alt Hacker NewsWho owns your ATProto identity?
Comments
Who owns your domain name? Hint: it’s probably not you. Your hosting provider could take down your domain, or even steal traffic and direct it to their own IPs
One of the core features of AT is the ability to move your repo hosting provider (PDS) at any time. This is the "data portability" problem that ActivityPub never solved.
Bluesky Social, PBC runs a PDS service (bsky.social) for free, there are a number of free public alternatives, and thousands of users self-host.
Self-hosting your own PDS can be done with Raspberry Pi or $5/mo VM and requires very little work. It runs in a Docker container with SQLite.
I think most people don’t need to worry about their host abusing its power to impersonate them, but the cool thing is, the people who do need to/want to worry (journalists, politicians, celebrities, activists, open source maintainers, etc etc etc) can self host a PDS and be a lot safer, and still interact with everyone else.
Sure, somebody else holds your identity, but it's pretty easy to control it yourself. By its nature if you're using somebody to host your stuff, you're trusting them with it. I made Cirrus so you can self-host your PDS for free, but you still need to trust Cloudflare to run it.
Is author new at the whole web thing? Yes, people trust remote web servers. Yes, if you link multiple apps to an identity server (be it atproto, google, or self-hosted OpenID server), and your identity server is compromised, attacker will be able to impersonate you or lock you out.
This is just how the web works, and there is no easy around it without losing features people care about. Sure, you can do client-side encryption and pretend serve can't see the plaintext, but it's just a theatre, see Hushmail incident for example.
And having people export uber-key by default is pretty terrible idea. Sure, allow advanced users (like post author) to do it. But for the common person, the exported key is just another way to get account compromised, via malware or backup provider hacking. Or if they are not backing up stuff, then the key will get lost next time they upgrade.
So does a CA issuing my certificate, but there is some oversight in what they do.
Wait what?! For a protocol that incorporates the DID spec this is disappointing to discover. Unless I'm mistaken the DID spec allows provable hierarchical relationships between DID identities – why can't a child DID be created from our master signing identity that has the authority to CRUD on our behalf but still be provably distinct from our root identity?
Not even sure why the PDS would require our signing key that just seems very sloppy to me. As you can tell I know very little about atProto, and I did participate in the development of the DID standard and I am dismayed to see such an inelegant solution in such a promising protocol.
Both nostr and atp sucks at key management imo. The Farcaster network does a good job here with their chain of trust model and a smart contract on etherium blockchain to recover identities in case of losing access to a private key. Ironically its also the blockchain aspect of Farcaster for which I never tried it.
Why aren't the keys stored encrypted?
It seems most ppl who dislike X has already settled, a small amount moved to DeSo like atp or ap, most just stayed or went offline. Unless China GFW magically collapsed, there seems no reason ATProto user base will continue to grow. So, when will the monetization/enshitification phase begin?
I'm asking this not bc I like enshitification, but the app view design seems such a perfect fit for user data mining/targeting, that it's hard to believe it was not part of design consideration in day one.
Centralization is always a trap.
No idea why people have such a hard time joining and supporting the Fediverse.
What's the evidence for this? I'd be very keen to understand. This looks Claude written which is fine but adds an extra layer of skepticism for me.
Probably doesn't matter for the "40M+ users", most of them have churned at this point and growth is negative. This is good critique for the next iteration of open social protocols, but fundamentally atproto did not fail because of technical reasons. The next iteration should make privacy the default and core to protocol, and be very mindful of how the leadership / social dynamics played out.
This is where non-financial use of blockchain could really shine, IMO. Self-sovereign identity management with a smart contract-based process for recovering ids if keys get lost or hacked. Blockchains are pretty out of favor these days, but I really don't see a better solution for decentralized identity management.
Most people don’t worry about it for the same reason they don’t worry about GitHub abusing their GitHub account and are even willing to use “login with GitHub” to access their other accounts. Account takeover by a third party is a bigger risk. If you’re concerned about supply chain risks, there are more important concerns than “what if GitHub itself is a bad actor.”
It’s solvable if you’re willing to self-host your PDS.
But I’m skeptical of the attempts to make a PDS an “everything account.” Why should you use the same PDS for your social media posts and your git repos and your blog posts? Seems like we need to get better at locking things down in practice before that kind of centralization?