Replying to Avatar fiatjaf

Of course it's fake, but I wait for your counter-arguments on why it's not instead of just "come on".

I'm not saying they are evil, where did I say that? I think they truly believe in the things they're saying and doing.
Avatar
Garbage nsec 9mo ago 💬 3

Fake, okay, but fake what? Fake open source? Fake credible exit? Fake announcements? I'm not sure what about it can be described as fake. Are they selling fake Nike shoes in the lobby? And same for scam. Scam what? Are they a front for something we should know about? I get that you mean fake and scam in a poasty sense, but still your "Bluesky is a scam" headline is a little on the tabloid side.

They've always been pretty clear they're going for a more-decentralised-over time-approach. Sometimes when talking to a normie audience they gloss over the nuance of that, but so does everyone.

And it is getting more decentralised. Right now anyone can spin up an AppView lite on a raspberry, connect that to a few PDSs, add a bespoke relay, etc. (No BlueSky company infra in the mix). Enthusiasts mainly now, but that wasn't possible a few months ago. You've got apps going alpha this month like https://sprk.so that’ll be running their own relay/BGS (first publicly accessible relay in Brazil thats not owned by BlueSky) their own AppView, own CDN, using their own lexicon—didn't have any example like that a few months ago. BlueSky just announced they're moving the directory out, which is the last core infra piece still inside. And if you start inside their hosting then it's getting much easier to pull your repo and your keys out now, even under adversarial conditions.

And there are more apps popping up, a lot of which have no crossover with bsky.app. You've got a github clone in pre-alpha, the repo of which you can host on a Raspberry Pi at home https://tangled.sh/@tangled.sh/core. That's a new thing. Other things like https://recipe.exchange/ which use just the ATProtocol identity, have their own lexicon. The https://whtwnd.com/ longform app pulls directly from PDSs.

So quite a lot of "not Kind1" stuff in the mix, and the argument for bsky.app having too much gravity is more of a Kind1 argument than an “other stuff” argument. These apps aren't competing with bsky.app or even using that lexicon (nobody's gonna want their git discussions to show up on their Kind1 feed).

And even for the pure Kind1 stuff there are a good number of new clients now, albeit piggybacking off bsky lexicon, hosting, etc.

Yes the whole deal is way more centralised than Nostr. Yes if BlueSky the company shut down tomorrow without any warning then people wouldn’t have time to pull their repos out. (Though if Damus shut down their app and relay tomorrow without any warning, that wouldn't be chaos free for Nostr.)

But the point is they're going in the direction they said they would go, and a lot of stuff in your “BlueSky is a Scam” article is now out of date. Can the whole thing ever escape its own black hole gravity? Maybe, maybe not. Place your bets. But it's definitely not a silly thing to suggest it might.

Course Nostr is much better for certain use cases. This B2B stuff I'm doing, ATProtocol would never work for that, no average IT department could digest it. But still though, ATProtocol is not a scam.

Reply to this note

Please Login to reply.

Discussion

Avatar
fiatjaf 9mo ago 💬 2

I didn't say anything about "not kind:1", so you're addressing the wrong question. Anyway, you do pose interesting points, but let me say some things:

I thought it would be clear from my article above that I have two major concerns: their identity system is fully centralized and ran by the Bluesky company and their BGS is ran by a single company, which can control everything and perform any form of censorship, shadow-banning, limit who can join and so on.

If some other app is running their own BGS then fine, that won't be taken down, but interoperability becomes a very distant goal at this point. These will always and forever be just two independent apps -- in fact even if they're using the same BGS that is true if they're using completely independent schemas. Maybe that's a feature, I don't know, but you don't need a protocol for that, you just need people making their own apps with their own servers like it already happened in the internet before.

This is not to mention the fact that each of these apps runs their own server (the distinction between AppView and BGS doesn't matter much) and will not work if that specific developer decides to shut it down, and that developer can decide to censor, kick people out, do anything they want, as always, and there is no alternative besides someone else creating a new instance and trying to compete (again, this is not different from normal "web2" apps competing with each other -- and we know once one gets big enough network effect their power becomes absurd and competition becomes absurdly hard).

If we assume this is all good -- and sure it does look like an improvement over the previous state of the internet, albeit a very small one -- we must address the fact that the only good thing they're bringing is the portable identity. This part is the most egregious, because their "decentralized interoperable identity" is just one server that the Bluesky company hosts. How can that be defended?

Avatar
daniele 9mo ago

> this is not different from normal "web2" apps competing with each other

> the only good thing they're bringing is the portable identity

I agree.

Avatar
Garbage nsec 9mo ago 💬 1

>This part is the most egregious, because their "decentralized interoperable identity" is just one server that the Bluesky company hosts. How can that be defended?

Where is that coming from?

Yeah if you sign up on BlueSky's host and never claim your identity then sure, it's on their server. But you can claim it anytime. Their whole philosophy is let the user claim control when they're ready, and in steps. A user can rely on did:web alone for their ATProtocol identity and not use did:plc at all. You end up with a did.json file that conforms to the DID spec w your public keys, your handle (e.g. fiatjaf.com), and service endpoints like your PDS URL, and that did.json file lives NIP-05 style in location on https://yourdomain.com/.well-known/did.json. I get that many people won't claim their identity, but you can claim it anytime. Even if you set up just your web handle (as many users there have done), that's enough to be able to take did:web adversarially later. Once you claim did:web you are fully in control of your identity on the protocol.

If you're talking about did:plc then yes directory operated by BlueSky, though they've announced that's moving out, and my point is that (a) let's wait and see if does move out and where it goes and (b) you don't even need did:plc if you've set up did:web.

Avatar
fiatjaf 9mo ago 💬 1

Of course I'm talking about did:plc, which is used by everybody except for about 12 weirdos who have set up did:web, and here you are writing a long paragraph as if did:web was this very obvious thing that all Bluesky users use? This is kind of a shitty argumentation move you have there.

Anyway, did:plc is the only thing that matters because you cannot migrate out of it into did:web, there is no such thing as "claim your identity". Even if it was, did:web is not decentralized anyway, it's just delegating your identity to another centralized third-party.

Avatar
Garbage nsec 9mo ago 💬 1

Fair comment on the12 weirdos, that is probably an accurate count of the current number of individual weirdos on did:web. I'm in this space for the B2B opportunities, and I'm thinking more about larger companies for whom did:web wouldn't be a heavy lift, and it could easily become a general corporate IT requirement in future. (Most of the current did:webs are probably larger companies or universities.) But just having the exit door existing isn't enough, you have to take into account the number of stairs to get to it, so okay, fair comment

And yes, fair comment on no crossing between did:web and did:plc, but again, what if in two months the did:plc directory is with some ICANN like body? Still not pkarr, but for most ownership-conscious people that'd be a perfectly okay compromise. A lot is hinging on where there directory goes and when. But they have announced it publicly, so it'd be hard to go back now.

Avatar
Nuh 9mo ago 💬 1

You should focus on Twitter and Facebook then, same centralised identity and much bigger market.

If did:plc became like ICANN, they would have spent too much time spewing bullshit just to become what they should have started with; registering a TLD and give people domains on signup, instead of this DID garbage.

And the 12 weirdos are not businesses by the way, businesses don't give a fuck, hell even presidents their didn't care enough to point their domain to the did:plc.

If you are in it for the business opportunity, make sure to not get high on this supply, if you have to sell it to business good for you, I am rooting for you, just don't confuse yourself.

Most importantly; don't ignore all the signs that Bluesky users don't give a shit about any of this, so if you build a business assuming there is a market for digital sovereignty enthusiasts... you are going to lose your shirt.

Avatar
Garbage nsec 9mo ago 💬 1

I think Nostr is *the* protocol for businesses, I've been pitching Nostr these past months to businesses in Asia and a decent reception so far (though not calling it Nostr). I think the future of Nostr is B2B. As mentioned somewhere above I'd never pitch ATProtocol to a business.

My main point at the start of this all is simply that ATProtocol is not a scam. It's a decent attempt by decent people, and it has a chance to evolve in a way that would be good for the internet at large. I'm mainly just tired of the hyperbole and the throwing of rocks when it comes to ATProtocol (and ever so often, Farcaster). That's all.

Avatar
Nuh 9mo ago 💬 1

Ok, I will bite, what does Nostr offer businesses? Because my basic bias is that it offers absolutely nothing, if anything the shitcoin Wallet Connect offers more because at least you know people who use that have money and likely to waste it on stupid stuff.

What does an npub and very unreliable relays and extremely small audience offer businesses?

Avatar
Garbage nsec 9mo ago 💬 1

Cross-company social that functions like email and can also be used by frontline workers and vendors on both sides (those with no basis for SSO). It competes with https://slack.com/intl/en-gb/connect and other offerings. It's cheaper, it's open source, no third party, it's easy for IT departments to understand and with relays on both sides of the fence it can be managed as each side likes. It mirrors email in many ways, and you sell it with email analogies.

Also competes with stuff like https://uintra.com/ but only for the cross-company case.

-Current nostr audience is irrelevant

-Zaps are irrelevant (unless the companies in the mix want them, but we never pitch them).

-The Nostr brand is irrelevant (nobody knows it anyway)

Event+relay architecture w redundancy, keyparis, and the open-source candy jar of client code are all very relevant. Overall lightness is relevant. Clients are custom-deployed from open source (each side has their own client and our team will service it). We plan to use one client codebase for all customers at the start.

Early days and just pitching for feedback but so far is good.

Course none of this is what Nostr was invented for. But if you were going to draft up an architecture from scratch for cross-company social in the vendor age then Nostr is kind of like the thing you'd end up with.

Avatar
Nuh 9mo ago 💬 1

I think you are thinking of the Matrix Protocol... which plenty of governments already using for what you are saying instead of relying on American companies like Slack.

If I were you I would start playing with Matrix sdk before reinventing this wheel.

Avatar
Garbage nsec 9mo ago 💬 1

Matrix we looked at but Nostr events and relays are about as complicated as we want things to get, and this is also more of a Kind1 play. This https://bettermode.com/ is an example of one we were asked to pitch against the other week.

Our pitch is if you're going to be brave, pass over the other guy and take things in house, then you're going to want the most dead simple thing possible. Nostr is pretty dead simple.

Avatar
Nuh 9mo ago 💬 1

The reason to stick with Nostr is getting grants from Nostr enthusiasts... but if you need that more than flexibility to address your market, then you are doomed anyways in my opinion.

Avatar
Garbage nsec 9mo ago

Let's see, if we start doing some good business off these implementations then there won't be much more to say. At that point it'd simply be one of a thousand proven B2B business models and you slowly expand with sales. There isn't anything out there that both covers that particular niche and is as dead simple, and so far we've got good interest and moving to POCs in April.

I'll give you an update come the summer.

I know zero about pubky. Melvin posted about it but I can't parse those. Is it B2B leaning?

Avatar
ynniv 9mo ago 💬 1

nostr is the minimum viable decentralization. Anything less than this is not viable, or not decentralized

Avatar
Garbage nsec 9mo ago 💬 1

Decentralisation is a moving target.

You look at the web itself, it started with a protocol (HTTP) and a single client, a browser called "WorldWideWeb", which they renamed Nexus in 1994 to avoid confusion with the broader concept of the World Wide Web. So the first "WorldWideWeb" was basically Chrome. And that means the web at first was totally centralised. Other clients then appeared and evolved, making HTTP more robust (Line Mode, Erwise, Viola, Mosaic...)

This idea that HTTP appeared and then the web just sort of "happened" on top of it is widespread but totally false.

That's the path ATProtocol has said it wants to go. For that to work the protocol has to get more and more decentralised as time goes by, and that means more and more independent implementations have to appear to take away market share and mind share from the Nexus-like flagship demo.

That's how many decentralised protocols have developed. And the opposite is also true, many protocols that started off pretty decentralised have gradually become more centralised over time (which arguably is what's happening vis a vis Nostr relays if you go by nostr.band stats).

Time dimension is important.

Avatar
fiatjaf 9mo ago 💬 3

Given that you have established that starting decentralized or not is irrelevant, what should we consider when assessing the decentralization status of a thing?

Incentives (and possibilities).

Any reasonable person can see that Bluesky will remain centralized forever because of identity centralization and data centralization, in fact it cannot be decentralized at all because the identity system is centralized by design (because they wanted to do a blockchain for key rotation but couldn't figure out how). All one can argue after that is that is that "it doesn't matter" because "login is easier".

While Nostr has much bigger chance of being decentralized, although it could also fall back into a "de facto Bluesky" mode and have its data all centralized in one place, but that would be a very unlikely hard failure edge case from which it could even recover later if developers wanted.

Avatar
ynniv 9mo ago 💬 1

The web was never centralized because anyone was always able to run the client or set up a new server without asking anyone. Without integrated identity or DRM there were no centralizing forces. Bluesky wants to be able to protect communities via "the right" moderation and identity management. This is core to the value of the platform, and also prevents it from ever being an open system. Free as in beer, not free as in speech

Avatar
Garbage nsec 9mo ago 💬 1

That's factually incorrect on petty much every level.

Avatar
ynniv 9mo ago 💬 1

🤷🏻‍♂️ Show me

Avatar
Garbage nsec 9mo ago 💬 1

Moderation is at the AppView level, not at the protocol level. If you create an AppView you can choose to use bsky.app's moderation, or use another app's moderation, or use no moderation at all, for the same base of user posts. Far as I know the relay does do sybil attack and CSAM mitigation, but that's about it, and there are other relays going up, each of which is free to choose how it tackles CSAM, etc.. Or an AppView can pull directly from a set of PDSs without a relay in between. Or a bespoke partial relay.

With a raspberry you could spin up an AppView in a few days that shows all the posts that the bsky.app moderation team has taken down, minus presumably the illegal stuff that by law they had to deal with on the lower-infra level.

Fiatjaf's argument would be that other Kind1 type clients are incentivised to just reuse bsky.app's moderation since it's way expensive to do one's own moderation, and that argument holds weight--but again the time dimension, we need to wait and see how this plays out over time.

Avatar
ynniv 9mo ago 💬 1

First let's establish that bsky.app is not decentralized. They hold your keys and your data. If they disagree (morally or legally) with what you say, you have no recourse. Since they hold your keys, they can rewrite your history however they wish and it will be authoritative.

Your argument is really that ATproto is decentralized. First, I would argue that it's federated, as users have a "home" PDS. This is different than nostr, where you can spray events across every relay, or store them in a file, or send them to a friend over BLE, and they are *equally authoritative*.

Second, these ATproto apps aren't actually using ATproto: they're connecting to a Bluesky API. Perhaps they use a serialization format from ATproto, but they're simply asking nicely for AppView to take actions.

Third, it doesn't matter what ATproto is capable of, as people are there for bsky.app. Important features like account management, message deletion, and content filtering are done inside bsky and not using ATproto.

So, as fiatjaf points out, when bsky decides that doing everything in a truly decentralized manner is too difficult and sunsets ATproto, no one using the service will even be bothered.

Just like XMPP

Avatar
Garbage nsec 9mo ago 💬 1

Let's come back to this in a year. Time is the only referee of consequence here.

Avatar
ynniv 9mo ago

Until then we should let fiatjaf's assertion that ATproto isn't "real" stand. It's currently aspirational, and there is no clear way to resolve fundamental deficiencies

Avatar
Garbage nsec 9mo ago

>Incentives (and possibilities).

That one, yes, very much agree. On identity, I think the question is if they spin out the did:plc directory into whatever ICANN like body they are in talks with, is that a meaningful change or not?

For me, the vast majority of people who care about ownership in some sense will see that as "good enough" and it will also be healthy for the internet in general. So if they do that—and again the other week they came out and announced the talks have entered some kind of a late stage—then did:plc is basically okay in my opinion. Yes still centralised, but I'm cool with ICANN or whoever else being that centre, so for me that's a meaningful move.

I'm guessing you see this ICANN solution as just moving the centralisation around and therefore not so meaningful, doesn't pass the not your keys test.

Anyway not much more to say about that until they complete the move and it's clear how things will look.

Avatar
PixelBob 9mo ago 💬 1

Also Blueskys mission has changed. It is no longer a "decentralized" platform, it is now a platform for left wing refugees exiting Twitter. I'm guessing 99% of the new Bluesky users don't know, understand or care about decentralization.

Avatar
Garbage nsec 9mo ago 💬 2

What are Nostr users' thoughts on decentralisation is a good question. If nostr.stats is correct then Nostr just had it's lowest day in four months, i.e. since the start of the winter Nostr has been shrinking. Why then are people leaving? Do they feel Nostr is becoming more centralised? Or is decentralisation a secondary concern, the issue lies elsewhere?

I'm not sure, but if decentralisation were a top concern then we would not be seeing relay usage clump up in this way. At the very least we would be seeing more of a fuss about the state of the relay network and shouts to get Outbox working well. I suspect Bitcoin and social patterns surrounding it are more top of mind for Nostr users than decentralisation, and the reason people are leaving is they are getting a little bored of that conversation.

Avatar
PixelBob 9mo ago

You raise some good points, personally i'm on Nostr for decentralization first and social second, and even I find myself resorting to Primal and one or two primary relays just so it works.

Majority of people just want it to work, I get that. But if we sacrifice decentralization then this is dead in the water and I move on.

As to why are they leaving, who knows, bored, sick of the bugs? Most people want to maximize influence and network effect, if they don't see Nostr as growing they will leave.

Avatar
Johnson 9mo ago

SOLUTION TO ALL PHONE HACKING ISSUES, PROGRAMMING AND ONLINE TRAINING

* Email: conleyjbeespy606@gmail.com

* Telegram : +44 7456 058620

* Instagram: JBEE SPY TEAM

CERTIFIED ONLINE PRIVATE INVESTIGATOR AND CYBER SOLUTION EXPERT

- Full access hack into all types of mobile phones/devices

* Unnoticeable hack into all social media account

* Fixing of credit score

* Fixing of public record

* Recovery and multiplying of BITCOIN

* Cloud and email data extraction

* Location tracking

* Being blackmailed-we will trace the source and the person behind it-

CONTACT On

* EMAIL: conleyjbeespy606@gmail.com

* Telegram - +44 7456 058620

* Instagram- JBEE SPY TEAM

Explain what you want and go straight to the point. Make available TARGETS DETAILS.

And simplv start monitorina the device.