Replying to Avatar Garbage nsec

Fake, okay, but fake what? Fake open source? Fake credible exit? Fake announcements? I'm not sure what about it can be described as fake. Are they selling fake Nike shoes in the lobby? And same for scam. Scam what? Are they a front for something we should know about? I get that you mean fake and scam in a poasty sense, but still your "Bluesky is a scam" headline is a little on the tabloid side.

They've always been pretty clear they're going for a more-decentralised-over time-approach. Sometimes when talking to a normie audience they gloss over the nuance of that, but so does everyone.

And it is getting more decentralised. Right now anyone can spin up an AppView lite on a raspberry, connect that to a few PDSs, add a bespoke relay, etc. (No BlueSky company infra in the mix). Enthusiasts mainly now, but that wasn't possible a few months ago. You've got apps going alpha this month like https://sprk.so that’ll be running their own relay/BGS (first publicly accessible relay in Brazil thats not owned by BlueSky) their own AppView, own CDN, using their own lexicon—didn't have any example like that a few months ago. BlueSky just announced they're moving the directory out, which is the last core infra piece still inside. And if you start inside their hosting then it's getting much easier to pull your repo and your keys out now, even under adversarial conditions.

And there are more apps popping up, a lot of which have no crossover with bsky.app. You've got a github clone in pre-alpha, the repo of which you can host on a Raspberry Pi at home https://tangled.sh/@tangled.sh/core. That's a new thing. Other things like https://recipe.exchange/ which use just the ATProtocol identity, have their own lexicon. The https://whtwnd.com/ longform app pulls directly from PDSs.

So quite a lot of "not Kind1" stuff in the mix, and the argument for bsky.app having too much gravity is more of a Kind1 argument than an “other stuff” argument. These apps aren't competing with bsky.app or even using that lexicon (nobody's gonna want their git discussions to show up on their Kind1 feed).

And even for the pure Kind1 stuff there are a good number of new clients now, albeit piggybacking off bsky lexicon, hosting, etc.

Yes the whole deal is way more centralised than Nostr. Yes if BlueSky the company shut down tomorrow without any warning then people wouldn’t have time to pull their repos out. (Though if Damus shut down their app and relay tomorrow without any warning, that wouldn't be chaos free for Nostr.)

But the point is they're going in the direction they said they would go, and a lot of stuff in your “BlueSky is a Scam” article is now out of date. Can the whole thing ever escape its own black hole gravity? Maybe, maybe not. Place your bets. But it's definitely not a silly thing to suggest it might.

Course Nostr is much better for certain use cases. This B2B stuff I'm doing, ATProtocol would never work for that, no average IT department could digest it. But still though, ATProtocol is not a scam.

Avatar
fiatjaf 9mo ago 💬 2

I didn't say anything about "not kind:1", so you're addressing the wrong question. Anyway, you do pose interesting points, but let me say some things:

I thought it would be clear from my article above that I have two major concerns: their identity system is fully centralized and ran by the Bluesky company and their BGS is ran by a single company, which can control everything and perform any form of censorship, shadow-banning, limit who can join and so on.

If some other app is running their own BGS then fine, that won't be taken down, but interoperability becomes a very distant goal at this point. These will always and forever be just two independent apps -- in fact even if they're using the same BGS that is true if they're using completely independent schemas. Maybe that's a feature, I don't know, but you don't need a protocol for that, you just need people making their own apps with their own servers like it already happened in the internet before.

This is not to mention the fact that each of these apps runs their own server (the distinction between AppView and BGS doesn't matter much) and will not work if that specific developer decides to shut it down, and that developer can decide to censor, kick people out, do anything they want, as always, and there is no alternative besides someone else creating a new instance and trying to compete (again, this is not different from normal "web2" apps competing with each other -- and we know once one gets big enough network effect their power becomes absurd and competition becomes absurdly hard).

If we assume this is all good -- and sure it does look like an improvement over the previous state of the internet, albeit a very small one -- we must address the fact that the only good thing they're bringing is the portable identity. This part is the most egregious, because their "decentralized interoperable identity" is just one server that the Bluesky company hosts. How can that be defended?

Reply to this note

Please Login to reply.

Discussion

Avatar
daniele 9mo ago

> this is not different from normal "web2" apps competing with each other

> the only good thing they're bringing is the portable identity

I agree.

Avatar
Garbage nsec 9mo ago 💬 1

>This part is the most egregious, because their "decentralized interoperable identity" is just one server that the Bluesky company hosts. How can that be defended?

Where is that coming from?

Yeah if you sign up on BlueSky's host and never claim your identity then sure, it's on their server. But you can claim it anytime. Their whole philosophy is let the user claim control when they're ready, and in steps. A user can rely on did:web alone for their ATProtocol identity and not use did:plc at all. You end up with a did.json file that conforms to the DID spec w your public keys, your handle (e.g. fiatjaf.com), and service endpoints like your PDS URL, and that did.json file lives NIP-05 style in location on https://yourdomain.com/.well-known/did.json. I get that many people won't claim their identity, but you can claim it anytime. Even if you set up just your web handle (as many users there have done), that's enough to be able to take did:web adversarially later. Once you claim did:web you are fully in control of your identity on the protocol.

If you're talking about did:plc then yes directory operated by BlueSky, though they've announced that's moving out, and my point is that (a) let's wait and see if does move out and where it goes and (b) you don't even need did:plc if you've set up did:web.

Avatar
fiatjaf 9mo ago 💬 1

Of course I'm talking about did:plc, which is used by everybody except for about 12 weirdos who have set up did:web, and here you are writing a long paragraph as if did:web was this very obvious thing that all Bluesky users use? This is kind of a shitty argumentation move you have there.

Anyway, did:plc is the only thing that matters because you cannot migrate out of it into did:web, there is no such thing as "claim your identity". Even if it was, did:web is not decentralized anyway, it's just delegating your identity to another centralized third-party.

Avatar
Garbage nsec 9mo ago 💬 1

Fair comment on the12 weirdos, that is probably an accurate count of the current number of individual weirdos on did:web. I'm in this space for the B2B opportunities, and I'm thinking more about larger companies for whom did:web wouldn't be a heavy lift, and it could easily become a general corporate IT requirement in future. (Most of the current did:webs are probably larger companies or universities.) But just having the exit door existing isn't enough, you have to take into account the number of stairs to get to it, so okay, fair comment

And yes, fair comment on no crossing between did:web and did:plc, but again, what if in two months the did:plc directory is with some ICANN like body? Still not pkarr, but for most ownership-conscious people that'd be a perfectly okay compromise. A lot is hinging on where there directory goes and when. But they have announced it publicly, so it'd be hard to go back now.

Avatar
Nuh 9mo ago 💬 1

You should focus on Twitter and Facebook then, same centralised identity and much bigger market.

If did:plc became like ICANN, they would have spent too much time spewing bullshit just to become what they should have started with; registering a TLD and give people domains on signup, instead of this DID garbage.

And the 12 weirdos are not businesses by the way, businesses don't give a fuck, hell even presidents their didn't care enough to point their domain to the did:plc.

If you are in it for the business opportunity, make sure to not get high on this supply, if you have to sell it to business good for you, I am rooting for you, just don't confuse yourself.

Most importantly; don't ignore all the signs that Bluesky users don't give a shit about any of this, so if you build a business assuming there is a market for digital sovereignty enthusiasts... you are going to lose your shirt.

Avatar
Garbage nsec 9mo ago 💬 1

I think Nostr is *the* protocol for businesses, I've been pitching Nostr these past months to businesses in Asia and a decent reception so far (though not calling it Nostr). I think the future of Nostr is B2B. As mentioned somewhere above I'd never pitch ATProtocol to a business.

My main point at the start of this all is simply that ATProtocol is not a scam. It's a decent attempt by decent people, and it has a chance to evolve in a way that would be good for the internet at large. I'm mainly just tired of the hyperbole and the throwing of rocks when it comes to ATProtocol (and ever so often, Farcaster). That's all.

Avatar
Nuh 9mo ago 💬 1

Ok, I will bite, what does Nostr offer businesses? Because my basic bias is that it offers absolutely nothing, if anything the shitcoin Wallet Connect offers more because at least you know people who use that have money and likely to waste it on stupid stuff.

What does an npub and very unreliable relays and extremely small audience offer businesses?

Avatar
Garbage nsec 9mo ago 💬 1

Cross-company social that functions like email and can also be used by frontline workers and vendors on both sides (those with no basis for SSO). It competes with https://slack.com/intl/en-gb/connect and other offerings. It's cheaper, it's open source, no third party, it's easy for IT departments to understand and with relays on both sides of the fence it can be managed as each side likes. It mirrors email in many ways, and you sell it with email analogies.

Also competes with stuff like https://uintra.com/ but only for the cross-company case.

-Current nostr audience is irrelevant

-Zaps are irrelevant (unless the companies in the mix want them, but we never pitch them).

-The Nostr brand is irrelevant (nobody knows it anyway)

Event+relay architecture w redundancy, keyparis, and the open-source candy jar of client code are all very relevant. Overall lightness is relevant. Clients are custom-deployed from open source (each side has their own client and our team will service it). We plan to use one client codebase for all customers at the start.

Early days and just pitching for feedback but so far is good.

Course none of this is what Nostr was invented for. But if you were going to draft up an architecture from scratch for cross-company social in the vendor age then Nostr is kind of like the thing you'd end up with.

Avatar
Nuh 9mo ago 💬 1

I think you are thinking of the Matrix Protocol... which plenty of governments already using for what you are saying instead of relying on American companies like Slack.

If I were you I would start playing with Matrix sdk before reinventing this wheel.

Avatar
Garbage nsec 9mo ago 💬 1

Matrix we looked at but Nostr events and relays are about as complicated as we want things to get, and this is also more of a Kind1 play. This https://bettermode.com/ is an example of one we were asked to pitch against the other week.

Our pitch is if you're going to be brave, pass over the other guy and take things in house, then you're going to want the most dead simple thing possible. Nostr is pretty dead simple.

Avatar
Nuh 9mo ago 💬 1

The reason to stick with Nostr is getting grants from Nostr enthusiasts... but if you need that more than flexibility to address your market, then you are doomed anyways in my opinion.

Avatar
Garbage nsec 9mo ago

Let's see, if we start doing some good business off these implementations then there won't be much more to say. At that point it'd simply be one of a thousand proven B2B business models and you slowly expand with sales. There isn't anything out there that both covers that particular niche and is as dead simple, and so far we've got good interest and moving to POCs in April.

I'll give you an update come the summer.

I know zero about pubky. Melvin posted about it but I can't parse those. Is it B2B leaning?