Surprisingly, despite the title and the unique intents of the DID architects when DIDs have been being envisioned, that a DID method be decentralized will not be a requirement. ATProto helps two DID strategies, did:web and did:plc, which (despite the “D” in “DID”!) are both centralized. So direct messages on Bluesky are centralized, and whereas Bluesky does say so of their blogposts (previous the point at which most individuals have learn), most users I’ve talked to have assumed they worked the identical method that the rest of ATProto works. The answer is that Bluesky and ATProto haven’t any design for this at present, and a lot of the architectural assumptions assume public messages only. But these do not make Bluesky decentralized, which it’s not inside any affordable metric of the facility dynamics we’ve got of decentralized protocols which exist right now, and it does not use federation in any means that resembles the way that technical time period has been used inside decentralized social networking efforts. Bluesky’s credible exit claims rely each on content material addressing but in addition on its use of Decentralized Identifiers (DIDs) for account migration.
Or, at the least, can a “credible exit” be made doable? The presumable answer is: Bluesky wished to supply a feature-complete platform from the attitude of a person who’s on the lookout for an exit from Twitter now. There can also be the legal legal responsibility that one is taking on by successfully hosting the equivalent of all of Twitter! For that matter, if you’re coming from Twitter, whether or not or not Bluesky is actually decentralized, it actually appears extra decentralized than Twitter, the same way that Twitter could seem extra decentralized than cable information. Even though the majority of Bluesky services are at the moment operated by a single firm, we however consider the system to be decentralized because it offers credible exit: if Bluesky Social PBC goes out of enterprise or loses users’ belief, different suppliers can step in to offer an equivalent service using the same dataset and the same protocols. Why would Bluesky roll out a direct message system that they’ve acknowledged is just not the long run direct message system they might like long term?
This looks like a strange choice to me; it does mean that did:plc URIs fit in 32 characters (eight characters for did:plc:, 20 characters for the truncated hash) which I suppose is a nice round “laptop’y” number however why throw away all that valuable entropy? This is an eyebrow-elevating choice by itself; apparently the cloud HSM product they use does billing per key, so it could be prohibitively expensive to provide every user their very own. For one thing, if all works proper, Bluesky can only deny rotations or retrieval of did:plc paperwork, however since future updates to the doc are signed by the original DID document’s key, Bluesky should not (hm, we’ll return to “should not” in a second) have the ability to forge future updates to said document. We at the moment are hitting the bounds of a devoted server regardless, so one may have to move towards extra abstracted and clustered storage and indexing mechanisms past this point to maintain the community working (except disk manufacturers surprise us all with an unlimited leap in capability which is rolled out within the very brief term future).
And Bluesky’s builders are very open to acknowledging that did:plc is centralized, and have expressed some interest in shifting to something else, or enhancing its governance in order that the organization is managed by one other extra neutral org (Paul Frazee particularly means that one solution could even be to maneuver to an ICANN-like organization). For my part, this should truly be the best way Bluesky brands itself, which I believe would be more honest: an open structure (that is fair to say! But wait, did not I beforehand say that the online was open and decentralized? However, I stand by my assertions that Bluesky is just not meaningfully decentralized and that it is certainly not federated according to any technical definition of federation we now have had in a decentralized social network context previously. However, this ledger is centrally controlled by Bluesky. However, we believe that such handbook key administration is not appropriate for many users, since there may be a big danger of the keys being compromised or misplaced. But once more: to many customers, this does not matter. There’s another foolish factor about did:net: there’s really not an actual motive for did:internet, since all did:web does is effectively get rewritten through a trivial common expression to an https: hyperlink, and you can just use that very https: link instead of did:net and serve the identical info in any relevant context.
