jurisdictions, to get them swallow their agendas. That leads to bans and insane policies getting introduced.

And, if you look at what happened to Twitter in last few years, I think you can see the latter of above two descriptions is closer to what happened to it; whether it was foreign conspiracy, or purely to that guy's insanity, or politics, it was external force that lead to the situation that necessitated escape. It was sane-ish up to the acquisition.

This is an interesting take! I don't necessarily disagree with it—we could definitely make the DNS system more accessible than it is today—but I don't think it's the panacea either, there are still a lot of costs and paperwork involved with owning a domain name that aren't related to the actual technical knowledge required. How is my 12 year old cousin whose parents don't understand technology supposed to buy a domain name just to be able to comment on a youtube video?

Certainly I think there are regulatory and social issues as well. The current system was built in a time where it made far less sense for that 12 yo to have their own domain name. But they also didn't have their own phone numbers back then, but the phone system evolved so they could. DNS needs to evolve too.

The other issue is that I fundamentally don't think the problems of moderation and hosting are "separable" as the paper claims—the moderation of your content is intrinsic to the question of "who wants to be responsible for hosting and paying for this content?". And people are going to want to use moderation systems that make moderation decisions they agree with and support—they're not going to want to be paying for a hosting provider that hosts content they disagree with. That's why I see the fediverse "plurality of networks" federated model winning out in the end, because it can be funded and operated by small groups of people interoperating with each other rather then requiring large centralized directory resources that nobody wants to pay for.

I thought it was cheaper not to look at the content, than to look at it. That just leaves legal responsibility as an issue.

That requires each and every user to do the moderation for themselves. Which few if any want. Most users actually want moderation, as long as they can decide whose ban list applies to the content they see.

Moderation is only an issue at "commercial" scale. Any small community can easily solve moderation. One critique I have about most modern business plans is that they are looking for large scale and little responsibility.

I helped run a moderate a small forum community in the early aughts. We only had maybe 800-1000 active users at our peak. Moderation was fucking terrible, and not 'solved'. We had several users we elevated into moderator positions and still.. I think we were running about 1.5 moderators per 100 active users on average.

Nightpool has been an admin of AcitvityPub servers of all sizes for years now and is versed in the moderation challenges therein, I'm not sure they'd agree :) I'm not sure I agree that it's a solvable issue at community scale.

Yeah, I don't think moderation is "solved" at all on the community scale, but my point is that ActivityPub servers are just way more likely to be at that "community" scale, and Bluesky—as a more flat protocol with a lot of discovery and indexing features—is not. So I think they have a lot better chance of having communities that can reach a local moderation equilibrium.

I guess I'm looking at it from the Lens of the community. If a community can't solve its moderation issue through social standards the community degrades.

Once the community degrades to having no social standards there is no point in moderation.

I think this comment is kind of correct, the moderation problem can be overlooked until the system scales(IMO not until individual participating instances scale but until the whole system becomes relevant), and thereafter we'd come back to the problem of bad actors and external pressures.

> And for users, being independent from Bluesky requires owning a DNS name and paying for it yearly

This is not really true. DNS allows you to set your name to a domain, but ultimately all of your posts are tied to your DID. If you wanted to move from steveklabnik.bsky.app to steveklabnik.whatever.app, you could do that still, no DNS required. You won't lose anything. The DNS stuff is effectively vanity.

At present all the DIDs issued through bluesky use plc for resolution, which is a centralised directory managed by bluesky

Yes, I agree this is a weak point. It's also one that the team is aware of and seemingly has the right amount of discomfort with. I see temporary compromises like this as an example of the pragmatic decision making needed to ship, and trust that they will do the right things here, but I also understand some skepticism.

It's not a 'weak point' it's a fatal flaw.

Given that it is a non-essential part of how the protocol works, I disagree, but I understand that reasonable people may differ.

PLC uses signed logs similar to certificate transparency. We have a lot of options for where to take it. There may be a distributed/decentralized hosting system if we can settle on a consensus model we're comfortable with. Otherwise it will be some kind of org management model.

The other direction we've got is did:web, which is already used in some cases, and has some tradeoffs but is a strong option.

For now. As I understand it (from talking to them in person a few years ago), they don't want it to stay like that forever. They want to eventually invite more organisations to run name resolution servers, and they have some clever ideas about how to keep all those servers & organisations honest.

My understanding is that this only works if you're using their centralized PLC DID, which I think only works if you sign up through their website? Maybe I'm mistaken about that or they removed that restriction, I don't see any mentions of that in the docs today. Users using the `web:` DID need to use the .well-known resolution system predicated on owning a domain name and their identity is tied to that domain name.

In general, I guess I'm just pessimistic of the ability for any DID system to exist that isn't either centralized or majorly user-unfriendly. I think that reasoning on a "local scope" like ActivityPub does and worrying less about global identity is just a better long-term solution for users and works better with how people are practically using social media today (think about the proliferation of a million discord servers each with effectively their own user identity....)

Yeah, as you can see from the sub-thread, I maybe over-stepped a small amount here. I am thinking about what is required by the protocol, and that is just 'any DID.' You are right to point out that web: and plc: both have certain practical drawbacks today. I am confident that because this problem is considered carefully by the team, that this will be 100% true in the future, but you're also right that there are real restrictions today. I will be sure to be more careful in the future.

> In general, I guess I'm just pessimistic of the ability for any DID system to exist that isn't either centralized or majorly user-unfriendly.

That's fair. Time will tell :)

Well, or a group of users can come together and attach their identity to a DNS server run by an admin they trust. If I register pinksky.com, it is fairly cheap for me to hand out subdomains to Bluesky users -- certainly easier than running a Mastodon instance.

I think the questions about indexers and firehose servers are more relevant to the question of centralizations. Identity is much easier to solve.

> being independent from Bluesky requires owning a DNS name and paying for it yearly—a big step backwards from Mastodon where a group of users can come together and live on a server run by an admin they trust

In the DNS, that’s called a subdomain. I.e. a group of users can come together and buy a domain name and all use different subdomains, completely without any additional cost per user.

> and for users, being independent from Bluesky requires owning a DNS name and paying for it yearly

I don't think so. Anyone can set up a server with a DNS entry and then hand out subdomains to users. It's only sekf-hosted folk who need to pay for a domain name

actually you can use any kind of identity system that uses a did. it’s not dependent on dns alone.

(we run the largest instance of atproto outside of bluesky)

My understanding is that bluesky will only support interoperating with their own centralized PLC system (which other developers currently can't access) or the did:web: protocol. Is that not true?

It doesn't work with subdomains?

Users. Don't. Care.

To me, a Twitter successor has to do exactly two things: Look and feel almost exactly like Twitter, and have an escape hatch once things go south that lets me preserve my handle (essential), social graph (important), and post history (nice to have).

In other words, I want what has always been possible for email: Gmail with a personal TLD.

I haven't looked too deeply into AT proto, but at a first glance, Bluesky might be that.

Twitter didn't become big by being almost exactly like something that came before it. Learning something new was not a burden for all the users that jumped on to the Twitter train.

Elon has weakened Twitter substantially and now it's leaving the door open to newcomers with ideas in a different direction.

It's the churn. Platforms rise and fall. But this time the power vacuum is so big a non commercial platform might have a fighting chance.

There was almost nothing to learn on Twitter: Sign up, write about anything in 140 characters or less. Replies/tagging, hashtags etc. augment the experience, but aren't necessary (and weren't even natively supported in the beginning/were just convention anyway).

For Mastodon? I need to:

- pick a server and remember it (I've actually lost my own handle a couple of times between months of giving it a try!)

- manually copy-paste the handles of people I want to follow back on my server, since there is no native single-click way to just follow an account I am looking at on my own server

- do the same on mobile, because all Mastodon apps can't possibly be associated with all server URLs on iOS and Android

- remember to follow people I care about, since otherwise there is no way to discover interesting posts outside my bubble

- give up on the idea of global search entirely, which is one of the things I miss most from Twitter: "flight delays XYZ", "MTA line X delay", "<bandname> <cityname>" would allow me to find content by people about any topic of interest in a way that web searches don't.

All of these are annoying but doable for me, but I wouldn't be surprised if they're a major deterrent for many non-sophisticated users.

I never used Twitter and I don't use Mastodon directly because I abhor the idea of Twitter: forcibly shortened messages which emphasize nonsense and make it hard for people who actually have something to say to get their message across by having to split it in tens of threads. I've always hated Twitter.

So I can't compare the platforms at this level of detail but I have used Reddit and Lemmy a lot. And I think Lemmy is really great and just as good as Reddit. No issues with follows across instances following my mobile apps, having searches work etc.

And Voyager allows me to be signed into many instances (and in fact have multiple accounts on the same instance)

> - remember to follow people I care about, since otherwise there is no way to discover interesting posts outside my bubble

And this really is a feature for me, I hate algorithmic feeds. I just want to see who I follow and no other suggested or promoted stuff :)

I used to use both Twitter and Reddit (until they both succumbed to an Eternal September of their own, in my view, although for different reasons), and at least to me they serve very different purposes:

Twitter was great for following the updates of a given person/company/group etc. It allowed me to keep up to date with various topics of interest (cryptography, engineering, my city's public transit system etc). The 140 character limit was always a red herring, in my view: People can just link to their blog or start a thread (which I can both easily follow and ignore).

Reddit was more useful for researching and discussing a given topic. Discussions are way more meandering, and the tree-based interface made that both acceptable (whereas spamming somebody's replies would be considered rude on Twitter) and ergonomic.

In that sense, Reddit was always the spiritual successor to self-hosted bulletin boards, in the same way that Discord has replaced IRC for many groups. (What makes me sad is that it's now seemingly also replacing discussion boards, which sucks because it's not anonymously searchable at all, but that's a different complaint.)

In that way, Reddit seems like a very low hanging fruit to decentralize: Its predecessor already was decentral, in a way! In contrast, there was never a successful decentralized microblogging service before Twitter (and no, RSS doesn't count).

> I hate algorithmic feeds. I just want to see who I follow and no other suggested or promoted stuff :)

That's very fair! I believe this is what ultimately got me quite hooked on Twitter, but in the long run has made me very unhappy while there and prone to doomscrolling.

>there was never a successful decentralized microblogging service before Twitter (and no, RSS doesn't count).

You say RSS doesn’t count, but the way you describe your use of Twitter sounds exactly like the purpose of RSS.

>Twitter was great for following the updates of a given person/company/group etc. … The 140 character limit was always a red herring, in my view: People can just link to their blog

I don’t see how this is appreciably different than reading headlines and the first sentence in an RSS feed and clicking through to the blog that backs it, if it seems interesting.

Twitter always felt like RSS for people who didn’t know what RSS is. Hence its popularity, as most people don’t know what it is, but the concept is very useful. A lot of people use Facebook for the same thing.

> Twitter always felt like RSS for people who didn’t know what RSS is.

Yes, but that’s a lot of people!

Other than that, RSS doesn’t support commenting somebody else’s post.

> (What makes me sad is that it's now seemingly also replacing discussion boards, which sucks because it's not anonymously searchable at all, but that's a different complaint.)

An anonymously searchable alternative to Reddit's search function is PullPush, an archive site independent of Reddit.

It has full-text search and will even search through deleted and removed content.

Main site: https://pullpush.io

Frontends: https://search.pullpush.io, https://ihsoyct.github.io

That was in reference to Discord, not Reddit. Reddit is searchable ~fine via Google and its internal search (but I wouldn’t be surprised if they at some point break that in exchange for more forced signups and to prevent “AI content theft” like Twitter).

> - manually copy-paste the handles of people I want to follow back on my server, since there is no native single-click way to just follow an account I am looking at on my own server

> - do the same on mobile, because all Mastodon apps can't possibly be associated with all server URLs on iOS and Android

these are all possible with the official app on Android and the web interface. You don't need to copy the handle, you can just open their profile page on your server's interface and click to follow.

At least apps instead of the web browser can handle the copy/paste a username thing.

But, I stopped using Mastodon because there is no algorithmic feed (either of my own follows or in terms of surfacing things)—-sorry I massively prefer something lightly curated to just a chronological firehose. Most-recent-first is an algorithm of course. One that’s biased in favor of constant posters and those in your own time zone.

Wasn't Twitter based to be an SMS-based social media? And that it was almost exactly like SMS, text-only and very limited in characters, to a point that you could use it via SMS?

Mastodon, Bluesky, Post and whatever else do just that. And they are not really successful at scale. So maybe people actually don't need those artificial protocol and GUI limitations?

There is an old adage about MBAs and CEOs - if we a pick a successful company in some period, can we really say that CEO helped it become successful? Or maybe he instead impeded its growth and company could have been x10 times more successful without him? Who knows, can't be tested repeatedly.

Same with Xitter clones. Maybe copying Xitter quirks is not the best way forward?

Mastodon does not "feel like Twitter" in the way that Bluesky does.

Maybe it's the fact that it's so server-centric: I've never felt like I could just enter a handle in the search bar and be confident that if the search comes back empty, that person is not on Mastodon. The same is true for search by hashtag or topic.

I believe the client is the _most_ important thing to focus on, but is often secondary to the needs of the server.

True RESTful (HATEOAS) APIs are really powerful, but they are a major pain for any client to implement. GraphQL APIs are worse than HATEOAS, but the client tooling is amazing. GraphQL won.

I think the same thing will happen here. The distributed nature of the Fediverse is really powerful, but creating clients are a huge pain. The API is so complex.

In contrast to the Federvise API, the BlueSky API is easy to use which will allow more people to "play" with different clients and use cases.

> In contrast to the Federvise API, the BlueSky API is easy to use

I coded with both, I don't feel they are that different.

And then in a few years they will close the gate after the walled garden is complete.

Same stuff, different platform.

Same people even, isn't Dorsey involved? And it is a public benefit company that sort of laughably hasn't disclosed its charter, like how OpenAI backed out of revealing the details of its corporate structure.

Dorsey is on the board but does not hold any ownership in the company. He also deleted his account. Seems like he only cares about nostr.

he's on the board says everything. many including myself don't believe he'll give up his stake in neither Bluesky or Nostr.

Nostr is full of crypto and "free speech" people. there will be too much controversies if he's seen active on both.

What's a "free speech person"? Is it one that support effective access to the actual exercise of fundamental human rights?

Again, he doesn't have a stake.

I agree Nostr is full of that, which is why I don't use it.

I still don't know what this supposed burden is [0] ... you pick an instance (is that actually hard?) ... done.

[0] migration is a challenge if your instance vanishes without warning, but that's true of Bsky too.

It wasn't hard for me because I grokked what I was doing, but for a lot of people they've never had to make a decision like that before. Especially so early in an onboarding process. And they get caught up trying to decide if they should join the instance for web developers or the one for cat lovers, because both interests are important to them. It turns people off to the idea of federated social media.

I'm going to push back on the migrating being a challenge even for Bluesky if an instance vanishes. If nothing else, you do not need your old host ("PDS" in atproto parlance) to cooperate — or even be online — if you wish to migrate in Bluesky. With a local copy of your data, you can send your social graph to a new host with ease and be right back in business.

What do I think? I think it turns them off because people (possibly yourself included) say that they should intimidated and confused by this, rather than encouraging them to make what is actually, for almost everyone, a rather simple and inconsequential choice.

I don't think they should be intimidated, I'm just saying they are: https://erinkissane.com/mastodon-is-easy-and-fun-except-when...

But I wouldn't say it's a fully inconsequential choice, either. Your instance and how it's situated in the wider fediverse does matter to some degree. Not having a full view of the network, missing meaningful replies, at the mercy of some admin #fediblock drama, etc.

Or maybe you finally find a good instance but your admin dislikes Meta so you're defederated from threads.net now. That's a bummer.

> Or maybe you finally find a good instance but your admin dislikes Meta so you're defederated from threads.net now. That's a bummer.

If you don't agree with your admin's choices on such important matters, your instance is not a good one for you.

The differentiation between instances, the way each can have their own community with its own morals is a strength, not a weakness. As the fediverse gets bigger, the bigger platforms will diversify more and have more of their own identity. For example beehaw, it's not really a Lemmy instance with some policies configured, it's beehaw. As the fediverse gets bigger, instances will develop their own identities more and it will be easier to choose.

And gab, for the cesspool it is, you can't deny it's got its own identity. Of course it's one that almost nobody wants to federate with but that's their right too. Freedom of speech doesn't mean everyone has to listen to you. The system works as intended.

The thing is, if you're aligned with your platform you probably agree with most of the choices your admin made. If not you can just pick another one.

I don't disagree with any of the stuff in the linked post (and I've seen it before).

But I think that's all about a totally different problem: people not finding the culture they want on Mastodon.

> It wasn't hard for me because I grokked what I was doing, but for a lot of people they've never had to make a decision like that before.

They've picked an email provider. They've picked a mobile phone provider. They've picked their car insurance. They pick what bars to socialise at. Yes people have no issues making choices like this at all.

> They've picked an email provider

Not likely. The world picked gmail for them

In the US maybe? Here there's still a lot of diversity. People using their provider's email service. People using local ones like gmx in Germany. Hotmail, live and outlook.com. Even some non techies using their own domain (and of course all the techies do). Most people with their own business use that domain. Proton seems to be a rising star too.

Gmail is the biggest but not the only one by far. The privacy movement getting more traction here than in the US might be playing into that too.

Even the top 5 - never mind - Gmail - of e-mail providers just about cracks half of all e-mail users depending on which datasets your trust.

The initial premise was you can make an account anywhere and it works transparently anywhere.

The new premise after the "de-federation" update is it still works transparently so long you're a good citizen with nothing to be ashamed of, which is enough to make users feel the Fediverse lost its thing or something along that.

> The initial premise was you can make an account anywhere and it works transparently anywhere.

No, that premise is a misunderstanding of the actual initial premise: build a bigger system via federation, that is a series of independent systems that can agree or disagree on precisely what level of interoperation they will engage in.

Some people mistakenly imagined that everyone would make the same choices, and thus "make an account and it works everywhere".

Question is: when BSKY goes belly-up, will all those users have somewhere they can turn to?

The death of a Mastodon node is inconvenient, but not identity-ending (especially if one uses static indirection to link your abstract Mastodon ID to a concrete instance).

> The death of a Mastodon node is inconvenient, but not identity-ending (especially if one uses static indirection to link your abstract Mastodon ID to a concrete instance).

Can you tell me more about that? If you just redirect webfinger requests, don't you still lose everything if your current instance disappears or you move to a new instance?

I would also like to hear more about this. AFAIK there's no way to keep your ActivityPub identity if you (or the instance owner) loses access to the domain it's hosted on.

It's more complex and depends on what you consider your identity.

Webfinger redirects control what people look you up by.

The domain of the URL of the actor webfinger resolved to defines how clients access your profile.

They are usually the same domain, but don't need to be. Effectively your webfinger address functions as an alias (and you redirect multiple URLs to the same actor)

Follows follow the actor, so your webfinger may break and follow relationships will continue.

If the actor url becomes unavailable, however, your profile is inaccessible whether or not you redirect the webfinger.

To get Bluesky like portability we'd need either for that actor url to be possible to point to a DID or other means of decentralized lookup mechanism, and/or for servers to store the webfinger handle and recheck that regularly, and a way for clients to control a key that can be used to sign claims to say "this new instance key is also mine".

It's very much doable, but not done, nor is there consensus about exactly how.

Best current option if you don't want to host your own instance is to control your webfinger domain; if your instance goes without warning so you can't use the normal migration, you'd still need to manually get people to follow you again, but at least you can point them to the same id.

The complexity of your answer illustrates my frustration. Identities should be URIs (a la IndieWeb).

IMO WebFinger was a bad idea for ActivityPub in the first place (and it's not in the spec). It makes it a lot more hacky to statically host your profile, and the indirection is confusing. As far as I know the presupposition that users would find URIs as IDs confusing is just an assumption that was made early on.

> To get Bluesky like portability we'd need either for that actor url to be possible to point to a DID or other means of decentralized lookup mechanism, and/or for servers to store the webfinger handle and recheck that regularly, and a way for clients to control a key that can be used to sign claims to say "this new instance key is also mine".

Or just eschew this complexity entirely and use URIs as IDs. Make permanent personal domains much easier to buy and use.

> Identities should be URIs (a la IndieWeb). IMO WebFinger was a bad idea for ActivityPub in the first place (and it's not in the spec).

ActivityPub only deals with URIs. Including in Mastodon. Mastodon then layers WebFinger on top, but you can still give Mastodon the actor URI and it works just fine, and all underlying interactions use the actor URIs. E.g. follows are between actors by URI, not between webfinger IDs. If you want to pretend Webfinger isn't involved, you can choose to do so.

> It makes it a lot more hacky to statically host your profile, and the indirection is confusing. As far as I know the presupposition that users would find URIs as IDs confusing is just an assumption that was made early on.

I wish WebFinger specified a URI format that made it possible to do fully statically without breaking the spec -, but the minimal "implementation" using an otherwise static file takes a URL rewrite with a single small regexp. It's not an issue for anyone who understands what's going on well enough to need/want to decouple their webfinger response from their ActivityPub actor. If you just want to point at an instance you can just do a static redirect.

However, that is mostly orthogonal to the portability issue.

> Or just eschew this complexity entirely and use URIs as IDs. Make permanent personal domains much easier to buy and use.

Then you've traded one kind of complexity that provides decentralization as an option, for a massively larger complexity problem that involves navigating a lot of government bodies, a highly self-interested bureaucracy, and a number of major multinational companies. I co-founded the company that launched ".name" - the bureaucracy may have tapered off a bit, but it's still a nightmare. Reforming that space in any kind of meaningful way that wouldn't leave your identity beholden to an intersection of centralized government and corporate interests in not likely to happen anytime over the next decade or three.

The portability matters to some of us. It just doesn't require ditching ActivityPub. And it doesn't require all that much complexity - all it requires is to allow DIDs to be used as an alternative means to identify or update the actor URL in a relationship. You can keep backwards compatibility by allowing resolved actor URLs to keep working, and just add a signed reference to the DID in the profile and the webfinger response. Then clients and servers that supports it can use the DIDs to allow discovering a moved profile, while clients and servers that don't support it will behave just as before (work as long as the actor URL works; fail if it stops working without a preceding move).

Because of federation, it's even fairly trivial to sort out a simple DID method that needs no central authority: Spread the DID document to all the instances you have followers on, and allow rediscovery by pinging those servers from a new instance with a request to use the keys to validate an updated DID document at a provided new instance. Let every instance act as a first resort to bootstrap recovery, and every instance you interact with act as fallbacks to help you recover control, as long as your clients keep backups of the relevant private keys.

And if you include those DID references in the profile as well, then just as now you can choose to ignore webfinger if you prefer.

Yes, this will take time to get right, but some variant of proper portability is just a question of time.

You lose your history, but that's the same story as every situation where someone else is hosting your content ("there is no cloud, there's just someone else's computer"). But once you set up on a new instance, you can redirect your webfinger and everyone following that will know where to find you.

It's a good point, though not one I'd really considered because I never consider microblogging to be anything but ephemeral data (note the lack of a robust search solution also; this is not a place to chisel the words for which countless generations will remember you).

I'd love to see the ability to import a timeline. Sadly, that's not a feature of Mastodon right now AFAIK (though an admin handed a SQL dump and relevant image blobs could probably merge it into their node, but it'd be a hassle).

The other key thing you lose is your identity. In the fediverse, your identity is your Webfinger handle, ie @user@server.com. Your server is literally part of it. Sure, you can migrate to @user@newserver.com, and keep the username part, but your identity still changes.

Truly portable identity via DIDs, ie you can keep your underlying identity even if you migrate servers, is one of the key reasons the Bluesky team made their own protocol. https://atproto.com/guides/faq#why-not-use-activitypub

The webfinger handle does not need to be on the same domain/hostname as the Mastodon server. E.g. not on completely different domains, but for Mastodon it makes no difference, but my personal Mastodon install is on m.galaxybound.com but my webfinger handle is on galaxybound.com.

And there was no need to make a new protocol for a portable identity - a change to ActivityPub to support did's as actor urns would be sufficient, and would also open the door to unilateral account migration fairly easily.

This is my big problem with Bluesky - all of their gripes about ActivityPub would be easily solved in ways that'd make interop a temporary problem of getting people to buy into protocol tweaks, instead of inventing something from scratch.

Their claim that it's not easily possible to retrofit e.g. did's and signed repositories onto ActivityPub makes me question whether they understand ActivityPub at all, because there's nothing about it that would be problematic. E.g. objects are already signed - their mechanism for migration would require some changes to the signing mechanism to allow users to make a unilateral assertion that the key on their new instance belongs to them, but not much more. DID's is down to how ActivityPub clients and servers resolve URLs, nothing more.

You wouldn't even need everyone to buy into these changes - the worst case would be lack of federation w/instances that fail to support it - in other words no worse than starting your own network.

Even then it'd be possible to maintain fairly broad interop by announcing the did's in ways that'd allow also specifying resolvable urls to a proxy.

So, the thing that made Mastodon click for me was when I reminded myself social media doesn't matter. That's really the whole point of this stuff to me. Twitter's long failure began when people were convinced they should make it more important in their lives than it ever deserved to be. When the daily news started to earnestly read nonsense like "X tweeted in response …" for minutes on end, or when the RCMP used Twitter to communicate important public safety information, I felt it in my bones (though I might not have understood exactly why): this was wrong.

I set my Mastodon posts to auto-delete after 6 months so I don't care if I lose them, and I made sure to have some "me" links in the appropriate places pointing at my profile. Even if I were to lose that paper trail from doing proper account migrations, it's pretty easy to say which profile is mine. And if I lose followers, so be it. I'll follow people when I remember who they are. I'll make new posts. If I don't, that's fine. Life happens.

You can indirect webfingers, so @you@site-you-own points to @you@someone-else-owns-this-server.

It's not ideal because there isn't a reverse link; if someone-else-owns-this-server dies, people who were following you on it will see you evaporate. But you can edit @you@site-you-own to point to @you@your-new-site so that at least people holding your ur-name can find you.

But unfortunately, there are few better solutions when someone else owns the data. One nice thing about the Fediverse is you can ameliorate most of this by setting up your own server (though I won't pretend that's going to be the solution that replaces everyone using Twitter; I maintain my own server and it is the same pain in the ass that self-hosting has always been).

The better solution is for implementations like Mastodon and Lemmy to let users bring their own custom domains, and have robust data export APIs. Then even if your home instance disappears overnight you can migrate to a different instance.

Thanks, I appreciate the additional detail!

I just looked into this (I didn't know it was possible!), and like much of the Fediverse, it seems more complicated than necessary:

Why do I need to run a webserver for this redirection? I don't have one; my TLD is essentially for email only.

AT proto lets me achieve the same goal using just a TXT DNS record.

There are not many people on this planet that would consider messing with DNS records less complicated than running their own webserver.

Was the death of MySpace identity-ending? Or bebo or Orkut or pownce or friendfeed or any other service? Users will move on regardless, and it won't be identity-ending.

I played around with the api and it is one of the most easiest apis I have seen. Very good for hobby projects as well as advanced usage

The Fediverse “is complicated” only because it has been designated as such by countless bullshit media online posts, when Mastodon started to boom after the Twitter/Musk episode.

At some point, if people/users are able to understand the concept of emails, emails accounts and emails providers, they are able to understand the Fediverse that’s all.

> _I think this is the most important factor that Fediverse (and Mastodon) got wrong._ The Fediverse got nothing wrong or did nothing wrong, it was just portrayed as complicated, by some fing community manager of I don’t know which fing bulls*t company that must have been pissed/worried that all his job had to be redone on another service.

I’ll go farther: for most users being distributed is actually worse.

They don’t care about copyleft or “information wants to be free”. They want a feed that isn’t full of Nazis and that all their friends post on

They don’t want to think about platforms, peering, distribution, server mutes, or any of that faff.

Personally, I haven't really seen any "Nazis" on Twitter that I keep hearing about (though that probably depends on the definition), I'm just excited about Bluesky because it has an open API that's not controlled by one dumb guy who can shut down whole businesses like Tapbots with a flip of a switch or decide that $100 per month is a fair price for "hobbyists" to use it... but I guess I'm probably an outlier.

That's surprising. Before I left twitter I had probably came across more than ten accounts that were openly white supremacist or explicitly calling for the extermination of the Jewish race

There a tons of truly vile fediverse instances.

But fediverse isn't run by one man that personally uses his position to push those opinions.

.. and I as a mastodon server admin can just unilaterally block them at the behest and for the benefit of my users.

Yes which is a feature of the fediverse, not a bug.

If the admin blocks an instance it's either a community you as a user won't want to be interacting with, or the user has chosen the wrong instance for them to be on.

I don't know why people say that every instance not federating with every other is a bad thing. It's not. I definitely don't want to interact with the extreme right instances around so I choose one that I feel at home with and that has them all blocked. I think that's the beauty of the system.

No, it's a bug, not feature. Those content should not flow into your timeline if your friends are all nice and vile accounts are banned on your instance. The fact that instance owners not just can, nor just do, but HAVE TO block a bunch of demonized instances as a checkbox obligation and compromise and virtue signaling is a bug.

How my community wants to operate is not beholden to your standards if my instance wants to block the stormfront mastodon instance it's going to and nothing you say is going to make anyone on my instance change their minds about that.

I have not seen any evidence of any major instance ban another instance because it refuses to ban yet another instance. There would be no reason for that. Messages from the controversial instance still won't make it to the instance that demands the 'virtual signaling' even through my instance.. unless some user on my instance essentailly quotes whole posts.

I think the difference is that moderation is easier on the fediverse (as well as on Bluesky). If you want that vile content you kind of have to either be in that circle your self, or you have to explicitly look for it. On Bluesky there are popular mute and blocklists, hateful accounts get mass blocked, and engagements around hateful content is diminished (not proliferated like on Twitter). The Fediverse is even more so, where whole servers are mass blocked by because hateful content is allowed to fester.

Someone has to do it though. A default federate-everything install will, well, federate everything.

Sort of. Somebody still has to follow the other or find a post from outside their server and comment on it before any communication takes place. How likely that is depends on who's on your server.

If you're hosting people who already have a large audience, or are especially vulnerable to harassment, that's probably going to happen sooner or later and it would be wise to craft or copy a denylist before it does.

I run my own Mastodon server and I've never had to take any moderation actions with a few hundred followers. I know the names of a few vile servers and can't recall seeing them among my followers. I suspect I'm fortunate in just not being interesting enough to vile people.

True, but apart from moderation, the engagement driven algorithm on Twitter also does a ton to proliferate vile content. On the federated platform the algorithms tend to be simply chronological and limit the content to account you explicitly follow. Meaning there is way less exposure to undesired content. One of your follows must be the one to repost it (which may warrant an unfollow or mute, etc.) or you must opt into an algorithm that gives you unwanted content (which you may then simply swap out for a better one).

I didn’t understand why people kept saying there were so many nazis on Twitter. I thought that maybe people had less tolerance for spicy replies and such.

Then Elon turned off the app access and I had to use the official app. There they were! White supremacists, algorithmically injected straight into my feed.

On the Icelandic twitter, Nazis—or at the very least extremely and explicitly xenophobic rhetoric—has been getting more and more prominent. There was a time where you could look past it for the most part, but currently every time I go on Twitter I’ll spot a very hateful comment or two.

It may be that most of my circle has migrated over to Bluesky and the only people left on Icelandic twitter are either public figures or nazis. So the nazi content is just a greater proportion of the diminished Icelandic content. Or that nazis feel empowered inside the current Twitter atmosphere, which honestly is very scary to think of. I tend to think that the reason is a mix of both.

How does Iceland end up with Nazis? Isnt Polish your largest non-native ethnicity? Don’t think they were exactly fans, by and large.

Meh. Users have no issue picking an email provider. They can pay with money (eg proton) or with their data (Google, Hotmail), champion their local identity (think gmx.de) and they manage to pick the one that works for them. Why should Mastodon's diversity be an additional burden?

In fact a lot of people are now on Mastodon because they picked Instagram. Soon another platform may follow suit and federate. I'm sure users will understand pretty quickly that they can communicate cross platform just like a Gmail user can mail a Hotmail one.

It's really not that hard to grok.

If being distributed means the API is more easily accessed than other apps', it can contribute to its success by facilitating excellent third-party clients that users love.

I thought Bluesky was way more complicated to setup than Mastodon. It's a different concept and it's just like Twitter.

I still prefer Mastodon over all the extra features it has and it runs on ActivityPub. Bluesky is reinventing the wheel with a protocol only used by them. They could've built ontop of ActivityPub.

Which so far they've accomplished by not being decentralized at all, which is of course convenient.

shouldn't Metcalfe's law apply here?

Metcalfe's Law is fake BTW. There's no one answer to these questions because some people want to be part of a tight-knit community and other people want to be part of a global network.

I'm curious whether their long closed Beta helped them or harmed them. Their invite-only beta lasted 1yr, from feb 2023 to today.

My sense is that the "exclusivity" style launch that Facebook and Gmail used successfully is pretty much played out and ineffective now. All it does is kill broad interest in your platform right when a deluge of users into your new social network is most needed and valuable.

My sense was Bluesky should have done a quick semi-open beta of no more than 3-months just as a last bug and scalability test, and then opened to the public. Make it invite-only, but distribute invites liberally, make sure anyone who wants one has one. Interest then was higher, other options were still in development or early stages. Every month of delay was a month people could find other alternatives, and they delayed a year.

Then again I haven't been following it that closely. Any HN'ers that have been following it closely since last year have an opinion on this?

>Every month of delay was a month people could find other alternatives

I always find it weird when people apply the product logic to what is an ecosystem / network / protocol. If BlueSky, mastodon or any other combination of open systems succeeds it's going to be like Linux. Slowly eating proprietary systems inside out, simultaneously while the old stuff keeps being around.

Inherent to the entire logic of decentralization is that people switching to alternatives is not bad. That there's bridges between loosely coupled networks. If people treat BlueSky just like 'an app' that needs to be timed like an iphone launch that suggests people are missing what the alternative to closed platforms is about.

There are multiple decentralized chat networks all competing for users - Bluesky, Mastodon, Nostr, Farcaster, and a handful of others I'm blanking on atm. Afaik they're not cross compatible, so once a user base gets established on one they likely won't move to another or cross-post much or at all. That's why the timing matters/ed.

In my opinion, a mistake may have been not allowing public posts for so long.

They could have stayed invite-only, and yet allowed posts being public. This would have allowed people to at least use it as a publishing platform, while the scaling was figured out. This was done a few months ago, but it seems to me it would have been beneficial to do it sooner.

BTW, I believe they had >550k signups yesterday. So all is far from lost.

https://bsky.app/profile/jay.bsky.team/post/3kktadxl4tv2g

IMO the point of Bluesky is to be decentralized so all the users they acquire before decentralizing don't count.

It gave Zuck more time to build Threads

Bluesky seems to operate pretty well with 3M+ users and 140M posts [0], but I'm fascinated to learn how the decentralized systems would scale if even just the Bluesky reaches within an order of magnitude of Twitter's scale (~500M tweets per day). Or from a behavioral perspective, what kind of ecosystem will evolve when the API has (afaik) no gatekeeping. The fact that anyone can see any other user's blocklist (both who they're blocking AND who's blocking them) probably has had at least a slight effect on interactions.

[0] https://bsky.jazco.dev/stats

Minor heads up for that site admin, typo of posters at the bottom:

> Top 25 Poasters

That may not be a typo.

I am still tremendously bullish on AT, as well as BlueSky. I think AT solves a lot of problems that have plagued federated systems, and I think BlueSky’s focus on product concerns first and technical concerns second, while somehow still nailing the tech, is the right way to go.

I definitely find the AT folks to be the most pragmatic when compared to ActivityPub and nostr. The best example IMO is how neither of them have a realistic identity migration story. ActivityPub implementations need to support bringing your own domain to any Mastodon/Lemmy/etc server. As for nostr, PKI has yet to prove that it can provide a viable UX for identity management.

I'm still fairly optimistic about ActivityPub since a lot of the problems there are in theory solvable, but we'll see.

Mastodon is my primary social network for two reasons:

* it has by far the highest-quality conversations I've ever seen

* no right-wing freaks disparaging trans people in the replies to everything

ActivityPub does have a migration story -- people move servers all the time. But it's not as good as it could be, and there are rough edges.

> ActivityPub does have a migration story -- people move servers all the time

Correct me if I'm wrong (and in this case I would love to be), but you can migrate your account to a new server, but you have to create a new identity (ie profile URI) on that server. This would be fairly easily solved by servers allowing users to bring their own domain names. In the age of Let's Encrypt it's much easier to manage certs for many domains. They've known about this for 6+ years[0]. The fact it's not a high priority is concerning.

[0]: https://github.com/mastodon/mastodon/issues/2668

Yes, that's the biggest rough edge -- it's not portable (and that was the promise of Bluesky).

Unfortunately that's not a rough edge for me. It's a deal breaker. Especially in the scenario where your instance disappears overnight without helping users migrate.

Fortunately this isn't an inherent limitation of ActivityPub, and I'm hopeful we'll see implementations with better custom domain support in the future.

Overnight disappearance is bad, yes. Whether normal migration a deal breaker is personal of course. Having a slightly different attitude to your account helps. Don't get too attached to your identity and the archive of toots that builds up. The quality interactions are what make the Fediverse most enjoyable (imho), and those come along fine in a migration of followers/following. And people hitting your old profile, will see the redirection to your new location.

> trans people in the replies to everything

Oh thank god I'm not crazy and not the only one. I genuinely don't understand what either broke these people or what propaganda/troll bot network is responsible but the replies randomly ranting about trans people in threads that neither involve an actual trans person in the conversation nor are about anything even remotely related to lgbt issues is baffling.

Years back someone on a podcast said “once someone tweets about trans people they will never tweet normal again” and it’s a social phenomenon I can’t explain but keeps proving itself.

Ah, good ol' Riley's law

Elon promoting far-right conspiracy theories has been pretty instrumental. Even just six months ago it wasn't nearly as bad on Twitter.

Where in Mastodon are you finding those high quality conversations? Most of what I see is leftist ragebait.

On Mastodon I only have to block half of the obnoxious people.

> * no right-wing freaks disparaging trans people in the replies to everything

I mean, they most certainly are on the Fediverse/Mastodon, but they are also almost certainly not federated with your instance.

Absolutely! I know for a fact that there's a whole network of instances that are in mutual bans with the network around mine, so I don't get to see them and they don't get to see me. It's lovely!

In this case the technical concerns are also ecosystem concerns:

BlueSky’s protocol depends on large scale indexers or relays which index the data from the PDSs and transform the nominal decentral streams into a firehose. That firehose then get’s labeled and filtered – and those services again must be somewhat Twitter-scale just to survive that firehose.

Now there seem to be alternative relays (and alternative labelers/filterers), but my concern is less with the man in the middle but the needed scale for the man-in-the-middle.

I think because of this need for scale inherent in the protocol there will only be very few of them, only by very well capitalised companies. If Twitter is a monopol, an AT protocol network will be an oligopoly, possibly a cartel.

I’m astonished that so many technologists who grew up in the more indie 90s and 2000s, in the time of the blogosphere, of individual servers, loosely joined via protocols, don’t seem to see that – or don’t seem to care.

When it comes to federation, you really need to focus on the technical concerns first...

I think that's a narrow perspective. When Twitter was sabotaged, lots of people made noise about moving to Mastodon - but even with all that momentum, the adoption was less than lukewarm. The issues were not technical, but of usability. The average person is less than interested in the inner workings of a thing, what make a service "better" in their eyes is how easy it is to use. Federated social media is not it.

I wonder how much of the narrative about Mastodon adoption (or the lack thereof) was that professional content creators didn't know how to adapt their Twitter workflows to it. It's definitely retained a mostly non-commercial flair, which makes me think people have had a hard time monetizing it.

The community I've found on Mastodon has been incredible—I'm reminded of early Usenet days.

Which Mastodon instance are you on?

I'm on Hachyderm. I'm sure instance choice makes a difference in one's experience.

Yes it does. That's why the instance choice isn't a burden but such a huge strength.

If we could choose Twitter instances everyone who cared would have simply switched to the one without Elon and there would have been no problem.

I think what matters even more to most people is not even how easy it is to use, but who else is using it.

These two things are connected: if something is easier to use, it is more likely that the others you want using the thing are going to be on there. Doesn't mean they will be, of course.

Twitter was sabotaged?

Yes, someone threw a billionaire of mass destruction into it.

where are you observing this?

Biggest things I noticed (and why I hardly use it anymore):

- Tweets from a lot of the people I really cared about dried up as people left

- Discourse in replies became noticeably worse as low-quality replies were brought to the top because the poster had paid for “verification”, when most of these posts would probably have been (and rightly so) under the ‘more replies’ section before due to how low-quality they were.

> - Long form messages.

Launched for testing in June 2022 4 months before Musk was forced to honour his offer to buy Twitter. I don't think you can claim it as a "new feature" under his leadership.

> - Community Notes (huge feature).

Twitter’s Community Notes may sound nice in theory, but with the current botched implementation it’s just another vector to spread misinformation, now labeled as “context” and made harder to disregard.

Of course, Birdwatch existed since before Musk, so I don’t blame him for inventing it, only for pushing ahead with it.

What Musk could’ve done is apply the same algorithm (that Twitter now uses to choose which community note to show) to sorting replies. Of course, that would defeat the point of blueticks paying 8 bucks to get on top of replies, and Musk wouldn’t be able to keep the lights on now that the big advertisers left.

Idk. Community Notes, in my observation, is amazing in both theory and practice.

Just yesterday I get a notification of a tweet I "liked" getting community-noted. I checked it, and found the original tweet was inaccurate.

I've seen some notes I don't agree with, and I simply vote accordingly.

Twitter never had such a widespread feature before where users had the power to fact-check others, even Elon Musk and Joe Biden themselves.

Here is a tweet for which “context” said it was showing a beating by Taiwanese police. It happened right before elections in Taiwan this year.

https://twitter.com/MOSSADil/status/1745921315498811752

The original note (see screenshot at https://www.taiwannews.com.tw/en/news/5080048) was up for a while as trending tweet gathered 1-2 million views by users worldwide who saw “context” and were trained to assume it’s the truth (it’s context, after all; it’s the meta above the facts).

Since the algorithm for which note to show is more or less a popularity contest, whoever has the most bots wins, and it took a while until people managed to correct the note. But of course the way Twitter notes work, there is no evidence of this controversy and attempted misinformation, or how many people exactly saw the false “context”.

How many notes like that can you honestly estimate you have seen and just automatically believed? For me, the answer is “no idea”. (Note that if the note agreed with your preexisting opinion it doesn’t make it true.)

No average person fact-checks context. You did not answer my question; did you trust these community notes before? Do you know how many were false without you realizing? Especially if you agreed with them?

People could continually fact check tweets without false notes masquerading as “context”, that is why I said Twitter could just use the same algorithm for sorting replies in the first place.

Community notes are not more trustworthy than tweets, but they are painted to be. This makes them a valuable target for misinformation campaigns.

You are digging the hole deeper. If they are “just notes” then they should not be called “context” and be just tweets.

Galactic brain: use your “AI” to prioritize tweets with evidence.

> You can't just go crazy and doing some community note disinformation campaign all over the place

You know, I literally just showed how it’s done.

Oh I sure did. Just testing the waters and seeing what facts people have to share. Apparently I'm an "elon-simp", lol.

Right, which is why the separation here is important. The user-facing app can focus on product concerns, the protocol it's built on top of can focus on technical concerns. The two can then feed back into each other in a virtuous cycle.

They absolutely did, which is why the project was started sometime in 2021 I think, and they only got to where they are now...

Why? I don’t mean this as a dig against the tech, since I’m not familiar with it, or with BlueSky, but where and why is there demand for a new social media product? I’ve certainly come to view social media as so close to useless that I don’t use it, and it seemed to me that e.g. Twitter becoming X or Reddit blackouts were impetuses that people eventually were thankful for as they left the platforms.

Twitter is among the top three websites that has organized my life over the past fifteen years or so. It's now totally collapsed.

I like having a place to post little things. I like keeping up with other people posting little things.

It isn't Twitter, but we don't have Twitter anymore, so. Just kinda giving things a go. I don't think we really can have "twitter" anymore, those days are past.

But yeah, that's just BlueSky. AT isn't geared towards a specific thing, like it is not a social networking protocol. It's kind of like if RSS was Git, if I squint.

Twitter (X) is doing great and has added tons of new features.

What do you mean it's totally collapsed? I use it daily.

Virtually everyone I know left. That's the most important part of a social network. What's left is almost exclusively things I do not care about. Many of those new features contributed to its decline.

I can see how that would ruin the platform for you.

Doesn't mean it collapsed, but I get the point of your language now.

In the same vein, it doesn't mean it hasn't collapsed because you still use it.

No, but the statistics tip in the favor that it's doing better than ever.

X just rated #1 news iOS app in 163 countries.

"The statistics"

That's my argument, #1 news iOS app means nothing

Making social connections seems to be a hugely popular usecase for the internet. Even in its dial-up modem days the things I remember most are USENET and BBSes. People will continue to abandon and switch social media platforms, but I don't think that means they want fewer social media options.

Is there a good reason this is formatted like a scientific paper and submitted to arxiv besides "it makes this ad look more legit and innovative"?

Martin Kleppman is a technical advisor to Bluesky but his real job is as a researcher in distributed systems and security at the University of Cambridge. He also wrote Designing Data-Intensive Applications, which many of us on the team have been fans of for years.

Oh wow. Didn't realize that. I was a big fan of the big too when it launched.

That book is amazing, I recommend it to everyone.

Makes it easier for the academic community to engage with it (format they're used to, they can cite this, etc.)

historically these kinds of things are submitted to the RFC editor but I suppose the team had a good reason for doing it this way.

RFCs are used by IETF. I don’t think the Bluesky team is proposing an internet standard just yet. Nor should they - that’s not quite what the IETF is for.

Why not? The IETF defines many internet standards on the application layer. SMTP and IMAP for Email, XMPP for instant messaging, CalDAV for synchronization of calendars, ...

I had a chat with one of the IETF chairs about this a few years ago. He said the value the IETF provides is giving independent teams/companies a room to talk about how a protocol should work, so they can make their implementations compatible. If a protocol only has one vendor, the IETF doesn't add any value and isn't really interested.

If bluesky ends up getting implemented by multiple vendors, then the IETF might make sense. But its a bit early for that at this point.

I suspect the bluesky team might also be able to make big changes to the protocol in private for the time being, so they can iterate rapidly. Iterating on a protocol at the IETF would be way slower. The IETF usually takes years to publish big, complex protocols like this. Look how long it took http3 to work its way through the pipeline.

it's stated it may be a possibility here:

https://atproto.com/specs/atp#future-work

> Protocol Governance and Formal Standards Process: The current development focus is to demonstrate all the core protocol features via the reference implementation, including open federation. After that milestone, the intent is to stabilize the lower-level protocol and submit the specification for independent review and revision through a standards body such as the IETF or the W3C.

Ill pass, it's difficult to trust and give my time to something with Dorsey at the helm.

Coming from mastodon, Im also confused, does bluesky have servers like mastodon? Because honestly being able to join a server that is aligned with my personal beliefs and actively blocks harmful users and servers is really awesome.

Like I don't care about your freedom of speech, I really just want to be able to block trolls and fascists from my feed.

To add on what the sibling said, here's BlueSky's moderation report for last year: https://bsky.social/about/blog/01-16-2024-moderation-2023

The verge reported that about half of their 40 employees are on moderation and user support.

BlueSky absolutely gives you tools to block fascists. Including things like "I want to use this moderation list another user who I trust created so I don't even have to do the work myself."

Cool, thanks, I appreciate the information. Perhaps I will give it a go.

Dorsey isn't involved in Bluesky.

Bluesky has servers (PDSes) but they're nothing like Mastodon. You can curate a community on Bluesky by following people or using custom feeds.

It says on wikipedia that he sits on the board.

Bluesky is not decentralized. It requires a phone number to sign up and has a CEO. The only thing remotely decentralized about it is the ambition of federation.

If you want a decentralized social network, checkout nostr or mastadon. And of those two, only nostr is censorship resistant.

The AT protocol? Gonna start typing Hayes modem commands into this thing and see what happens.

Exactly! I know naming is hard, but there had to be a better choice here.

+++ ATH

I think we're just old... that's what came to mind for me, too.

I'm always contrasting this with Matrix in my head. E.g reading https://matrix.org/blog/2023/12/25/the-matrix-holiday-update...

A lot of sort of economics/approach stuff contrasts to mull over in the background.

I'd love to know what your line of thought is on this (from my pov as the author of that matrix blogpost).

For instance, we tried to propose Matrix as the basis of bluesky (hence https://matrix.org/blog/2020/12/18/introducing-cerulean/) - but obviously they went and built atproto instead. Meanwhile, both projects have effectively taken VC funding (Element, founded by the core Matrix team has raised from VCs - although Matrix itself is governed by the independent non-profit Matrix.org Foundation). I'm honestly entirely sure how they contrast together :D

TBH I'd be 100% more interested in Bluesky had they built it on Matrix since Matrix's decentralization makes a lot more sense to me and has more history behind it and battle-testing in real-world use cases like German government and military than AT.

Eh - they solve different problems. Bluesky is optimised to be able to aggregate likes across billions of tweets happening in a as-federated-as-possible way. That’s a hard technical problem. I don’t believe any existing federated solution can be “dropped in” to solve it. It’s tricky even in an entirely centralised system.

> Bluesky is optimised to be able to aggregate likes across billions of tweets

That might be part of the problem. It's self-evident why you need to do that if you're building Facebook or Twitter (a single platform where all the communication happens across a single graph), but that seems counter to how federation works (where everyone's social graph is different).

A few things:

- I think the revenue streams you all have from a Federated EU make an actually federated Matrix ecosystem much more likely :).

  - It's a pity that EU economic policy is so terrible, and constitutionally so. I bet Matrix's finances would be a in a much better position if European countries could run healthy deficits like the US does.

- AFIAK their excuse was that Matrix didn't have account migration. I wonder if Matrix having had that would have made them use it, or they were looking for an excuse for NiH anyways.

   - Conversely, now that they *do* have it, it does make Matrix at some point getting it a bit more important.

> their excuse was that Matrix didn't have account migration

Neither does BlueSky… or if they do “have” it, it’s never been used because there is still only one server.

You're not wrong but you're also not fully right: there has been a second instance that the devs have been using to test out the federation code. It's not yet open to the public because they are still working on the implementation. At the protocol level, it is very much there, but you are right to point out that the advantages haven't been fully realized just yet.

That makes sense. I guess I would just add that the users don’t know if it’s a good experience yet.

Maybe it sounds good on paper but in practice it amounts to a nothingburger and is essentially the same as manually moving instances in the fediverse.

It is very different than manually moving instances in the Fediverse, in my understanding. For one, it's totally transparent to the people that are following. All of your data comes with you. You don't lose your posts, your followers don't lose following you. I know Mastodon has at least recently gained account portability to some degree, but https://docs.joinmastodon.org/user/moving/ has some serious drawbacks that aren't present in the AT model.

In general, it seems like ActivityPub is terrible, and all the mastodon people are deluded or worse about its technical merits.

Activitypub is the federation equivalent of an at-home 3d printer. It’s easy enough to understand how it works and do stuff with it. And very hackable. Bluesky is trying to be more like Firefox: it’s much more complex and built by experts to be well optimised for the problem it’s solving. But it’s much harder for lay people to understand how it works internally.

I feel like that is extremely uncharitable but you are entitled to your opinion.

Well, you are more public persona than I, so you have to be more diplomatic :)

Transparent account migration is one of the most interesting parts of AT to me, as a user, so I for one am glad they went their own way.

That said I don't really know Matrix at the protocol level, so I can't really speak to it, but just based off of what you said.

So Matrix also has account portability (almost) - https://github.com/matrix-org/matrix-spec-proposals/blob/keg... and https://github.com/devonh/matrix-spec-proposals/blob/cryptoI..., implemented in Dendrite. Unfortunately dev is paused on it currently thanks to lack of $ though.

The AP approach (prioritising portable identities over portable account data) is cute though, and perhaps we should have prioritised that as an alternative to fullblown cryptographic IDs & account portability.

Thanks for the context! I use Matrix daily, so I am interested in these details, I just haven't found the time to dig into things yet.

The ideal situation is that BlueSky and Matrix (/Element, let's be real) are giving hoards of money and are dancing around each other in a daring game of adversarial interop.

I want a Cold War-scale federation competition, dammit! :)

I would love both BlueSky & Matrix (and/or Element) to be given hoards of money and for us to race each other to the best federation imaginable (and then bridge it all together and live happily ever after)

To be clear, strong account portability predates Bluesky by ~5 years. Peergos[0], as reviewed by Jay before Bluesky Inc was created, has had this for years:

https://book.peergos.org/features/migration.html

So they didn't actually need to go their own way.

[0] https://github.com/peergos/peergos

I've tried to love Matrix multiple times in the past 8 years or so. Sadly my current feeling is that the spec is simply too complicated to build reliable and performant systems on. Hopefully that feeling changes at some point. I really want it to be good.

i’d have been in danger of agreeing a year ago, but thankfully we proved otherwise with Element X: https://element.io/labs/element-x. Bit embarassing that we didn’t get there sooner, but human fallibility and all that.

There is a good analysis here: https://neuromatch.social/@jonny/111885148573895886

This analysis is incredibly incorrect. Relays are not fixed. There can be as many relays as anybody wants to run. There are backlinks. There are ways to dereference a PDS from a username.

I don't think it is contradicting the first part, but I was wondering about the second part since it is based on DIDs. I think it adds some important notes past that.

I have been poking around bluesky and atproto as nothing more than an interested developer since around May 2023. I certainly don't know everything, but I've exercised most aspects of the protocol by now (firehose, custom feeds, sandbox federation, etc).

If you've always wondered something about this platform/protocol and want the opinion of a non-team member, ask away.

is there anything particularly compelling about it compared to a centralized platform? honestly still just waiting for the android app to not have terrible startup time and for there to be anybody on it

So, there's two things: AT, and BlueSky.

BlueSky feels like a centralized platform, which is (IMHO) important for user experience. Especially as a new user. But it's got the underlying tech of a distributed one, which means cool things. For example, I can run my own "algorithms" (in the sense that lay people talk about "the twitter algorithm" or "the facebook algorithm") or use ones that others have made, easily. There's a lot of interesting things technical users can do, and it's designed in such a way that non-technical users can take advantage of those things.

As a practical example of this, someone I follow posted a link to various algorithms they like: https://bsky.app/profile/why.bsky.team/post/3kkre625bse23

To use this, I just click through, and then "pin to home." it becomes a regular tab that I can view my feed through, just like the default ones. The "Quiet posters" algorithm here is one I'm actually interested in: I have often said one issue with the default algorithm is that I feel like I miss people who aren't actively posting when I happen to actively load up BlueSky. Now I can just check in on this feed and see those posts! What's going on here is very technically interesting, but as a user, I don't need to worry about any of that.

AT is what enables this, but is also broader than "short text posts." I am interested by future possibilities for AT, but that's more of a vision than something concrete today.

happy to answer any questions people might have about custom feeds, the post linked above is me

> is there anything particularly compelling about it compared to a centralized platform?

As a user? I'd say custom feeds. You can create alternative feeds using whatever algorithm you want that users can subscribe to in a way that is very smooth and user friendly. Third party alternatives have the feel of first party features.

As a developer? The protocol is "locked open," as it were. I feel confident building on it. It feels more like building for the web than within a walled garden. Bluesky could have made things easier for themselves by making certain aspects centralized, but they didn't compromise.

> honestly still just waiting for the android app to not have terrible startup time and for there to be anybody on it

There is a alternative client (https://graysky.app/) that you may have better luck with. Same deal as with custom feeds. They are not territorial about the existence of alternatives. The Graysky dev (@mozzius.dev) and the Bluesky social-app devs are very friendly with each other and share development techniques all the time.

Also, the official app has a Github repo (https://github.com/bluesky-social/social-app) that accepts issues and PRs. I opened an issue recently as some icons were wrong in a particular location. Some non-team affiliated developer created a fix, opened a PR, and the core team merged it in and deployed it a few days later. That was pretty cool.

On the Bluesky community:

The community is interesting and while it definitely has a tech-y bias, it's a lot less Liberachat adjacent than big Fediverse instances are, so you get people in other niches using it. The community is still a lot smaller than Twitter though, which lends itself to feeling like a community more than being part of The Conversation that I presume Twitter goes for. The UX is very similar to Twitter. For me, my hobbies just aren't that well represented on Bluesky yet, but I like how nice the community feels. Just my impressions.

When you're developing as a third party can you interface with their protocol while also generating your own public/private keypairs?

"Kinda" and "Soon", the soon part is that interactions with the site are signed by a key thats usually held for you by your PDS (Personal Data Server), this month we are opening things up more so you can run your own PDS, and thus use your own keys.

The Kinda part is that your identity by default is backed by a DID that delegates authority to specific keypairs. The keypair that your PDS uses to sign is included in there automatically, but on account creation you can currently set a backup keypair that allows you to manually sign identity operations.

I realize this may already be on the roadmap for after open federation, but I would love some sort of "bluesky for the truly paranoid (affectionate)" guide that explained soup to nuts how to participate in the network by running your own PDS and using did:web for identity. An answer to the question: I don't trust plc.directory for my identity and I don't trust the bsky.social PDS to host my data but I want to participate — how do I do that?

I have probably the least understanding of how this part of the protocol operates. Part of that has to do with the new (to me) concepts and the rest is open federation not being in place. I think something like this would be really useful and would prove your bonafides to others that Bluesky PBC is serious about being billionaire-proof.

Congrats on opening up registration!

The most straightforward way to fully use the network without trusting us at all would be to have your identity backed by a did:web, and run your own PDS. From there your posts will be indexed by our appView and you can see them in the app. If you still don't trust our AppView to show you the right thing, you can definitely run your own (its a little hefty and requires indexing the whole network). Beyond that, if you don't trust our relay to feed your AppView, you can run your own and have it scrape all the PDSs (the endpoints for this are open on each individual PDS). At that point the app experience for you should be roughly equivalent (depending on how you choose to apply moderation actions) without using any of our infrastructure. You would still be able to interact with everyone, all your followers can still see your posts, and no normal users would notice you werent on the same servers as them.

Love it. A "choose your own adventure" depending on how much you distrust Bluesky PBC :)

My only feedback would be: I'd love to read a real deep dive on just bringing in your own did:web and using a custom PDS. The DIY AppView and/or Relay is super interesting, but that more straightforward concept of "you own your identity and you own your data" is such a powerful hook that I'd love to be able to share something straight from the docs.bsky.app domain on how to do it.

This would be very cool. Thank you to the team for exploring in this direction.

What cryptographic primitives are supported?