mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

329K
active users

The thing with Bluesky is that people want to believe.

You can go blue in the face pointing out that the decentralisation simply doesn't exist, and people say "hmm, well, benefit of the doubt, seems like they're working on it..."

You can give lengthy chapter and verse about how this is not a workable design for a decentralised system and it just doesn't get much response.

That's because people want to believe it, and so they do.

As briefly as possible:

If you read the spec, Relays jump out. There's a reason why there's only one and it's under the control of Bluesky.

did:plc (the usernames directory) jumps out. There's only one and it's under the control of Bluesky.

Appviews jump out. There's only one and... you get the idea.

*Lots* of people are looking at all this right now. If it were possible to run these things themselves, they'd be doing it for fun/interest. But it isn't.

@tomw Re. the did:plc thing, even if issue over control of the database was fixed, there's the issue of control over the individual records.

If you are a Bluesky user and wanted to move your personal data to another server (or self host), you'd need to update your identity record to point at the new PDS.

The identity record lists a set of keys that are trusted to sign changes to the record. Those keys belong to Bluesky rather than the user.

@jamesh Yes, and their early language about this being a "placeholder" has shifted. They have no particular plan to replace it

@tomw It feels like they wanted to build a blockchain identity system, but took some shortcuts in the implementation and left out consensus and rollback prevention. So they could potentially rollback an identity to a state where it was controlled by a different set of keys.

They publish a full transaction log, so this could be detectable in theory. But I'm not sure what recourse you'd have.

Tom Walker

@jamesh Yeah, the design has quite a lot of blockchain-inspired-looking elements but then tends to short circuit them ultimately

@tomw most of these complaints are non-issues if you think of the directory as a centralised service.

But by trying to make it look like it might be decentralised, it seems to have worse privacy than a simple centralised user database would have.

You can enumerate every account, including deleted accounts. You can also see the full username change history of every account. It seems like a great trove of information for research, but I'm not sure users are aware that it is being published.

@jamesh I noticed this warning the other day:

"Handle history could potentially de-anonymize account holders if they switch handles between a known identity and an anonymous or pseudonymous identity."

Of course this is buried on a page where hardly anyone will ever see it...

github.com/did-method-plc/did-

Public Ledger of Credentials: a cryptographic, strongly-consistent, and recoverable DID method - did-method-plc/did-method-plc
GitHubGitHub - did-method-plc/did-method-plc: Public Ledger of Credentials: a cryptographic, strongly-consistent, and recoverable DID methodPublic Ledger of Credentials: a cryptographic, strongly-consistent, and recoverable DID method - did-method-plc/did-method-plc