fiatjaf's avatar
fiatjaf _@fiatjaf.com 10 months ago
I didn't say anything about "not kind:1", so you're addressing the wrong question. Anyway, you do pose interesting points, but let me say some things: I thought it would be clear from my article above that I have two major concerns: their identity system is fully centralized and ran by the Bluesky company and their BGS is ran by a single company, which can control everything and perform any form of censorship, shadow-banning, limit who can join and so on. If some other app is running their own BGS then fine, that won't be taken down, but interoperability becomes a very distant goal at this point. These will always and forever be just two independent apps -- in fact even if they're using the same BGS that is true if they're using completely independent schemas. Maybe that's a feature, I don't know, but you don't need a protocol for that, you just need people making their own apps with their own servers like it already happened in the internet before. This is not to mention the fact that each of these apps runs their own server (the distinction between AppView and BGS doesn't matter much) and will not work if that specific developer decides to shut it down, and that developer can decide to censor, kick people out, do anything they want, as always, and there is no alternative besides someone else creating a new instance and trying to compete (again, this is not different from normal "web2" apps competing with each other -- and we know once one gets big enough network effect their power becomes absurd and competition becomes absurdly hard). If we assume this is all good -- and sure it does look like an improvement over the previous state of the internet, albeit a very small one -- we must address the fact that the only good thing they're bringing is the portable identity. This part is the most egregious, because their "decentralized interoperable identity" is just one server that the Bluesky company hosts. How can that be defended?
↑ Parent

Replies (2)

daniele's avatar
daniele _@dtonon.com 10 months ago
> this is not different from normal "web2" apps competing with each other > the only good thing they're bringing is the portable identity I agree.
Repeatedly nuked profile's avatar
Repeatedly nuked profile 10 months ago
>This part is the most egregious, because their "decentralized interoperable identity" is just one server that the Bluesky company hosts. How can that be defended? Where is that coming from? Yeah if you sign up on BlueSky's host and never claim your identity then sure, it's on their server. But you can claim it anytime. Their whole philosophy is let the user claim control when they're ready, and in steps. A user can rely on did:web alone for their ATProtocol identity and not use did:plc at all. You end up with a did.json file that conforms to the DID spec w your public keys, your handle (e.g. fiatjaf.com), and service endpoints like your PDS URL, and that did.json file lives NIP-05 style in location on https://yourdomain.com/.well-known/did.json. I get that many people won't claim their identity, but you can claim it anytime. Even if you set up just your web handle (as many users there have done), that's enough to be able to take did:web adversarially later. Once you claim did:web you are fully in control of your identity on the protocol. If you're talking about did:plc then yes directory operated by BlueSky, though they've announced that's moving out, and my point is that (a) let's wait and see if does move out and where it goes and (b) you don't even need did:plc if you've set up did:web.
1 replies ↓