While Nostr and AT Protocol (used by Bluesky social) may appear similar on the surface, there are subtle differences between them.

Nostr can be seen as a self-contained protocol where relays are capable of implementing their own content moderation policy and store only the content that users have transmitted to the relay.

It is the clients that implement their own User Interface and algorithm.

Conversely, the Authenticated Transfer Protocol (AT Protocol) is intended to serve as the underlying protocol for multiple social networks (applications).

Using AT Protocol, each application can implement its own user interface and content moderation, but the data is held in the users' own data repository.

Additionally, users will be able to select the algorithm used to surface content. These competing algos will be available in a marketplace.

Similarities:

- Both are protocols

- Both are open source

- Both utilise public key cryptography for identity

- Both are used to enable a social network experience

Differences:

Data storage -

Nostr users transmit data (notes) to relays who store these notes.

AT Protocol users have a Data Repository, which applications can request access to read.

This Data Repository stores content, such as:

- Identity

- Profile

- Social graph

- Content (posts, comments, likes, media blobs, etc.)

This data is saved locally on your laptop / phone, depending on available storage, and is .

Key Rotation -

Nostr uses a simple pub / priv key pair for authentication. It does not natively support key rotation.

If the private key is compromised, the user cannot easily revoke access to the compromised key.

AT Protocol natively supports a root private key (Recovery Key), which is used to authorise a signing key.

If the signing key is compromised, the user can issue a new signing key using their Recovery key.

Moderation -

Nostr relays and/or clients are able to implement their own moderation policy.

Relays and/or clients may(?) be responsible for compliance and takedown requests.

Applications built on top of the AT Protocol are able to implement their own moderation policy and are responsible for takedown requests, however this data would still exist in the users Personal Data Repository.

Account Portability -

Competing social networks (think Instagram, Facebook, and Twitter) can use the AT Protocol to request access to this data, which is controlled by the user.

This makes account portability possible, meaning it would be possible to login to competing social media platforms, with their own interfaces, features and moderation policies, but still retain your contacts and supported content.

So who is the winner?

Based on my (extremely limited) understanding of both, AT Protocol is more complex but is superior from a user data, key management and algorithm selection perspective.

The Personal Data Repository structure allows users to store their data and authorise or revoke access to this data by applications.

Additionally, users are able to rotate keys in the event that their signing key is compromised and select the algorithm used to surface content.

*** would appreciate if anyone can correct / clarify any points I may have misunderstood or expand on any areas where warranted