The checkmark is the wrong approach. You should never trust accounts, because accounts get hacked. We should instead use cryptographic signatures on individual posts, and clients can warn when that signature doesn’t match the account’s public key, or if that key changed recently. The private key would never live on the server, and ideally live outside the app.
This doesn’t verify identity, it just proves the key didn’t change. To establish identity, the person needs to use the same key in multiple places, such as posting it on a personal website or something. If a service wants to add their own stamp of approval, they can sign these public keys and embed them into the apl for clients to use (e.g. show a blue checkmark if Bluesky can verify the public key outside its system).
If the private key is compromised, repeat the process, potentially signing the new key with both the old and new key to prove control of both (or start from scratch if needed). Repeat whenever they get hacked.
deleted by creator
This is a great idea.
It’s also not new. GPG has been around for decades, and is pretty much this.
Bluesky, the decentralized social network […]
Were only one instance exist or did I miss something?
As I understand it, the protocol has the ability to decentralize built in. But the technical requirements are prohibitively high to the point only large businesses or corps could afford to do it. I also believe (someone correct me) the company hasn’t switched on the functionality yet.
The biggest thing is that you need to be manually authorized by them for federation. They will only ever federate with servers that arent serious enough competition to lead to democratization of the overall network.
No, PDS federation is fully open now.
They’re also actively supporting development of 3rd party appviews and relays.
The power dynamic is still 1000000:1 they can do whatever they want and you will have to follow. If they defederate you, there is no value in your self hosted instance.
Partially - something running independent infrastructure like Whitewind (blogging on atproto) will still work just like before (it’s easier for them to run it independently because you don’t need a full network view, just pull in the posts from the user’s PDS for standalone display)
When the work to make appviews easier to run makes it more practical this will be less of a risk.
Last heard (a few months ago) the cost is in storage. The protocol isn’t too complicated now, but it generates a shit ton of data, and IIRC you need a minimum of 3 copies.
Storage is cheap whwn it comes to webhosting and 3 replicas is honestly not much when it comes to enterprise standards. I think cloud storage providers like backblaze keep something like 9 copies of data across different mediums
my mom has always told me that I had the potential to work at NASA. but the requirements are prohibitively high
I believe in you!
all you need is a work ethic and a time machine
Maybe you remember PDS federation not being open for a while, but it’s open now.
Running a public appview can be very expensive, but they’re working on making it cheaper to run one with a limited scope.
I think their initial selling point was that Eventually©®™ Bluesky would federate with the rest of the Fediverse.
Is anybody really surprised that a social media corporation didn’t make it their utmost priority to allow their userbase to connect out of their proprietary platform?
They never said they’d do so natively with other protocols - but they support Bridgy, so you already can do that.
Interesting how other instances of the fediverse have no such restrictions. It’s almost as if they want to make it as difficult as possible so that people just don’t federate.
There’s literally no restrictions other than simple rate limiting, which you can ask for exceptions for.
I don’t know a Mastodon/lemmy server which wouldn’t rate limit new peers
Nope, it’s 100% centralized.
It’s 100% centralized, but with the ability to be decentralized. Sorta like Threads before they started federating
The “ability” to decentralize has costs that scale quadratically. So in every practical sense, it cannot be decentralized. At best it could have a few servers that participate.
No, it doesn’t scale “quadratically”. That’s what going viral on Mastodon does to a small instance, not on bluesky. Pretty much everything scales linearly. The difference is certain components handle a larger fraction of the work (appview and relay).
Both a bluesky appview and a Mastodon instance scales by the size of the userbase which it interacts with. Mastodon likes to imagine that the userbase will always be consistent, but it isn’t. Anything viewed by a large part of the whole Mastodon network forces the host to serve the entirety of the network and all its interactions. So does a bluesky appview, in just the same way, but they acknowledge this upfront.
Meanwhile, you CAN host a bluesky PDS account host and have your traffic scale only by the rate of your users’ activity + number of relays you push these updates to. Going viral doesn’t kill your bandwidth.
I can’t speak to how traffic costs and mastodon works, but this article explains how having multiple blue skies federating with each other scales quadratically. https://dustycloud.org/blog/how-decentralized-is-bluesky/ it is very thorough.
In fact, it is worse than the storage requirements, because the message delivery requirements become quadratic at the scale of full decentralization: to send a message to one user is to send a message to all. Rather than writing one letter, a copy of that letter must be made and delivered to every person on earth
That’s written assuming the edge case of EVERYBODY running a full relay and appview, and that’s not per-node scaling cost but global scaling cost.
Because they don’t scale like that, global cost is geometric instead (for every full relay and appview, there’s one full copy with linear scaling to network activity), and each server only handles the cost for serving their own users’ activity (plus firehose/jetstream subscription & filtering for those who need it)
For Mastodon instance costs, try ask the former maintainers of https://botsin.space/
I’m sad that bots in space had to spin down, but there are still bots on Mastodon. One server quitting didn’t take everything down.
The part where if a mastodon post gets popular, it has to serve that to everyone makes sense because it’s kind of like a website. Maybe there could be a CDN like Cloudflare that a mastodon server could use to cache responses?
The part about Bluesky that doesn’t sound good to me is “to send a message to one user is to send it to all”. Wouldn’t this be crazy with even 100 servers for 10000 users, vs 2 servers with 5000 each? Not sure how the math works but it doesn’t look good if they have to duplicate so much traffic.
Sure, but until it actually gets used significantly in that way, we might as well just say it’s centralized.
This is a little bit more black and white compared with the other responses. 🙈
You can easily host your own instance with a simple docker stack.
I dont know of any public instances except the main but I also havent searched.
you can host your own PDS, but everyone is still using the same appview
I dont see this in the article.
No one disliked the check mark before “Genghis Kunt” started selling it
It was selectively given to institutions and “major” celebrities before that.
Selling them dilutes any meaning of “verified” because any joe can just pay for extra engagement. It’s a perverse incentive, as the people most interest in grabbing attention buy it and get amplified.
It really has little to do with Musk.
mastodon exists
idk man I haven’t seen anyone complaining about it on Bluesky
This is a net positive, nice to have a social media where verification checks are…actually used for verifying the person behind an account
But isn’t the domain already doing that?
The problem with domains is that regular people would need to know what a domain is and what verified ownership says about the account in question.
Even then, reading domains is quite difficult, even for people who know about the topic: Humans are Bad at URLs and Fonts Don’t Matter
Excellent post as usual from Troy, but use Bitwarden, not 1Password
Personally I use KeePassXC + Syncthing, but Bitwarden/Vaultwarden is also a great.
What’s somewhat amusing, for lack of a better word, is that even that advice doesn’t fully resolve the issue, as Troy himself recently was the victim of a phising attack, where one part of the issue was that even legitimate sites changes their sign-in domains frequently enough that you kind of become numb to when the auto-fill stops working and just “correct” the issue without the necessary due diligence.
That link was a super interesting read!
If they are, and there isn’t anything to display it, how are we to know what’s been vetted and what’s slipped through the cracks? Especially on a new account?
It’s the username so already quite visible.
For example someone at say, NPR, could use a name like @bob.npr.org which is only possible by verifying ownership of the npr.org domain name, so there is no need to vet anything.
That’s great for an organization like NPR which may have the resources to tie its own domain name into Bluesky. For some freelance reporter or otherwise verifiable person, I’m not sure it’s quite so practical.
Domains are dirt cheap.
And tying it to the Bluesky system? Not sure the cost of that (I swear I saw it was a potential monetization they were looking into) but also the time to figure it out isn’t practical for everyone.
I just bought a domain for $2
I saw some small talk about it, and it really just boiled down to domain verification is great for more tech savvy folks, but trying to get larger accounts (think politicians, celebrities, etc) is a lot harder. Having a visual check, using tools within the app or site, is a lot easier.
And personally I like the idea of verification checks as long as it remains a simple means to do just that: verify the owner of the account. Morons like Musk and his ilk always thought it was a clout thing, and for a small minority that was probably the case, but by and large before he ruined it, it was great.
I feel like domain usernames are still inherently susceptible to phishing, you can get a typo or similar character to try and trick someone that your username is an official one
Domains only help you verify organizations and individuals you recognize directly.
This verification system also allows 3rd parties (it’s NOT just bluesky themselves!) to issue attestations that s given account belongs to who they say they are, which would help people like independent journalists, etc.
Idk. Celebrities and Politicians usually have other vetted channels such as their own website or a website of their ogranization representing them. It should be basic journalistic work to see if their social media links link to the account in question or not.
I’m not seeing the advantage of everyone having to do the same vetting process repeatedly.
So it is not given to a centralized authority, that is guided by for profit motives and also does the moderation of its plattform.
Where this can lead was shown with twiiter. The moment the central organization is captured, the central authority will abuse the authentification for its own goals. Then instead of just having to check for the authentification to be reliable you need to question everything that is on that plattform as a whole, which is infinetly more consuming, but also simply impossible.
This doesn’t appear to be given to a centralised authority. If the authentication process fails then it falls back to the previous method anyway. In reality most people won’t bother to authenticate if it involves any significant work.
Most of the complaints I’ve seen were about Bluesky’s lack of a formal verification system.
They could never figure out how the current system of checking the username.
Based on how verification was revoked for some users on Twitter based on their content rather than question of their identity, I’m cautious about this system turning into the status symbol it became on Twitter rather than the verification it claimed to be.
you don’t kill a cow for a scratch on her leg (I hope the saying is understandable for everybody since it doesn’t come from English).
I’m on mastodon and bluesky: the first is even less populated than here and a big part of the interesting content comes from bot reposting popular accounts from x or reddit, while the second is far from being THE solution but it’s nowadays a -not wildly populated- compromise. I don’t condone (while I understand) the Turkish bans and I’m not interested in a verification system: if I’d like one, I’d use https://en.wikipedia.org/wiki/EIDAS.
I hope bluesky will correct its approach for what they can (the “good old” twitterin the golden era was banned in Turkey)I believe the equivalent saying would be “don’t let perfect be the enemy of good”.
I couldn’t give a single shit about these twitter alternatives, because the whole concept is stupid.
the whole concept is stupid.
+1
Being that algorithmic just makes any Twitter-like design too easy to abuse.
Again, Lemmy (and Reddit) is far from perfect, but fundamentally, grouping posts and feeds by niche is way better. It incentivizes little communities that are concerned about their own health, while users have zero control over that shouting into the Twitter maw.
yea lemmy/reddit definitely seems like more of a sweet spot. with twitter/mastodon or anything that has a “say something” text box right in your face on every page, you are going to end up with a lot of noise, because most people just dont have interesting things to say most of the time
I don’t understand - do you think mastodon (or the fediverse in general) is sparsely populated? That’s not my impression at all!
That’s exactly what I meant: very few people, only on main niches, and some political and lifestyle ideas are common to 90% of the userbase (ie: anti-Trump, pro-Palestine, pro-Foss, etc).
I’m not complaining, just reporting what I seeIt seems that you don’t curate your followers much and/or don’t follow many people. The timeline is what you make it to be by following a variety of people as there isn’t an algoritm to curate it for you. There’s plenty of interesting content circling around and it’s wholly up to you wether it makes it to your timeline or not.
I get it, but I don’t want to curate my followers, I’m not a news media, I just follow users I totally like, I usually look for content I don’t see in my timeline, do a lot of surfing, but in the end it’s not that big as today
This shitshow sounds familiar.
this is unnecessary with custom domains
Their position is that custom domains are “too hard.”
Tbh I’ve seen more people asking for this than the people complaining.
How come they don’t use the already built in domain verification? It’s basically fool proof to certify that an account is owned by a specific entity.
It’s what Twitter had and most people on blueksy just want Twitter before Elon. It sucks but that is really what the majority of people even want. They don’t care about the decentralized stuff.
I think having both is nice
There’s been a lot of impersonated accounts popping up lately, so it doesn’t surprise me they’ve opted to do something like this.
Bluesky already has domain based verification which solves that perfectly, I guess people just don’t want to use it.
Oh yeah, they are literally everywhere. And a lot of them are impersonating people that haven’t switched from Twitter yet to take advantage of it specifically.
How does bluesky make money?
Right now, venture capital investments - same as all tech starts out.
How it’ll monetize to become self-sufficient remains to be seen.
Not same as “all tech starts out”. You’re literally typing on tech stack that didn’t start out like that. Then there’s Masotodon, fediverse, gnome, kde, linux etc. Etc. - literally almost no good software comes out of VC world statically speaking.
I just saw a group is going to start doing custom feeds with ads inserted. I blocked the account and every single sucker who comes in to say congrats and how excited they are about it. Fuck the lot of them. That said, that’s a third party, but also an example of what they could do.
same way twitter made money.
deleted by creator
You eeediots!
Ren from Ren and Stimpy?
😎
Embrace the fediverse
You’re hereby given a ✅
☑️
If they really, really want to fix 99.8% of the problems with hate speech (and many other issues), each user needs to agree to have their real name, home address, email address, and phone number available to the public, in their profile. While what I’ve just said is completely absurd, for almost everyone, it’s the anonymity that empowers people to say the absolute worst things.
Why don’t most people in the checkout line (queue) at the grocery store act the same way they do in a traffic jam on a roadway? Because they’re much more likely to be held personally accountable for their conduct. I wonder how much traffic would change, if our name, address and telephone numbers were required to be posted on all sides of our vehicles?
it’s the anonymity that empowers people to say the absolute worst things.
humans behave badly when they perceive they have social license to do so. anonymity has little to do with it
- exhibit A: public robberies of German Jews in the 1930s
- exhibit B: rwandan genocide
- exhibit C: any public confrontation video shot during the Covid pandemic
your second paragraph makes you sound like Larry Ellison. all you’re arguing for is the extension of the capacity of corporations to constrain and coerce invidiual behaviour, which is gross
I think anonymity has a lot to do with it, but you certainly point out that there’s more than anonymity to factor in. I also agree that, especially in our problemed data sharing environment, having our data on public display would be troublesome (understatement of the year). My comments weren’t so much of a “we should do this,” as much as a point of the cost of fixing the problem. Fixing the problem would be worse than the problem itself, but not by much, since all of our data is collected anyway. I personally believe that social media should mostly be outlawed - but I’m old enough to remember a better world before it existed.
I didn’t read what you said but I like it, everyone gets a license plate on bluesky.
Any system built on anonymous accounts is going to have the exact same problems. Lemmy is not “less bad” than Reddit because it’s decentralized. Blue checks isn’t the problem with twitter, and neither is Elong
Not sure where you’re going with that, but it’s a perverse incentive, just like the engagement algorithm.
Elon is a problem because he can literally force himself into everyone’s feeds, but also because he always posts polarizing/enraging things these days.
Healthy social media design/UI is all about incentivizing good, healthy communities and posts. Lemmy is not perfect, but simply not designing for engagement/profit because Lemmy is “self hosted” instead of commercial is massive.
Lots of “how dare they solve a real problem with the only method yet invented” in these replies. Gtfo losers, clutch your pearls harder. If you don’t like Bluesky don’t use it. Don’t be a whiny little bitch about it.
Only method yet invented?
