Use social media direct messages to establish a connection on a secure messenger designed for direct messaging, and for nothing else. When people try to initiate conversations with you in DMs, have a ready answer to pivot the conversation elsewhere.
Social platforms like BlueSky have radically different design constraints than direct messaging applications. The implications range from security to social dynamics to legal concerns.
E2E Encryption is on the road map for Bluesky as it requires some protocol changes. The devs are encouraging people to use the DMs to exchange Signal info, and reminding people to not use DMs for sensitive info.
It wouldn't matter if they implemented "E2E" encryption. "E2E" is necessary but insufficient for messaging security. It would still be a terrible idea to rely on Bluesky DM's, even if they met some floor of cryptographic quality, for the same reason that it's a bad idea to use Facebook DMs, despite their cryptography being close to the gold standard for large scale social apps.
It's important though because it allows you to communicate things that don't really belong in the open while remaining under your identity on that platform and avoiding the need to link that identity with your identity on a different service.
It would be useful if I could send people Signal link where they could login with their Facebook/Google/Instagram account (OIDC) to chat with me over Signal.
Signal no longer requires phone numbers as identifiers, so this might be feasible.
The thing is that a closed system like DMs on a platform can be more effectively monitored for spam than something like email (or phone calls or texts) because everything is under single control.
Nowadays it's chat, photos/videos, and online purchases thus forming an all-in-one app. Not quite popular here in the West, though that's Elon's eventual goal with X. But think WeChat in China.
The original law fails for too many programs to be useful in its own, but why do you need some law to replace the obvious expectation that a social media program is going to do messages?
Impressed by the rate new features are coming. During the first twitter takeover, many migrated to mastodon in my circles, but it didn't stick. Second wave to bsky has gained enough traction that the circle has sustained there for over half a year, with most disabling their account on X. But a few have remained on X mainly to be able to DM. So this fixes that.
What's lacking for me now is video. Having to share through YouTube and then embed for just small daily clips is a bit cumbersome.
Video is the killer because it's expensive. Don't they still have no ads and only one paid feature, buying a custom domain name through them directly? Which nobody actually has to pay them for because you can link a domain name registered anywhere else for free.
They could just charge for video. Inconcievable to have end-user usage pricing, I know, rather than just give away everything, but someone should try it.
True. And yeah, I'm also a bit concerned about the longevity of bsky. Hope they can figure something out, without stooping to twitter level stupid ads or lock in (like disabling api / the openness)
Disagreed - Mastodon has a major problem. The whole concept of server/instance is unnecessary and introduces extra complexity and hard problems.
Nostr has it right where servers/instances are completely interchangeable and all the hard work is done by the client.
I get why Mastodon had servers at the beginning - because browsers can't speak any other protocol than HTTP towards a single origin domain name. But this limitation fundamentally constrained the entire product into a corner that's very hard/impossible to back out of.
Mastodon should've been Nostr in the first place, with "instances" just being read-only views into the network (to satisfy browser's "demand" for an HTTP endpoint), but otherwise would be disposable and interchangeable - all write actions would be made by a client that doesn't have the constraints of a browser and can interact with the decentralized network over an appropriate protocol (and do the necessary cryptographic magic to ensure those peers are trustless and interchangeable).
The concept of "instances" not only introduces many user experience problems that makes it a non-starter for non-technical people (or even technical people who just don't have the time/willingness to deal with BS) but also open the door for politically-motivated feuds between instance admins to which the users are held hostage (instead of moderation being done on the client where the user is the only one in control of which "moderation feeds" they subscribe to, similar to an ad blocker list).
Decentralized just doesn't work in a centralized cyberspace.
You need to recreate your own centralized cyberspace and then build the underground path to the decentralized canyon.
Then provide a mothership allowing others to dock of their own standards and protocols. Yet allowing them to take off at their own accord with the data of the centralized hub.
> I had to switch servers because of subs political dispute between admins
That seems like a positive, not a negative. If you don't like the choices of the people running Twitter or BlueSky, you can't leave but still maintain your social graph.
I suspect that's why Twitter is still doing as well as it is participation-wise since the Musk acquisition: Twitter is still by and large where the people are, even if the owner is an insufferable jerk.
That's sounds great until the enormous art instance everyone goes to because "it's the art instance" defederates yours over made up and exaggerated reasons despite your instance's admins working hard to solve the few actual problems and being kind and communicative at every step.[0]
Petty tyrants try to ruin everything.
On Bluesky, there are art feeds for every kind of interest. I've used Mastodon since near the beginning and really only stick around for the small cohort of instances mine is in. It's increasingly all crossposts from Bluesky.
>> "If you don't like the choices of the people running Twitter or BlueSky, you can't leave but still maintain your social graph."
It took a while but I'm convinced they're sincerely working toward account portability. I can at least already point my domain at another PDS even if getting at my posts would be a sketchy, probably very technical operation with command lines and scripts. (For now)
These are people who've been working on decentralized social media for as long as it's been a thing (and newer people who share the goal), and it's hard to ignore the dedication to that goal once you look into their histories.
> That seems like a positive, not a negative. If you don't like the choices of the people running Twitter or BlueSky, you can't leave but still maintain your social graph.
I (actually not my personal but a project account) had to move servers because the original server had been blocked by other admins because of a fairly interminable dispute about whether one user had been racist (it was far from clear cut from what I could tell from the brief time I spent digging into it).
How is this positive? It seemed to spell out a future where Mastodon split into islands based on long-forgotten generational disputes.
I want one network with a clean way to choose who I see and who interacts with me. I don't want other people making this decisions on my behalf.
> I suspect that's why Twitter is still doing as well as it is participation-wise since the Musk acquisition
Twitter and mainstream social media is still doing well because they have a large network of people that are either non-technical and can't use the fediverse or just can't be bothered.
The Musk acquisition is a storm in a teacup, for the vast majority of people (especially outside the tech circles) nothing changed. Yes it's still a cesspool, there's spam, Nazis and harassment, but that's not a significant difference from what it was before (every high profile tweet was immediately replied to by crypto scam bots even pre-Musk), and the format of the platform has always encouraged polarization, hostility and harassment, so Musk didn't change much there either. Yes it's a cesspool, but it's the same one that people know and (seemingly) love.
It's super american-centric too. For a "decentralized" platform that basically covers 2 small areas of the world is not a good sign. I feel like Bluesky had done nothing to address discoverability and sharing issues. Most engagement is centralized with 1% of shitposters.
From listening to a podcast with the founder it seems that's their goal too as they want to integrate bluesky with e-commerce which obviously doesn't work well globally.
The 3 main communities seem to be English speaking, Japanese, and Portuguese. The community is way smaller than Xitter for sure but are the percentages that off?
I've never been exposed to non-US content on Bluesky unlike Mastodon where it's a melting pot from every possible niche and location.
To me it seems like Mastodon's focus on hashtags as discovery mechanism won hard in this space thus allowing such diverse communities to thrive on the platform.
There's an implicit language filter around your default language. It was implemented because the Japanese is comparatively as large as the English audience and a lot of English language users were complaining about searches and feeds being filled by Japanese posts. I chat a lot with Japanese Bluesky because I'm fluent in Japanese; probably 50% of my Bluesky activity is with Japanese Bluesky. I've made friends with a Japanese tech reporter and they share their articles with me occasionally, so it's fun to see a non-English speaking perspective.
Unfortunately I think a lot of the people who use Mastodon and are trying to dunk on Bluesky are doing so in bad faith or not quite bad faith but a non-willingness to explore Bluesky with the same openness and curiosity as Mastodon (this may purely be from a time perspective, I mean we're all human and only have so much time to devote to internet shitposting.) I used and stopped using Mastodon before the whole Xitter thing, because I had 2 instances shutdown on me for various reasons and didn't want to bother trying again. I'm mostly on Bluesky and it seems to have the same features as Mastodon sans the easy to build instances because ATProto is a more complicated protocol. I find the network of Bluesky (or at least my feed) to be a lot less tech focused and for me this is a win. I already engage with tech people on HN, parts of Reddit, and Discord. I don't need yet another tech site full of the common tech tropes like ranting emotionally into the void or getting hung up on niche things that only tech people care about. Just my $0.02.
The feedback about not cross-pollinating non-English-speakers is good though and I've been working on a feed that uses some ML to generate cross-cultural feeds around certain topics. It's been slow going because work has been tough and I'm locked in wedding "hell" in my personal life.
Having tried both BlueSky and Mastadon I found Bluesky pretty easy to use and Mastadon bewildering. There were so many Mastadon servers I didn't know where to start. I guess maybe it doesn't matter what server something is on because the app can connect to all of them, but then discussion topics would be repeated in multiple places and it all seemed so disjoint. Like the chaos of old IRC networks but amplified. All in all I felt like a babe in the woods on Mastadon while Bluesky is pretty shamelessly just "Twitter minus Nazis". One thing I like about Bluesky is when a thread starter mutes one of the posters, it mutes them for everybody in the thread, not just the original poster. While this might unfortunately facilitate creation of echo chambers it is a supremely powerful anti-troll tool.
The other big reason I went with Bluesky over Mastadon is that several of the people I used to follow on Twitter have moved over to Bluesky.
> One thing I like about Bluesky is when a thread starter mutes one of the posters, it mutes them for everybody in the thread, not just the original poster.
Oh interesting. This is a really cool feature. It kinda nudges it in the direction of being a private, self-run micro-blogging platform, where replies are essentially comments that you can moderate.
Mastodon core devs avoid discussion of server choices because it inevitably reveals that 1/3 to 1/2 of Twitter/Bluesky/Mastodon by volume and/or users are Japanese image posters incompatible with Western, especially European, languages/memes/values.
2/3 of top 3 and half of top 10-20 Mastodon instances(not including Misskey ActivityPub servers) are Japanese. They really don't like that.
I think the primary difference is in the communities. Every six months or so I log back into Mastodon and the discussion there is one hard 'Nope' for me. I don't understand why I'd voluntarily read a platform where every other post is a 'call out' of something 'problematic' according to the warped world view of '@CatMomLibrarian' or something similar.
Cutting out the Nazis from Twitter is a great start, but Mastodon has done this by simply doubling down on the other end of the horseshoe. It's Truth Social for the other fringe.
BlueSky seems somewhat richer in normal people, but that probably won't last if the platform is successful over time. It seems in the nature of social networks to be taken over by parasitic outrage grifters.
From discussions with security professional friends and folks on E2E encryption of protocols: I don't think it's that they can't figure it out, it's that they know it's hard to get right and harder to fix later, so they're taking their time to do it right in the first place. They don't want to end up like Telegram or Matrix with furries doing unflattering writeups on their security.
I agree that the furry interpretation of privacy is intimidating, but at the very least I think Bluesky could start with generating a private key on each client device, and then using a simple box algorithm to encrypt messages towards the user they want to talk to. The PDS could store these messages encrypted, so the PDS owner cannot read the messages.
I don't think https://tweetnacl.cr.yp.to/ is hard to mess up. Similar to the interior of a furry suit, you won't know what is going on in there.
> but at the very least I think Bluesky could start with generating a private key on each client device, and then using a simple box algorithm to encrypt messages towards the user they want to talk to.
Yes it is! If you're doing to encrypt some things in a constrained use-case, sure, NaCl is better than hand-rolling it yourself. But it's not sufficient for end-to-end encryption. Here's a few things that TweetNaCl (and other NaCl variants) is, without further protocol design, inadequate to protect against:
1. Invisible Salamanders. NaCl uses xsalsa20poly1305, which is not key-committing.
2. Forward Secrecy. NaCl's crypto_box doesn't give you this at all.
4. How do you do group messaging? If you do it as just pairwise, do you use the same public key as your p2p messaging? There's a lot of ways that can subtly go wrong.
There is a damn reason end-to-end encryption involves authenticated key exchanges and forward-secure double ratchets.
Well, exactly. My point is that in a constrained use-case NaCl would be sufficient.
If you want to rotate keys, then simply delete your private key and since we trust Bluesky so much we can use the PDS to share new pubkeys once we rotate. In fact, this would work for signing keys too! Then the PDS wouldn't be able to write messages for you if it wanted to.
For group messaging you simply encrypt the message to each recipient.
If they want to upgrade to a Axolotl from this, great! But starting with plain text is not private messaging, it is group messaging with your PDS admins and whoever they want to share that data with.
I agree there are more layers you can add on top of TweetNaCl to improve security.
I'm going to personally add you to the list of people Bluesky should hire to get this implemented without the consent of the Bluesky employees. If they choose to hire both of us perhaps we can figure out how to implement this for them.
I will not commit to putting on a furry suit. But I've been known to try everything once. And bonus I live right next to the furry convention center and have always wondered what the heck is going on at the Hyatt while you guys are here.
I won't go out of my way to find out if you don't want it known. If you decide you want to know what's going on in the hotel, there's probably lots of video on YouTube from whichever convention it is.
They have a product, but do they have a business? I haven't kept up with them lately; do they have anything approaching a revenue model that would sustain them and provide good returns to their investors?
All of bluesky is MIT licensed (unless there's a subset I'm missing), and developed pretty openly. Heck, you could use DMs much earlier if you logged into main.bsky.dev (with an app password, ideally) rather than bsky.app.
They don't have E2EE yet, and use a different system than posting does on the site. (ergo, I think they're not in the firehose)
Yeah, I wrote my own PDS from scratch[0], that was capable of federating with the sandbox network.
Now that federation is enabled in the public network, I've been working on a slightly more production-ready rewrite[1], although it's not yet in a usable state (haven't had much time to work on it lately)
I don't think this is the right place for that, but there are generally a bunch of libraries which will help you get this sorted out. If you tweet at me your tech stack and framework(s), I might be able to help you with more info. My details are in my bio.
I'm building a Twitter/Bluesky/Mastadon/Farcaster competitor targeted at the average HN reader. Usable but not yet launched. Anyone want to beta test it?
I went to Bluesky because some of my personal favorite non-tech Twitter personalties ended up there. I'm a fan of @Popehat, who has a lot of informed political legal commentary. There are also a number of fiction writers and artists I like there. Surprisingly full of the people I happen to want to subscribe to. And surprisingly large gardening and astronomy communities.
Less my thing, but if your interests include trans rights, furry porn, or romance authors, Bluesky's definitely the place for you.
Signing up went really well. Mastodon absolutely fumbled the Twitter disaster because it was difficult for non-technical people to figure out what to do. Bluesky just looks like Twitter unless you're actively looking for options to be on another server.
Mastodon has fixed their onboarding process (a bit late) to be much more user friendly.
> if your interests include trans rights, furry porn, or romance authors, Bluesky's definitely the place for you.
Same could be said for Mastodon, plus retrocomputing and a lot of tech people who don’t want to be on Musk’s Nazi bar anymore. Compiler folks and John Mashey hang out on Mastodon.
If you follow US politics, you do want to be on BS, though. Mastodon is better for international politics and stuff like Eurovision.
i haven't seen tech people, save for the bsky devs. in my time building a client for it (as a side project), i observed a healthy population of journalists, furries, and people who have bad political takes.
when openai launched gpt-4o and google had its i/o, the two events didn't make a dent in the bsky trends. what did make a big dent was eurovision. that says a lot about the population of tech people.
It’s where a significant chunk of the writing community has ended up. I think people who feel the need to reach out to the public may still be more active on Twitter, but it’s definitely the online writers’ bar now.
at least among the people I follow, there aren't really very many tech people. It's pretty much friendly enough for anyone to use imo.
I mean, sure if you want to run a PDS or labeller, that's basically technical folks only at this point, but I've seen non-technical people put together feeds, choose which labellers they want to pay attention to, etc.
but for just skeeting and BMing, it's user friendly
Not only are they not end-to-end encrypted, Bluesky's DMs seem like they're entirely centralized. From their 2024 roadmap:
> We looked closely at alternatives like linking to external services, re-using an existing protocol like Matrix, or rushing out on-protocol encrypted DMs, but ultimately decided to launch a basic centralized system to take the time pressure off our team and make our user community happy.
It's a stop-gap because people want DMs and implementing them correctly (decentralized, e2e encrypted, etc.) is non-trivial. Rushing e2e encryption is not a good idea (and no, you can't just slap on matrix/signal and call it a day).
The alternatives are to:
1. Wait a bit longer for something half-baked that appears to meet the goals (i.e., something you're going to regret but will be unable to replace).
2. Wait even longer for something perfect.
By making the protocol centralized and stupid-simple, it's also stupid-simple to replace in when everyone is done painting the perfect bikeshed.
In my experience, temporary fixes are more likely to "stick" the better they are at addressing the problem. The fact that nobody is satisfied with this fix is a good sign.
They did, which is why it seems like a relevant example to your question. They shipped centralized, and have already replaced the centralized service they shipped with a decentralized service.
> They can monetise content that didn't originate on their platform.
They have been doing it for years.
> It shifts regulators attention from them to closed platforms like X.
It doesn't. Threads is just as closed (despite integrating an open protocol), and is still subject to the same scrutiny and provisions as the rest of Meta's products.
> They can leverage their advantages e.g. ad serving, safety to push competitors into niches.
So, let me get it straight. Facebook gained so much from adopting a decentralized protocol so they will inevitably move in the same direction that:
- they will use it to remain the only centralized service?
- they will use it to do the same thing they do before (serve ads, collect user data etc.) but somehow will be absolved of regulations and scrutiny?
Facebook messenger is not completely decentralized, but it is E2E encrypted now after years of struggle with governments and UX. It's definitely possible to move centralized systems to be more decentralized.
It's an example of somebody replacing a centralized protocol with a more decentralized one. It's also one of the biggest direct messaging platforms in the world with E2E encryption.
That depends on your definition of decentralization. Because of the way most people set up their apps, almost all Matrix users and ~all Signal users are using a centralized app under this definition.
> That depends on your definition of decentralization.
Decentralization literally means "not centralized". If you have a single centralized entity serving all your messages through a set of centralized servers, it makes the setup what?
> Because of the way most people set up their apps, almost all Matrix users and ~all Signal users are using a centralized app under this definition.
Yes, they do, and it's centralized. What exactly makes you think otherwise?
e2e encryption is a net loss for a lot of use cases. Particularly, most DMs are spam in my experience.
Spam prevention is much harder if the server can't see the message. Spam reporting can be done with sufficient effort, but stopping the known spam from reaching the user in the first place is impossible (the closest you can get is a client-side scan before actually showing the message to the user, which requires downloading the whole message just to show "number of incoming messages" indicator or else having the indicator lie).
And of course, E2EE is a lie if you're visiting a website anyway.
It is my understanding that many E2EE chat systems won't actually E2EE your initial message to someone you aren't already mutual in-app contacts with.
Either E2EE is something you "upgrade" an existing conversation into (only after both sides consent to the conversation); or E2EE is something that only inherently establishes once both sides have sent one-another a message; or E2EE is something you can only enable before you start a conversation, if you already have the other person's public key (which you only get when you request to add them as a contact, and they accept.)
I think schemes like this balance privacy with spam-prevention quite well: privacy-conscious people can explicitly add each-other before either person says anything / can send intentional small-talk as pairing messages; while everyone else gets the benefit of a central spam-filter sitting between them and messages from strangers.
Except they'll never replace it because they'll be too busy making some other feature stupid simple by centralizing it and we'll be back to centralized social media.
I feel for them, because even if they (and weirdos like us on this site) value decentralization and other related values the average customer just DOES NOT CARE. They're trying to compete with other platforms without this handicap and very people people are willing to give them any "credit" for it
I'm a little bit sympathetic, but they've also kinda tried to have it both ways. They spent ages inventing a new protocol for decentralized microblogging, and then ages more before you could actually use a server other than theirs. But DMs is now where they don't want to spend the time up front to do it the right way?
To be fair, they’re a tiny team with a ton of things on their roadmap and limited time to do it all. It seems they’re taking it slow on core stuff that they really need to get right, because it can’t be changed later, while adopting pragmatic solutions for things that users want now and which can be swapped out for better implementations in future.
From using Bluesky it feels like the goal is to build a social media experience that’s as decentralized as possible without sacrificing the user experience.
So, they want the experience to be like Twitter for the users that don’t care about decentralization, but to be backed by something like ATProto underneath for those who care.
I’d say Mastodon is more “the entire point is that it’s decentralized”. Bluesky it’s a major point, but not the entire point.
Yea, especially when their rational is DMs are the most asked for feature.
Build a good enough version now, and then tackle the end to end encrypted fully decentralized version. The cheap version can give them the breathing room to build the better version.
>Bluesky it’s a major point, but not the entire point.
And I'd say that was the right tradeoff to make. Mastodon is only marginally more useful than IRC at this point, and is completely useless to the average person. I as a developer have yet to even figure out how it's supposed to work. And no, I'm not going to spend hours digging through docs.
>Mastodon is only marginally more useful than IRC at this point, and is completely useless to the average person. I as a developer have yet to even figure out how it's supposed to work.
I don't know how you define "average person" but plenty of people who aren't developers are on Mastodon.
This argument that Mastodon is "too complicated" is perennial, despite the obvious evidence to the contrary in the growth of its adoption. It's particularly weird to keep seeing it on a forum full of people who think compiling software from source and working in arcane terminals is trivial.
You can just sign up for an instance like any other website (or multiple.) Or you can pay any number of hosts for an instance of your own (I use masto.host, $9.00/mo.) Or just run the activitypub plugin in Wordpress and your Wordpress is now also a Mastodon node.
It's been on a steady downward slide for the last year, from almost 2m during The Exodus to about 900k active users now. People sign up, but most don't stick around. I also can't help but notice my own timeline has slowed to a crawl, and it's mostly the same few people. It's not vibrant and busy like it used to be.
Aggressive growth and addictive velocity are cancerous, let it reach a healthy equilibrium. Slow can be good, too.
I'm following ~500 people at the moment, and getting relays from a few instances. I see a constant flow of new stuff but I can also easily leave and do other things, because Mastodon isn't designed to maximize engagement and addiction. I don't feel a constant need to post or comment or chase endorphins. The scale is just fine for me.
I was on there when it was just Mastodon.social. It was more vibrant then, and it's been more vibrant in recent memory, before it rocketed to 2m users and started falling. Something is different, and it's not good. I think people who've been there are getting fed up with problems no one seems to care about years on (even people like me who kept giving it chances and pushing for change), and new people are going somewhere else instead of trying Mastodon.
You can stick your head in the sand if you want and hope the year-long freefall stops rather than consider there might be a problem. It's what I've come to expect.
> plenty of people who aren't developers are on Mastodon
How many of them are gonna stick around once their instance goes offline, or the admin does something crazy (which isn't impossible considering how many of these are ran as personal/fun projects by geeks rather than actual businesses), or their instance gets into a feud with the others and results in defederation?
All of this is overhead. It's overhead that can be managed, or you can pay someone to manage it for you, but it's still overhead and extra problems that just don't exist when you can instead sign up for Instagram or Twitter and call it a day.
My person in deity the standard you're defending is the lunatic dumpster fire that is Twitter, where Elon just decides shit at random like "likes are private now" and "you can just pay for a checkmark" or "I'm unbanning all the nazis lol."
I personally haven't experienced any of the "overhead" of Mastodon that you're mentioning, and making seem far more common than it is, but Mastodon seems far more stable than Twitter as a platform and a community at the moment.
And sure, some people might not like it, and that's fine. There are and will always be alternatives. But anything is better than Twitter.
>I as a developer have yet to even figure out how it's supposed to work
You go to https://joinmastodon.org/, click on "join" (or pick another server if you are adventurous), fill in your username and email and you're good to go.
Why do people invent fictional horror stories about a service that's at this point functionally as easy to use as any bog standard website?
You go to https://joinmastodon.org/, click on "join" (or pick another server if you are adventurous)
Regular consumers hate this because they don't know what they're getting into, and it feels like the social media equivalent of a crypto scam where you're invited to buy a coin, any coin. It was probably intended to resemble arriving at college during rush week and pick a social/activity club to join, except you have to pick a server without any real way to browse around and understand what differentiates them.
heck, I'm not a regular user, and I find it annoying to pick a server without knowing what the vibe is. I want to lurk without any transaction costs before I sign up for something
You can see posts on any server to "find out what the vibe is" without registering. For example: https://fosstodon.org/public/local. What are the transactional costs here?
>You go to https://joinmastodon.org/, click on "join" (or pick another server if you are adventurous), fill in your username and email and you're good to go.
And that gives me access to the entire service? Or just bits and pieces of it? And how do I find other services? Asking around? Who's seeing my data if I sign up on another server? What are the anonymous operators of said server doing with my password and email? How do I message someone from another server? Are those messages secure at all?
Decentralized works for motivated parties. It does not work for the masses.
Yes, it gives you access to the entire service, you don't need to find anything. Messages and accounts in Mastodon are visible across the network. The operators of almost all instances aren't anonmyous, the address of the default server operators is literally listed on the about page.
If you have zero knowledge and don't care Mastodon functions exactly like Twitter. If you care more, you can invest time, host your own server, do what you want, that's optional.
If decentralized systems don't work it's amazing that my grandfather is able to send emails every day. Which is btw the exact equivalent to Mastodon. You don't care you sign up for Gmail, if you do, run a server out of your basement.
> If you have zero knowledge and don't care Mastodon functions exactly like Twitter.
That’s simply not true. Even as a technical user I sometimes stumble over things like not being able to follow an account after being linked to their servers web site. “Wait, why am I logged ou– oh, this isn’t my server.”
Those questions aren't there, when you sign up it's just like any other service. If you want to do the decentralized thing or wonder 'why do some people have specific domain handles and the like, the information is easy to get, but you could also use it without ever knowing any of that. So very low friction for non-technical users.
> And you know the answer to all those questions for bluesky?
Nope. Just pointing out the downfalls of decentralized, and the fact that compromising with some centralization (as Bluesky is doing) is a better way for most people.
The main issue with other platforms is that the content that exists within are too wild-west. Anime isn't a everybody thing nor are geeky Programming/Linux communities or furry artwork for that matter.
Where do I find TikTok content within Matrix? That's what the current content-matter is.
The corporate apply heavy exploitation; psychology and social exploits to the user. And while the other platforms don't and carry merits such as privacy and the likes; people really just don't care they are being used for systematic learning, being manipulated because some peer is influencing them.
Companies pay large amount of money in R&D for developing social exploits, all the way down to the background colour of the icon of the app. A platform has to have a gimmick to catch. Privacy, decentralized isn't it.
These foundations don't have corp money to pay for content producers, influencers and so you then end up with dwellings of niches which can turn urk at best.
Decentralization is a solution for establishing a saner, fail-safe governance structure (or we can call it "billionaire-proof"), not the problem to be solved by itself. You need to have enough traction to achieve this goal and sometime it might make sense to compromise the decentralized implementation part.
Kind of, sort of, but not so much? They're also targeting people who left Twitter because of the moderation policies, ownership, and/or user base. Among Bluesky users, Twitter migrants easily outnumber decentralization enthusiasts 10 to 1 at this point.
This is spot on. BlueSky and Threads have just become "left-wing Twitter", intentionally in quotes because it's actually a very small subset of users that left to found their own hug-box, due to some irrational hate of Musk, or that people they don't like at the old place are allowed to have opinions again.
Nobody cares about protocols, except maybe the handful of infosec nerds on Mastodon. It's about a middle school-level rearranging of friend groups. A VIP lounge where they only hang out with their own.
There was an exodus of a small subset of users, and BlueSky was there like an abandoned building that was squatted. It being invite-only added to the exclusivity as invites were passed amongst like-minded peers online, further adding to the echo-chamber.
I left Twitter because I got tired of having inflammatory content be shoved in my face without ever actively following any of the people posting it.
Censorship is bad, but amplification of horrible takes is not equivalent the absence of censorship.
The quality of ads (I was using the official client) was also quickly approaching the quality of predatory late-night TV shopping channels (“call NOW to get our ULTRA LINT REMOVER with free shipping!!!”).
His tweets started appearing in my feed at an absurd rate some time after he bought it, and I never followed him.
That’s like my utility company insisting I watch a message from their CEO on all devices they power every once in a while, or the owner of my car dealership calling me every once in a while unprompted to chitchat.
> People dislike Musk out of pure jealousy and try to rationalize it via other means.
I don't think this is true. Most people I hear express that they don't particularly like him, also attribute it to things that made me not like him. The rescuer story, the absurd trolling, the disparaging of specific individuals, the pretending to be for "freedom of speech" until the speech is about him.
This is a person I once thought had the desire and the means to push humanity forward. He's done so much, all of it tainted by, well, being absolutely unhinged.
Are you Elon's friend or relative? Logically, other people's opinions about him shouldn't concern you at all. Yet here you are white knighting someone who's just the CEO of a scaled text messaging app. Why do you care?
Who's talking about "getting upset"? Elon Musk has done a lot of things in his life that slot him into the "bad person, do not like, do not support" category. That's just called forming an opinion. I'm not playing darts with his photograph. I'd prefer to hear as little about or from him as possible, frankly.
It's nice that they are being honest about how the existing thing is not encrypted. Typically what happens with these things is that some entity announces that they have end to end encryption. But it turns out that they mean that end to end encryption is only possible. The user has to compare some ridiculously long number to achieve it and few users actually end up doing that. In most cases they are not even provided with any concepts to allow them to initially make things secure and maintain this security over time.
Didn't the early versions of Skype, which was coded by like 4 guys, do decentralized end-to-end encrypted messaging like 20 years ago? Before MS bought it and removed all the security at the behest of the government[0], I mean.
So two decades later, when we now have so many widely available open source libraries for networking and encryption, that job is somehow too hard for a well-funded organization like Bluesky? That's very sad.
End to end encryption is not a hard problem from a cryptography perspective. It's a hard problem for key management (eg, how do you handle multiple devices?) and recovery (how do you handle someone losing their phone and wanting to recover their previous messages?). Twitter tried this and half-assed it, and Bluesky apparently want to do a better job.
It's not a core feature for their current user base, apparently. I think they care about it more than their users do. They won't be able to implement it at all if they don't have any users.
Doing it in a way that behaves the way people expect is what requires work. It's easy when both people are online at the same time. It becomes more difficult when you want to ensure asynchronous delivery and receipt and which supports people hopping between devices and not losing the conversation history. I can naively think of a way which would be to make them work identically to normal Bluesky posts except they're encrypted with a public-private keypair, but that would leak who is talking to who and how many DMs people are sending and receiving.
Curious if they could simply piggyback on the Signal source code. Lots of folks try to reinvent the wheel these days. Just like protocol buffers reinvented ASN.1 + PER and so-forth. Even the crypto folks at protocol labs opted for the former in place of an established standard.
No. I wrote about this a couple of years ago (https://mjg59.dreamwidth.org/62598.html) and the answer is that while Signal solves the cryptography problem, the other hard problem (ie, everything to do with key management) is still up to whatever's on top of the Signal protocol.
They're not E2E yet, although they plan to introduce this later (and have had a good record so far of adding features incrementally with very few bugs). But you shouldn't be using any social media platform for communications that need to be secure.
Probably a noob question but: why is E2E encryption hard to implement? It took WhatsApp a long time to implement as well. Is there a particular reason?
End to end encryption isn't hard.
End to end encryption for non technical users who might forget their password, is hard.
The trouble isn't the encryption. It's, how do you make it feel seamless without having access to the private keys, and without asking the end user for their private key.
reminder for all the twitter haters: Twitter's good!
Yes, I know there's plenty of reasons you'll nitpick twitter and I can nitpick bluesky as well.
More competition is good and I like to see it. Go where your friends are and have a good time.
If you want the edge of Ai/ML, I suggest twitter. Lots of world class accounts. Bluesky is good, has more old school... like 'harry potter' type nerds on it. They post interesting stuff. You should also have a discord. Maybe an insta if you're trying to get a gf
Kind of lost interest in blueskys future after they announced they hired twitters former trust and safety lead. Twitter has issues today for sure but that isn’t one aspect I’d like back (eg shadowbanning and lying about shadowbanning etc).
This could also be seen as a weakness. The lack of focus means fragmentation. Fragmentation means confusion. Users tend to want/need to know what to use and where to go. Telling someone, "go get an email account," will leave them asking more questions or giving up. It's a homework assignment for research. Telling someone, "go get a gmail account," is an actionable thing they can do. We made it there with email, but they were news anchors trying to explain it to people and a lot of friends helping friends, or simply ISPs setting it up for their customers. It's been 30 years of mainstream awareness.
If someone said, "I'm on Nostr," and I wanted to join them, then I found that page you linked to... now what? What is a Zap? Is this some kind of crypto nonsense? "amount in sats"... what's a sat? I just went to what was supposed to be a reddit clone and there were 0 posts. Another one is just a chess board. What is this supposed to be, the user asked? I'm already annoyed by this. "Here are 90 sites, go find the 1 that might not be a ghost town that will also let you talk to your friends." This is a bad first impression, and it's not even my first time hearing about it.
The public will never be sold on a protocol, there needs to be that one killer app that brings people in, and if the protocol is flexible to allow for more things, great.
Hard pass. Why would I ever want my wallet to be social? What does a social network have to do with Bitcoin? This sounds like social media for insufferable crypto bros.
why "at this point"? nostr was designed after activitypub was, in order to solve problems in activitypub. No substantial evolution has happened in activitypub in the interim to invalidate these improvements.
> Is it still a mostly cesspool of american politics-obsessed twitter refugees?
99% of social media on the English-speaking web is basically American politics obsessed, if you don't want that you need to branch out to other languages.
It's less due to politics and more due to the rotten business models of all mainstream social media - it encourages engagement (algorithmically, so it doesn't even need human intention/decisions), it just turns out that political content is great at generating engagement and thus it floats to the top.
Various actors take advantage of this for various reasons (including political motivations) but the underlying problem is that the platform itself will promote any content as long as it generates engagement.
My experience is that it's the opposite. My twitter timeline got filled up with blue checkmarks spamming their things. Their comments are boosted in every discussion. And since it's a certain demographic that pays for twitter blue, it completely altered everything. So at least in my circles it's to get away from all the hate and outrage that was just to gain virality, and get back to actual discussions on the topics we care about (which is far from US politics).
Social platforms like BlueSky have radically different design constraints than direct messaging applications. The implications range from security to social dynamics to legal concerns.
Social DMs are bad. Try not to use them!