1. 20
    1. 21

      I agree it is a scam—slightly strong language but hear me out.

      Especially the issue with the protocol is important, if your protocol is open source and decentralized then a “private beta” period makes so sense. That alone puts the lie to their advertising.

      If they advertised themselves they could make a case for the non-decentralized ID services and limited access are a good thing. For example Signal has done just that. Their protocol is open source and anybody could implement it but they don’t make any pretense of federating with services or even allowing 3rd party apps on their service. Right or wrong, they justify it with the ability to move quickly and fix things without breaking everybody else. Whether you buy that at not at least they have been up front about why they are not distributed.

      Bluesky is a scam because their marketing uses words to gain attention while behind the scenes their fundamental business and development model is a different gig.

      1. 11

        Especially the issue with the protocol is important, if your protocol is open source and decentralized then a “private beta” period makes no sense. That alone puts the lie to their advertising.

        Counterpoint: Jonathon Blow’s programming language is (AFAICT) open-source but is currently in closed beta, but nobody is calling that a scam. I think Hare did the same thing. My point here is that a closed beta is about temporarily controlling the distribution to only trusted people, and is not mutually exclusive with being open in the long term.

        That said, I agree Bluesky is a scam.

        1. 6

          Jai is for sure not open-source - I doubt that it will ever be - as Jonathan is not willing to entertain community contributions.

          1. 16

            Sqlite is open source, but doesn’t accept contributions.

            1. 5

              sqlite is in the public domain.

              What I meant by my comment is that Jai, even when the code will be made public, it will most likely not be released under a license that allows all freedoms of the Open Source definition.

              1. 2

                What makes you say that?

                1. 2

                  Watching the streams in which Jonathan works on the compiler. He mentioned multiple times that most likely they’ll come up with their own licence so I was mostly inferring from that.

                  I’m not sure how willing he’ll be to allow other entities - and based on the main target demographic of the language, which is game developers, they’ll probably be commercial ones - to repackage/redistribute the compiler.

          2. 13

            Open source does not mean open contribution. It does commonly imply it, but it’s quite literally in the name “open source”.

            1. 13

              There’s never a guarantee of open contribution – a project maintainer can drop your patch on the floor, loudly or quietly – so the real question is always if you have the right to fork your own version?

              Right now the question is moot, since there isn’t any source release at all.

              1. 1

                And, importantly, there isn’t any binaries released either. It’s not a case of, “we will open-source this product eventually, we promise; until then, just use our closed source work”. It’s just not ready yet.

                1. 1

                  But there are binaries, they’re released to a restricted (last time he mentioned it, it was about 500 people) closed beta.

    2. 18

      This is fascinating. A few first impressions.

      It desperately tries to distance itself from the “crypto”. The very first question on the FAQ is “Is ATP a blockchain?” with the answer “No. ATP is a federated protocol. It’s not a blockchain nor does it use a blockchain.”

      At the same time it describes it’s main data structure like this:

      Each mutation to the repository produces a new Root node, and every Root node includes the CID of the previous Commit. This produces a linked list which represents the history of changes in a Repository.

      I mean, a linked list of signed objects sounds very much like blockchain. I guess, they want to look more like git than bitcoin. so there’s that.

      Speaking of commit lists. Doesn’t this mean that content is never truly deleted? The protocol supports post deletion but don’t the posts stay in previous commits? Wouldn’t it make just a little inconvenient to find those posts as opposed to impossible?

      I guess, it’s possible to rewrite the whole history (akin to rebase in git) and resign all the commits but it’s unclear how it should be done.

      It’s fascinating to see them reinvent SOAP (with WSDL and XSD, no less) reinvented in JSON.

      Documentation is far from good. Most of the functionality is not described at all. Lexicons are just interface definitions (in verbose JSON) with no descriptions.

      Having consistent data shape is important for interoperability but not the full story. There’s no explanation of what any particular method does or doesn’t. There’s no recommendation for implementers. For example, app.bsky.actor.getSuggestions described as “Get a list of actors suggested for following. Used in discovery UIs.” Who and how decides what’s returned by this method?

      It’s a shame they decided not to use existing standards. For example, app.bsky.embed lexicon seems like it intersects a lot with OEmbed.

      It seems federation is expected to be on the smaller side. The whole thing requires Crawling Indexers for the most useful social network functionality: content discovery, and user search. They also expect indexers to take care of “large-scale metrics (likes, reposts, followers)” but I personally don’t care much about that. The issue I see is that there doesn’t seem any functionality for index federation. It appears a user can use multiple indexes to distribute their content and discover other content/users but I don’t know how this protocol handles duplication (when a result is present in multiple indices) or missing content (not present in the used indices but still out there).

      In order to achieve result similar to Twitter/Facebook there need to be an index with full view of the network (which would be extremely expensive) or we’re faced with ultimately the same issue we see in the fediverse with the lack of global/distributed search.

      1. 3

        Git uses hash chains.

        Blockchains use hash chains.

        Blockchains used for currency ignore data that 50% do not agree about to avoid double spending, and need to throw that data away to avoid economic DOS as storage and bandwidth costs money. But that is the in chain perspective, all blockchain also use a network level that is outside, so network level vulnerabilities bypass the in chain guarantees.

        For Git the client decides which branch or other ref to use or which one to throw away.

        Proof of stake may be used in blockchains, but without a data type that avoids double spending it is not a blockchain.

        Proof of stake may use cleverer algorithms that are not vulnerable to collusion of 50% of peers.

        This could be used as part of a solution to ensure write and read availability of solutions to cryptographic challenges like revocation certificates / proofs of compromise of secret keys. This is one way to reduce Sybil attacks that more naive append only logs are vulnerable to (see nothing at stake). Such logs are used in Trillian, CertificateTransparency, sigstore, etc.

        Protocols can thus be classified by the answer to the question:

        Under what amount of peers colluding for which attacks do which failure modes appear?

        Seems for server to server federation this is using IPFS (which is using Kademlia). IPFS itself has no write availability guarantees for content, as those are up to an additional protocol layer.

        1. 2

          I’ll be honest, I didn’t pay much attention to cryptocurrencies so I easily might be mistaken. I was under impression that the defining feature of blockchain (as a technology) is that it’s an append-only datastructure that makes it easy to know that it wasn’t tempered with. That is, if I have the latest block and I trust it’s legit, that’s enough to verify that none of the previous blocks was tempered with.

          For example, I have my latest Bitcoin block and I trust it’s good, I can download the rest of the blocks and verify on my own they all are good. Same with git, I have my HEAD hash, I can pull the rest of the repo and verify that it’s a descendent of the root commit.

          In that sense repo structure in AT Protocol is the same thing.

          I see you use “hash chain” to define it. TBH, this is the first time I hear the term. I guess, might be useful to have a separate term for the useful bits for people who want to distance themselves from crypocurrencies.

          1. 9

            What you’re describing is a hash chain. Fancier versions are called Merkle trees. They’ve been around since the 1980s..

            Bitcoin, I believe, created the term “blockchain” for their usage of a global hash chain with a consensus mechanism for resolving forks. The Wikipedia article I linked to discusses the difference.

      2. 2

        In order to achieve result similar to Twitter/Facebook there need to be an index with full view of the network (which would be extremely expensive)

        I for one don’t want results similar to Twitter/Facebook. Those results have been catastrophic. My takeaway is that having everything you do exposed to the glare of the whole world creates terrible problems. Humans have not evolved the capacity to have social networks larger than about a hundred people.

        1. 1

          Depends on use case. I get what you’re saying but let’s consider the case social media was actually good at: letting me find interesting feeds to follow. I don’t consider authors to be within my “social circle” but I appreciate their expertise, insight, writing style, cat pictures they post or whatever. In AT federation I might be missing some feeds if I don’t participate in all indices. Likewise, my content might not reach the widest audience unless it’s in all the indices.

          Coincidentally, ActivityPub has a similar issue. There’s no global search. It’s very hard to bootstrap a feed with interesting content.

          I’m not sure why everyone’s focused on the “social” part. Very few people chat with their friends on Twitter or Facebook groups as their main mode of communication. I think “microblog” better reflects the best use of public posting in all social media.

          I understand why Fb/Twitter would want to focus on the social aspect (“drive engagement”) but it seems users want microblogs more than engagement. At least that’s the impression I get from both AT and ActivityPub. ActivityPub especially since it’s been in use for a while. In fact they actively want to discourage “engagement” the way it’s driven in Twitter, for example.

    3. 17

      Man I SO want to believe this article, because I am a huge fan of the Fediverse. Open protocols, FLOSS all the way down = sign me up!

      But reading the article, my spidey sense kept tingling: “This smells like a partisan piece”.

      And it is. Knowing the author is a Nostr fan explains a lot.

      I’d love for someone without so much skin in the game to do an actual technical breakdown around what is and isn’t read/good/bad about Bluesky.

      1. 10

        He author is more than a Nostr fan, he’s the original protocol creator.

        So yeah, not a particularly impartial voice in this debate.

    4. 13

      Undisclosed conflict of interest makes me think this is more appropriately tagged “spam” than “off-topic.”

    5. 12

      That’s an extreme description. I know it’s tagged as a rant, but still…

      The whole bit about the protocol may not be how the author would like it to happen, but practically it makes sense to me. You could start from full openness and design by committee, or the other way like bluesky did - establish their own initial network and client in private and start letting people in at a slow pace. This way they can react quickly without having to break the network multiple times as they learn new things about scaling.

      The BGS availability also sounds like a practical description. Whether you plan for it or not, the node sizes will most likely follow similar distribution to all the other distributed systems. For git there’s GH, GL, and the rest. For mastodon there’s a couple huge instances and the rest. For email there’s Google, MS and the rest.

      1. 30

        Author is apparently involved with Nostr[1], which competes in a similar space as Bluesky.

        [1] previously, on Lobste.rs:

        1. 22

          Which means there’s an 80% chance they’re a bitcoin bro. I looked into Nostr. The tech is very cool, and I think could be practical as a social platform with a loooot of work. However pretty much everyone on there is a cryptobro or a spambot. Cryptocurrency is so far ingrained into that community, I fully expect it to be the reason it ultimately fails.

          1. 7

            The protocol looks simple, aside from the cryptography parts. Their affiliation with bitcoin obviously influenced their choices here. They use SECP256K1 keys and Schnorr signatures.

            A friend of mine was asking me about nostr last week, so I took a harder look at it. As I was telling him last night, I have little inclination to build anything using that protocol, because of (as I phrased it) the “weird-assed obscure bitcoin tech”. I’d hope that someone starting a project using cryptography in the 2020s would go for something that could be implemented with, say, libsodium.

            1. 3

              If there is one thing the crypto (as in stonks) sphere has contributed, it is the popularisation of zk crypto (as in cryptography). Admittedly, no zk crypto (as in stonks) has any practical value, they are purely research-quality POCs funded by speculation by the latest lottery winners.

              I’ve worked on a zk-VM. One really valuable, future application of that is: verifiable compilation: give someone an executable binary, and a cryptographic proof that it was compiled with the source code in a git report with a certain HEAD. Beats just publishing the hash digest on the same website that hosts the binary.

              Especially, the popularisation of “non-interactive” zk proof systems is interesting because they can be useful without the widespread adoption of some interactive network protocol. (Depending on critical mass to attain critical mass is an expensive strategy.)

          2. 4

            That’s certainly what turned me off to nostr HARD.

          3. 2

            The main question is, do you need some crypto token to operate the protocol, or is the protocol just preferred among crypto bros?

            As far as privacy-preserving protocols, I don’t understand why we don’t see more that mask as regular https traffic.

          4. 1

            Bitcoin bros are exactly the sort of people who care about decentralization and censorship-resistance in the realm of money (or else they’d be doing something else). Those are exactly the sort of people I want designing and using and promoting social media platforms.

            1. 5

              Idunno I’m pretty sure they’re about grifting and denying their accelerating catastrophic climate change.

    6. 6

      Its biggest feature is that it is functionally very similar to Twitter, already with a bunch of the best shitposters having accounts, while not being actively under destruction by Elon Musk. The at protocol is kind of a side curiosity. I’m having a lot of fun on there and I don’t really view the at protocol as a meaningful aspect of what makes a social network interesting to me. While Elon’s destructiveness may cause a lot of people to say that the system should be built in a way that is resistant to such hierarchical control, the actual interesting mechanism is that people will vote with their feet and they will go where they feel good, and its backing architecture is usually kind of irrelevant to anyone other than its operators.

      1. 2

        Elon Musk is only destructive of twitter if you adhere to one particular set of Anglosphere political preferences. If you don’t share those politics, then Elon Musk’s management of twitter is neutral to positive compared to the previous status quo.

        In any case the backing architecture of a social network is highly relevant to users even if they’re not directly aware of it. The protocol affects how operators can moderate the network, which affects how people can use it.

        1. 26

          Elon’s leadership has been destructive to Twitter in countless and widely-reported dimensions, few of which are related to his politics.

        2. 15

          In December Twitter started showing unrelated tweets in replies to a tweet, which made reading Twitter so unpleasant I quit within a week.

        3. 1

          Lobsters, HN, the bigger tech subreddits and so on all lean in that particular political direction so the OPs view is likely the dominant one here.

          We’ve seen with Mastodon what happens when you federate such a system: People will divide the social graph based on an arbitrary axis like political or sexual identity and make it impossible for users from these groups to communicate with each other. Bluesky will probably do that as well, if only to support their business model.

        4. [Comment removed by author]

    7. 5

      From the rant:

      …the Bluesky people were looking for an identity system that provided global ids, key rotation and human-readable names.

      They must have realized that such properties are not possibly in an open and decentralized system, but instead of accepting a tradeoff they decided they wanted all their desired features and threw away the “decentralized” part…

      I’m really curious about this - why is it not possible in a decentralized system? I know there have been past attempts around web of trust. I’ve always wondered why something couldn’t be built using blockchain to store public keys. Key rotation could be performed by signing a new key with the old key and updating the chain.

      Am I missing something obvious that’s not currently possible? Are there good research papers in this area I should read?

      1. 7

        It’s well-trodden folklore; I’d start with Zooko’s triangle. Several forms of the triangle can be formalized, depending on the context.

      2. 4

        You don’t need a blockchain to store a bunch of self-signed public keys. PKI has been doing that for ages via certificates.

        OTOH, if you want globally-consistent (and globally-readable), unforgeable metadata associated with those keys you need some arbiter that decides who wins in case of conflicts, what followers/“following” graph edges exist, etc.

        Nostr actually uses existing PKI (via HTTPS + TLS) to “verify” accounts that claim association with an existing public domain. Everything else is…well, not even “eventually consistent” so much as “can look kinda consistent if you check a lot of relays and don’t sweat the details.”

      3. 4

        It’s possible, but you need some kind of distributed consensus, which in practice looks like a blockchain. ENS is one implementation on Ethereum. You also need some mechanism to prevent one person from grabbing every name (if you assume sybil attacks are possible, which they will be on almost any decentralized system). The most common one is to charge money, which is not really ideal for a social network (you want a very small barrier to entry)

        1. 4

          You also need some mechanism to prevent one person from grabbing every name

          An interesting take on this is done by the SimpleX network: it employs no public identifiers. The SimpleX Chat protocol builds on top and continues this trend. You can build a name service on top, but the takeaway I make is that maybe we don’t need name services as often as we think.

      4. 3

        The assertion of Zooko’s Triangle is that you can’t have identities that are simultaneously human-meaningful, globally unique and secure/decentralized. You can only pick two properties. DNS isn’t secure (you have to trust registries like ICANN.) Public keys aren’t human-meaningful. Usernames aren’t unique because different people can be “snej” on different systems.

        The best compromise is what are known as Petnames, which are locally-assigned meaningful names given to public keys.

        1. 2

          Zooko’s Triangle describes the properties human-meaningful, secure, and decentralized. DNS is secure, not decentralized.

          1. 2

            Oops, thanks for the correction. I was working from memory.

    8. 3

      I mean at that level of granularity, show me one thing that isn’t a scam.

    9. 3

      I haven’t used Bluesky, but I doubt it’s a scam. It’s a Public Benefit LLC, which has some requirements:

      Unlike a regular LLC, a PBLLC has additional statutory requirements to be transparent, accountable and uphold its public benefit purpose while maintaining its fiduciary duties. This means a PBLLC needs to take steps like adopting an independent, third-party standard to assess its performance, disclosing conflicts of interest and providing its members with information on whether the PBLLC met its public benefit objectives. – source

      Here’s the problem. In order to test the AT protocol, they need users. In order to get users, they need a product (a reason for people to come). In order to protect themselves from personal Liability, they start a company. I’ll (maybe) call it a scam if they do a bait and switch and reincorporate as a standard C Corp, take billions in VC funding, etc, etc, etc. For now, I’m giving them the benefit of the doubt.

      And regarding the “It’s a fairly demanding service” type thing… you don’t say? Is hosting 50k users on Mastodon easy? Motivated folks are going to find a way to make it work. Maybe no one will care! We’ll have to wait and see.

      1. 2

        Who’s their auditor? I wasn’t able to find out offhand. A benefit corporation is only as good as their chosen standard and auditor; that performance assessment isn’t automatic and is only barely compelled by law.

        1. 2

          I am guessing it’s not fully figured out.

          Phase 3: The company In the last few weeks of 2021, we got the Bluesky PBLLC established and funded. We decided to keep the community as a separate organization, funded through grants from the Bluesky company, so it can function as an inclusive forum while the company pursues more focused research and development. At the Bluesky company we want to start being more public, having more conversations with companies besides Twitter, and engaging with other protocols, but first we need to finish hiring and articulate the technical vision for our proposed direction. In the meantime, the community continues to be a place for discussion and debate, where we participate but do not drive conversations. source

          The question is going to be if / when they do some of that stuff. So we simply won’t know anything for sure until there’s commitments. But again, I think it’s way to quick to judge it so harshly. That post is over a year old, so slightly concerning… but again. Still pretty early.

    10. 4

      Standing in line for a private beta, 90s are back!

    11. 2

      this is how you know its going to succeed. you dont get much HN/lobste.rs hate for failing/unpopular projects. for example mastodon (not exactly failing, but not living up to many people’s hopes for it either)

    12. 2

      No serious competitor is likely to step in and build serious apps using a protocol that is directly controlled by Bluesky.

      Competitors make use of the Microsoft Exchange protocols, right?

    13. 2

      I noticed a persistent meme in the orange site’s commentary on this rant. I also noticed that the orange site’s users repeatedly flagged this rant; I suspect that the meme encourages flagging and other content-free replies.

      The main pattern here is not “new protocol/library/language/framework X is bad”, but “it seems like we could have retrofitted existing system Y with all of X’s features; why not fix Y instead?” In this case, it’s not that the AT protocol seems catastrophically flawed, but rather that it seems to be a not-invented-here recreation of ActivityPub which doesn’t convincingly explain how AT fixes ActivityPub’s problems.

      Given that there is already a thriving ecosystem built upon ActivityPub, it seems like BlueSky’s founders are intentionally wasting engineer time and effort, and that is the crock of shit. The particular protocol produced by their wasteful labor is not important, other than that we can clearly see its lack of forward progress.

    14. 1

      Should this be a rant?

      1. 1

        The author seems quite angry and uses a lot of very unpleasant language.

        1. 1

          There are 3 submissions folded into one, you’ll have to specify which one you find objectionable.

    15. 1

      I’ve just read various postings (here/on HN) about why Bluesky is bad now, and the feeling I get is:

      These aren’t debilitating problems or disadvantages. If these are the arguments contra, then Bluesky is the one that’s going to end up with most of the users (unless Twitter recovers).

    16. 1

      Title needs to be updated — looks like it refers to the “@protocol”, which underlies Mastodon/the Fediverse Bluesky? Totally thought this was about the Hayes AT command set, which I could’ve used a good rant on here in 2023.

      1. 5

        I think it’s the protocol underneath Bluesky, a de(?)centralised network from Jack Dorsey of Twitter founding.

        Seems they’ve a naming collision, of course.

        1. 2

          Thank you, I read too quickly. Updated my comment.