What about using Nostr relays to also back up your data passwords? I built a library called Tablinum around this idea. Local first but backed up to Nostr relays using NIP-59 gift wrapped events.
That's a lot of information about something that does not really matter in practice. It's not until ew get to the very end of your comment that we get to the actually relevant part for the discussion.
> So let's talk in practice: when you sign up for Bluesky, they store the private key for you. This way, for users that don't care about any of these details, they do not have to think about it at all. It's saved with the rest of your account data, you don't have to worry about backups or anything.
> However, at any time, any user can register a rotation key with the PLC directory. To do this, you generate a new public and private key, and then store that private key wherever you'd like. All the usual caveats here apply. You can then use your existing private key to add this new public key to your account. Once you do that, it shows up in your DID document as a rotation key. You can use that rotation key to add more keys, remove the Bluesky owned keypair, whatever you want. Now it's not stored by Bluesky.
> The majority of users have not done this, it's true. But they can. Whenever they'd like.
The Bluesky PDS stores (and has access to!) your private keys. They are in full control of your identity. It just so happens that 99.99% of users are on the Bluesky PDSs AND 99.99% of users will choose the path of least resistance and in practice NEVER register an external rotation key. This is exactly the problem. It is massively centralized and a rug pull from Bluesky would effectively just kill off the network.
It's insane that this is just hand-waved away because "you can just self-host" or "you can just register an external rotation key". If you think users will actually do this I have a bridge to sell you.
Nope. When I’m talking about identity I’m speaking strictly of the keys that sign your messages and the pub key derived from it. In every other cryptographic system that is your identity. It is absolutely correct that the PDS has complete control over your keys when it comes to 99.99% of users. I challenge you to prove the opposite.
That’s a very narrow definition of decentralisation. In any case - both atproto and fediverse are massively centralised compared to something like Nostr, and it’s not even close.
The fact that the PDS in practice owns your identity in the vast vast majority of cases is such a dumb trade off that it’s honestly laughable. Should Bluesky decide to splinter off of the network there would be like 50000 people left.
Stop telling people that it’s decentralised in any meaningful way and be honest about it instead. That’s the issue. The dishonesty and tricking users.
The end of the article explains why this isn’t necessarily better than a centralised service. Yes - you can self host but no one (yes, there a few exceptions) does in practice. Your PDS host can pretend to be you on any atproto application.
Atproto is not decentralised, it’s faux decentralised. You can technically be sovereign, but incentives and the way things have been done results in massive centralisation - 99.9% of users are on a Bluesky PDS and have not registered a higher priority rotation key. And they won’t, ever, because that’s how humans work.
The day Bluesky decides to enshittify there’s a very real possibility that they might also just stop allowing people to extract their keys and splinter off the network. The enshitification begins when VCs turn upp the heat it they start getting low on cash.
“The signing key is entrusted to the PDS so that it can manage the user's data, but rotation keys can be controlled by the user, e.g. as a paper key. This makes it possible for the user to update their account to a new PDS without the original host's help.”
Yes you can but the vast majority don’t, and that is what matters. When Bluesky goes rogue because of profitability issues or VC pressure, the vast vast majority of users lose their identities on the wider network. Users will choose the path of least resistance. It’s all about incentives.
Looking at the studies on the site I’m only seeing comparisons vs placebo and activated charcoal - why not compare to non modified regular beta glucan that is in most oats?
Not parent but I wrote an article about how PDSs (the thing that hosts your data) control your signing and rotation keys. It's technically possible to self-host but as always, the default becomes the norm. 99.999% of users on ATProto host their data on BlueSky servers.
People in the Bitcoin space have been screaming at the top of their lungs about this for decades at this point, but it's hard to work against the marketing machine that comes from these ICOs.
What about using Nostr relays to also back up your data passwords? I built a library called Tablinum around this idea. Local first but backed up to Nostr relays using NIP-59 gift wrapped events.
https://tablinum.dev