How Decentralized Is Bluesky Really?
-
@cwebber I also don't share your optimism about cross-pollination. There's a reason that W3C specifications have to only have normative dependencies on specs from recognized standards bodies. Too many minefields unless you have a clear license.
I'm glad that @bnewbold is in the SocialCG and I hope we can find some opportunities to publish reports with some or all parts of the AT Proto stack.
-
@Gaelan
Good is obviously subjective. I will highlight what I find to be “good” it’s a very simple protocol: pretty much JSON+ relays and clients. Identify are keypairs which are unfortunately left up to the users to manually handle but they can be plugged into any frontend. You prefer a blog, image-sharing, link aggregate over Twitter just use any of those kind of clients.
(🧵1/2) -
Nostr is very grassroots but seems to function well, they use NIPs which are like FEPs.
Culturally, yes it’s a lot of cryptocurrency & Bitcoin folks but you can filter that noise on a client or relay level. I do and there’s still a surprising amount of quality content & non crypto bro users.
(🧵2/2)
@Gaelan -
Robert W. Gehlreplied to Christine Lemmer-Webber last edited by
@cwebber I was definitely surprised how journalists called it “decentralized” right when it started. Now I hear journalists call it “federated.” Bluesky has good PR, for sure.
-
Steve Batereplied to Christine Lemmer-Webber last edited by [email protected]
@cwebber I'd like to hear more about AP follows the (Hewitt) Actor Model of Computation, if that's the one you mean. Just having message passing and an inbox and a thing called an "Actor" doesn't make the thing a unit of computation. Given the stated importance to AP, I don't see Hewitt's actor model mentioned in the spec or in any of the WG transcripts, so I'm curious what I'm missing.
Actor Model of Computation: Scalable Robust Information Systems
Abstract page for arXiv paper 1008.1459: Actor Model of Computation: Scalable Robust Information Systems
arXiv.org (arxiv.org)
-
@cwebber Some notes:
(Also choosing sha256 over sha256d, there’s maybe the question of length extension attacks, but I suppose the parsing of the document means this is maybe not a problem, I’m not sure.)
So a fun thing amout merkle-damgård hash functions is that they’re only subject to length extension attacks if used at full length. If truncated they’re not vulnerable. So SHA-256 and SHA-512 are vulnerable, but SHA-224 (which is SHA-256 with different constants and truncated to 224 bits) and SHA-384 (which is SHA-512 with initial different initial constants and truncated to 384 bits) are not. Back in 2012 NIST standardised SHA-512/224 and SHA-512/256 which are similarly truncated versions of SHA-512 with different initial constants which also sidestep the length extension attack issue.
Anyway this is to say that because they truncated the hash in did:plc identifiers (to a level which feels unwise to me too!) they’re immune to length extension attcks.
-
:PUA: Shlee fucked around andreplied to Christine Lemmer-Webber last edited by
@cwebber this doesn’t answer if federation is a good thing. Science is yet to discover
-
Christine Lemmer-Webberreplied to Evan Prodromou last edited by
@evan I am glad you liked it after reading the whole thing
I absolutely would not turn down a donation from Bluesky to Spritely should they want to
but also @bnewbold welcomed and said he would be "honored" to see me write something, but absolutely did not ask me to write a 25 page document, that's just me lolBut there was too much to cover, and I felt I really could not do the issue justice without covering it from every important angle, so I did. Glad it was well received.
-
Evan Prodromoureplied to Christine Lemmer-Webber last edited by
@cwebber @bnewbold I didn't read the whole thing.
️Since I actively work on ActivityPub, I can't afford to introduce patented ideas into our specs or extensions, even accidentally or unconsciously.
So, I avoid reading any technical discussions of the BS protocol. I've asked Brian and Mike to offer a public patent license or to release their work through W3C or IETF which also uses a patent license. No luck so far.
Anyway, I'm glad you had fun.
-
find you on :butterfedy1: fediversereplied to smallcircles (Humanity Now 🕊) last edited by
@smallcircles @helge @cwebber i had a looksy at that and the webassembly part for one of the technologies was the only turn-off i could see at a glance.
i realize that the addon system for browsers is tivo-isation by #mozilla (terrible) and that addons aren't harnessing an efficient language/codebase and addons might not be able to do everything in a browser. but by the same token, i dont believe we ought to EXPECT everything to be able to be done in a broser.
-
smallcircles (Humanity Now 🕊)replied to find you on :butterfedy1: fediverse last edited by
-
@cwebber amazing, thank-you for taking the time to put this together. This is exactly the sort of in-depth analysis from someone with deep knowledge of the subject I was looking for.
-
Christine Lemmer-Webberreplied to Evan Prodromou last edited by
@evan I am reading backwards in time but @bnewbold encouraged me to speak after I had expressed frustration about biting my tongue about things. I don't think this was for Bluesky's benefit at all and, I think you recognize this later but, tbh my article was *extremely* critical, even if polite
Bluesky folks have received it very thoughtfully but trust me I did *not* take that as a given and it could have very much so have not gone that way. I'm glad it did tho
-
Evan Prodromoureplied to Christine Lemmer-Webber last edited by
-
Christine Lemmer-Webberreplied to Steve Bate last edited by
@steve https://en.wikipedia.org/wiki/Actor_model#Fundamental_concepts fundamental concepts section on wikipedia summarizes well
-
Steve Batereplied to Christine Lemmer-Webber last edited by
@cwebber Thanks for the response. Both the original paper and Wikipedia state: "Everything is an actor". Not in AP. In response to messages, actors can create other actors and only modify their own *internal* state. Not specified in AP. Another difference is that AP actors can communicate to other actors without actor addresses (using "as:Public"). Interestingly, an "inbox" (or message queue) is not required in the Actor Model of Computation (see paper). Too many differences to list here...
-
Weatherwaxreplied to Christine Lemmer-Webber last edited by
@cwebber
Great technical analysis that perfectly captures how architecture embodies values. You're right - Mastodon attracts digital idealists willing to sacrifice convenience for independence, while Bluesky draws tech pragmatists seeking ethical alternatives that still work smoothly.
But I think there's a missing piece in this freedom debate. The civil rights movement showed that real transformation often comes through collective commitment - not just independence from authority (Mastodon) or convenient individual choice (Bluesky).
We don't yet have protocols designed for communities seeking freedom through shared purpose rather than from or to something. The technical architecture for that kind of collective action would look very different from both current approaches (not sure what it is).
Thanks for the detailed analysis but I am still waiting for the protocols or ways to use the fact that computers see us as large groups, but, currently, only to aggregate us to sell us stuff. In reality, the computers could give great insight into the power of common identity between groups. No one’s using that. -
𝓼𝓮𝓻𝓪𝓹𝓪𝓽𝓱【ツ】☮(📍🇬🇧)replied to smallcircles (Humanity Now 🕊) last edited by
how about nostr?
how about the pear runtime?
how about dat ecosystem?the runtime works now.
a p2p messenger like keet works now.
nostr works now.to me that is way more inspiring than the more academic work of klepmann.
it is also unlikely the next decentralized social media will come from academia
