Comment by psionides
4 days ago
So, one big problem is that there's basically no way to have shared-private data in the protocol - it's either private to you, or fully public. Hence no "locked accounts", "followers-only posts" and so on on Bluesky, and this also prevents more sensitive ideas like e.g. "Strava on ATProto" (where you probably don't want to share your run map with the whole world!).
They are working on this, but it's still gonna take a while as I understand.
Ah thanks for the answer. What's the PKI story on bluesky, doesn't every identity have a corresponding public key? So if I had a list of people I wanted to a post to be visible to, couldn't I "just" encrypt it with a key that is decryptable by each of those individuals via their pubkey?
PKI distribution for encrypted data is an unsolved problem at the scale of many millions or billions of people. Signal caps at 10k iirc
It's also generally not advisable to make your cypher text publicly visible
That being said, I'm working with others in the ecosystem on "permissioned space", which are much closer to how people think about Google Docs and similar systems working.
There is also another effort around E2EE content (MLS) for messaging. They are also thinking beyond just messages too
Peergos has a private data solution that is compatible with (and predates) atproto (dag-cbor, portable data and accounts and social graph).
Fantastic. Looking forward to seeing where you land.
It’s not that shared private data is impossible, just that the mechanisms haven’t been fleshed out yet. I expect this type of setup might be difficult to scale?
I'm not really familiar with that layer of things, but I think it's possible, though that "just" is doing a lot of work here of course, and I think it might not necessarily be a good idea to have encrypted messages available publicly for everyone all the time, so they can collect them and wait until someone slips up / a vulnerability is found / they have enough hardware to crunch it...
My immediate thought to