HackerTrans
TopNewTrendsCommentsPastAskShowJobs

kevinak

no profile record

Submissions

Who owns your ATProto identity?

kevinak.se
171 points·by kevinak·20 วันที่ผ่านมา·152 comments

Grasp Protocol: A simple protocol for code collaboration

gitgrasp.com
1 points·by kevinak·4 เดือนที่ผ่านมา·0 comments

Living human brain cells play DOOM on a CL1 [video]

youtube.com
257 points·by kevinak·4 เดือนที่ผ่านมา·275 comments

Who Owns Your ATProto Identity? Hint: It's Probably Not You

kevinak.se
5 points·by kevinak·4 เดือนที่ผ่านมา·8 comments

Be wary of Bluesky

kevinak.se
366 points·by kevinak·5 เดือนที่ผ่านมา·262 comments

Donut Lab – first all-solid-state battery. Production Ready Today

donutlab.com
10 points·by kevinak·6 เดือนที่ผ่านมา·2 comments

Oxlint JavaScript Plugin Support

voidzero.dev
3 points·by kevinak·9 เดือนที่ผ่านมา·0 comments

Fighting Email Spam on Your Mail Server with LLMs – Privately

cybercarnet.eu
4 points·by kevinak·9 เดือนที่ผ่านมา·0 comments

The First Ultrasonic Chef's Knife for Home Cooks

youtube.com
5 points·by kevinak·10 เดือนที่ผ่านมา·0 comments

comments

kevinak
·8 วันที่ผ่านมา·discuss
Very cool! I like it!

What about using Nostr relays to also back up your data passwords? I built a library called Tablinum around this idea. Local first but backed up to Nostr relays using NIP-59 gift wrapped events.

https://tablinum.dev
kevinak
·10 วันที่ผ่านมา·discuss
That's a lot of information about something that does not really matter in practice. It's not until ew get to the very end of your comment that we get to the actually relevant part for the discussion.

> So let's talk in practice: when you sign up for Bluesky, they store the private key for you. This way, for users that don't care about any of these details, they do not have to think about it at all. It's saved with the rest of your account data, you don't have to worry about backups or anything.

> However, at any time, any user can register a rotation key with the PLC directory. To do this, you generate a new public and private key, and then store that private key wherever you'd like. All the usual caveats here apply. You can then use your existing private key to add this new public key to your account. Once you do that, it shows up in your DID document as a rotation key. You can use that rotation key to add more keys, remove the Bluesky owned keypair, whatever you want. Now it's not stored by Bluesky.

> The majority of users have not done this, it's true. But they can. Whenever they'd like.

The Bluesky PDS stores (and has access to!) your private keys. They are in full control of your identity. It just so happens that 99.99% of users are on the Bluesky PDSs AND 99.99% of users will choose the path of least resistance and in practice NEVER register an external rotation key. This is exactly the problem. It is massively centralized and a rug pull from Bluesky would effectively just kill off the network.

It's insane that this is just hand-waved away because "you can just self-host" or "you can just register an external rotation key". If you think users will actually do this I have a bridge to sell you.
kevinak
·11 วันที่ผ่านมา·discuss
Where are your rotation and signing keys stored? Who can access them? Talking here about the majority case.
kevinak
·11 วันที่ผ่านมา·discuss
Nope. When I’m talking about identity I’m speaking strictly of the keys that sign your messages and the pub key derived from it. In every other cryptographic system that is your identity. It is absolutely correct that the PDS has complete control over your keys when it comes to 99.99% of users. I challenge you to prove the opposite.
kevinak
·11 วันที่ผ่านมา·discuss
That’s a very narrow definition of decentralisation. In any case - both atproto and fediverse are massively centralised compared to something like Nostr, and it’s not even close.

The fact that the PDS in practice owns your identity in the vast vast majority of cases is such a dumb trade off that it’s honestly laughable. Should Bluesky decide to splinter off of the network there would be like 50000 people left.

Stop telling people that it’s decentralised in any meaningful way and be honest about it instead. That’s the issue. The dishonesty and tricking users.
kevinak
·11 วันที่ผ่านมา·discuss
You won’t have decentralisation on Atproto because the protocol itself incentivises centralisation.
kevinak
·20 วันที่ผ่านมา·discuss
The end of the article explains why this isn’t necessarily better than a centralised service. Yes - you can self host but no one (yes, there a few exceptions) does in practice. Your PDS host can pretend to be you on any atproto application.
kevinak
·20 วันที่ผ่านมา·discuss
The point of the article is that 99.9% of users will not take custodial control of their identity - not that they can’t.
kevinak
·20 วันที่ผ่านมา·discuss
Yes - the trade off is centralisation.
kevinak
·20 วันที่ผ่านมา·discuss
Atproto is not decentralised, it’s faux decentralised. You can technically be sovereign, but incentives and the way things have been done results in massive centralisation - 99.9% of users are on a Bluesky PDS and have not registered a higher priority rotation key. And they won’t, ever, because that’s how humans work.

The day Bluesky decides to enshittify there’s a very real possibility that they might also just stop allowing people to extract their keys and splinter off the network. The enshitification begins when VCs turn upp the heat it they start getting low on cash.
kevinak
·20 วันที่ผ่านมา·discuss
It’s great that tings like this exist but as long as this is how identities work on ATProto it’s unfortunately going to be a niche thing.
kevinak
·20 วันที่ผ่านมา·discuss
You can just read the documentation: https://atproto.com/guides/overview#account-portability

“The signing key is entrusted to the PDS so that it can manage the user's data, but rotation keys can be controlled by the user, e.g. as a paper key. This makes it possible for the user to update their account to a new PDS without the original host's help.”
kevinak
·20 วันที่ผ่านมา·discuss
Yes you can but the vast majority don’t, and that is what matters. When Bluesky goes rogue because of profitability issues or VC pressure, the vast vast majority of users lose their identities on the wider network. Users will choose the path of least resistance. It’s all about incentives.
kevinak
·20 วันที่ผ่านมา·discuss
Correct, but it’s not decentralized in any meaningful way, which is what a lot of ATProto proponents want you to believe.

No one (not literally of course) self hosts their PDS. Like 99.9%, if not more, are using the Bluesky PDSes.
kevinak
·3 เดือนที่ผ่านมา·discuss
Looking at the studies on the site I’m only seeing comparisons vs placebo and activated charcoal - why not compare to non modified regular beta glucan that is in most oats?
kevinak
·3 เดือนที่ผ่านมา·discuss
Not parent but I wrote an article about how PDSs (the thing that hosts your data) control your signing and rotation keys. It's technically possible to self-host but as always, the default becomes the norm. 99.999% of users on ATProto host their data on BlueSky servers.

https://kevinak.se/blog/who-actually-owns-your-atproto-ident...
kevinak
·3 เดือนที่ผ่านมา·discuss
There is - https://flotilla.social/
kevinak
·3 เดือนที่ผ่านมา·discuss
Yes. Here are some specifications that describe it: https://github.com/nostr-protocol/nips/blob/master/17.md and https://github.com/nostr-protocol/nips/blob/master/59.md
kevinak
·3 เดือนที่ผ่านมา·discuss
So if a user is banned from their PDS and they haven't backed up their keys, the community is screwed? That seems like a pretty big flaw.
kevinak
·4 เดือนที่ผ่านมา·discuss
Yep!

People in the Bitcoin space have been screaming at the top of their lungs about this for decades at this point, but it's hard to work against the marketing machine that comes from these ICOs.