Hacker News new | past | comments | ask | show | jobs | submit login
Bluesky adds direct messages (bsky.social)
210 points by charlieok 8 months ago | hide | past | favorite | 198 comments



Use social media direct messages to establish a connection on a secure messenger designed for direct messaging, and for nothing else. When people try to initiate conversations with you in DMs, have a ready answer to pivot the conversation elsewhere.

Social platforms like BlueSky have radically different design constraints than direct messaging applications. The implications range from security to social dynamics to legal concerns.

Social DMs are bad. Try not to use them!


> The implications range from security to social dynamics to legal concerns.

Which are...?


E2E Encryption is on the road map for Bluesky as it requires some protocol changes. The devs are encouraging people to use the DMs to exchange Signal info, and reminding people to not use DMs for sensitive info.

https://bsky.app/profile/pfrazee.com/post/3kt457v6aq72n


It wouldn't matter if they implemented "E2E" encryption. "E2E" is necessary but insufficient for messaging security. It would still be a terrible idea to rely on Bluesky DM's, even if they met some floor of cryptographic quality, for the same reason that it's a bad idea to use Facebook DMs, despite their cryptography being close to the gold standard for large scale social apps.


Zawinski's Law:

> Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can.

I think nowadays we can substitute email with chat/DM.


It's important though because it allows you to communicate things that don't really belong in the open while remaining under your identity on that platform and avoiding the need to link that identity with your identity on a different service.


It would be useful if I could send people Signal link where they could login with their Facebook/Google/Instagram account (OIDC) to chat with me over Signal. Signal no longer requires phone numbers as identifiers, so this might be feasible.


Exactly. I often wish GitHub had a messaging capability, for these same reasons.


GitHub used to have DMs, they removed them, presumably due to spam and harassment.


The thing is that a closed system like DMs on a platform can be more effectively monitored for spam than something like email (or phone calls or texts) because everything is under single control.


Nowadays it's chat, photos/videos, and online purchases thus forming an all-in-one app. Not quite popular here in the West, though that's Elon's eventual goal with X. But think WeChat in China.


There is the western superapp, it's called Google Search.


whatsapp as well


The original law fails for too many programs to be useful in its own, but why do you need some law to replace the obvious expectation that a social media program is going to do messages?


Impressed by the rate new features are coming. During the first twitter takeover, many migrated to mastodon in my circles, but it didn't stick. Second wave to bsky has gained enough traction that the circle has sustained there for over half a year, with most disabling their account on X. But a few have remained on X mainly to be able to DM. So this fixes that.

What's lacking for me now is video. Having to share through YouTube and then embed for just small daily clips is a bit cumbersome.


Video is the killer because it's expensive. Don't they still have no ads and only one paid feature, buying a custom domain name through them directly? Which nobody actually has to pay them for because you can link a domain name registered anywhere else for free.


They could just charge for video. Inconcievable to have end-user usage pricing, I know, rather than just give away everything, but someone should try it.


True. And yeah, I'm also a bit concerned about the longevity of bsky. Hope they can figure something out, without stooping to twitter level stupid ads or lock in (like disabling api / the openness)


It is so far behind Mastodon. Both in terms of features and in terms of communities on there.

The people I interact with on BlueSky are nice, and the website is serviceable. But like Pebble / T2, I just don't see the momentum there.


Disagreed - Mastodon has a major problem. The whole concept of server/instance is unnecessary and introduces extra complexity and hard problems.

Nostr has it right where servers/instances are completely interchangeable and all the hard work is done by the client.

I get why Mastodon had servers at the beginning - because browsers can't speak any other protocol than HTTP towards a single origin domain name. But this limitation fundamentally constrained the entire product into a corner that's very hard/impossible to back out of.

Mastodon should've been Nostr in the first place, with "instances" just being read-only views into the network (to satisfy browser's "demand" for an HTTP endpoint), but otherwise would be disposable and interchangeable - all write actions would be made by a client that doesn't have the constraints of a browser and can interact with the decentralized network over an appropriate protocol (and do the necessary cryptographic magic to ensure those peers are trustless and interchangeable).

The concept of "instances" not only introduces many user experience problems that makes it a non-starter for non-technical people (or even technical people who just don't have the time/willingness to deal with BS) but also open the door for politically-motivated feuds between instance admins to which the users are held hostage (instead of moderation being done on the client where the user is the only one in control of which "moderation feeds" they subscribe to, similar to an ad blocker list).


I have up on Mastodon when I had to switch servers because of subs political dispute between admins.

Plus realising that global search was something that many admins were fundamentally opposed to.

Oh and the array of UX issues that made me suspect that many demographics would never adopt it.


Decentralized just doesn't work in a centralized cyberspace.

You need to recreate your own centralized cyberspace and then build the underground path to the decentralized canyon.

Then provide a mothership allowing others to dock of their own standards and protocols. Yet allowing them to take off at their own accord with the data of the centralized hub.


> I had to switch servers because of subs political dispute between admins

That seems like a positive, not a negative. If you don't like the choices of the people running Twitter or BlueSky, you can't leave but still maintain your social graph.

I suspect that's why Twitter is still doing as well as it is participation-wise since the Musk acquisition: Twitter is still by and large where the people are, even if the owner is an insufferable jerk.


That's sounds great until the enormous art instance everyone goes to because "it's the art instance" defederates yours over made up and exaggerated reasons despite your instance's admins working hard to solve the few actual problems and being kind and communicative at every step.[0]

Petty tyrants try to ruin everything.

On Bluesky, there are art feeds for every kind of interest. I've used Mastodon since near the beginning and really only stick around for the small cohort of instances mine is in. It's increasingly all crossposts from Bluesky.

>> "If you don't like the choices of the people running Twitter or BlueSky, you can't leave but still maintain your social graph."

It took a while but I'm convinced they're sincerely working toward account portability. I can at least already point my domain at another PDS even if getting at my posts would be a sketchy, probably very technical operation with command lines and scripts. (For now)

These are people who've been working on decentralized social media for as long as it's been a thing (and newer people who share the goal), and it's hard to ignore the dedication to that goal once you look into their histories.

[0] https://info.tech.lgbt/2023/10/13/thebadspace-situation.html


> That seems like a positive, not a negative. If you don't like the choices of the people running Twitter or BlueSky, you can't leave but still maintain your social graph.

I (actually not my personal but a project account) had to move servers because the original server had been blocked by other admins because of a fairly interminable dispute about whether one user had been racist (it was far from clear cut from what I could tell from the brief time I spent digging into it).

How is this positive? It seemed to spell out a future where Mastodon split into islands based on long-forgotten generational disputes.

I want one network with a clean way to choose who I see and who interacts with me. I don't want other people making this decisions on my behalf.


> I suspect that's why Twitter is still doing as well as it is participation-wise since the Musk acquisition

Twitter and mainstream social media is still doing well because they have a large network of people that are either non-technical and can't use the fediverse or just can't be bothered.

The Musk acquisition is a storm in a teacup, for the vast majority of people (especially outside the tech circles) nothing changed. Yes it's still a cesspool, there's spam, Nazis and harassment, but that's not a significant difference from what it was before (every high profile tweet was immediately replied to by crypto scam bots even pre-Musk), and the format of the platform has always encouraged polarization, hostility and harassment, so Musk didn't change much there either. Yes it's a cesspool, but it's the same one that people know and (seemingly) love.


It's super american-centric too. For a "decentralized" platform that basically covers 2 small areas of the world is not a good sign. I feel like Bluesky had done nothing to address discoverability and sharing issues. Most engagement is centralized with 1% of shitposters.

From listening to a podcast with the founder it seems that's their goal too as they want to integrate bluesky with e-commerce which obviously doesn't work well globally.


The 3 main communities seem to be English speaking, Japanese, and Portuguese. The community is way smaller than Xitter for sure but are the percentages that off?


I've never been exposed to non-US content on Bluesky unlike Mastodon where it's a melting pot from every possible niche and location.

To me it seems like Mastodon's focus on hashtags as discovery mechanism won hard in this space thus allowing such diverse communities to thrive on the platform.


There are hashtags on Bluesky as well.

There's an implicit language filter around your default language. It was implemented because the Japanese is comparatively as large as the English audience and a lot of English language users were complaining about searches and feeds being filled by Japanese posts. I chat a lot with Japanese Bluesky because I'm fluent in Japanese; probably 50% of my Bluesky activity is with Japanese Bluesky. I've made friends with a Japanese tech reporter and they share their articles with me occasionally, so it's fun to see a non-English speaking perspective.

Unfortunately I think a lot of the people who use Mastodon and are trying to dunk on Bluesky are doing so in bad faith or not quite bad faith but a non-willingness to explore Bluesky with the same openness and curiosity as Mastodon (this may purely be from a time perspective, I mean we're all human and only have so much time to devote to internet shitposting.) I used and stopped using Mastodon before the whole Xitter thing, because I had 2 instances shutdown on me for various reasons and didn't want to bother trying again. I'm mostly on Bluesky and it seems to have the same features as Mastodon sans the easy to build instances because ATProto is a more complicated protocol. I find the network of Bluesky (or at least my feed) to be a lot less tech focused and for me this is a win. I already engage with tech people on HN, parts of Reddit, and Discord. I don't need yet another tech site full of the common tech tropes like ranting emotionally into the void or getting hung up on niche things that only tech people care about. Just my $0.02.

The feedback about not cross-pollinating non-English-speakers is good though and I've been working on a feed that uses some ML to generate cross-cultural feeds around certain topics. It's been slow going because work has been tough and I'm locked in wedding "hell" in my personal life.


Bluesky is still pretty new. They've only been open to the public for less than 4 months.

They are moving slowly on purpose. I get what you're saying but perhaps give it some time to grow?

Twitter has been around for almost 20 years now, and Mastodon for who knows how long.


Having tried both BlueSky and Mastadon I found Bluesky pretty easy to use and Mastadon bewildering. There were so many Mastadon servers I didn't know where to start. I guess maybe it doesn't matter what server something is on because the app can connect to all of them, but then discussion topics would be repeated in multiple places and it all seemed so disjoint. Like the chaos of old IRC networks but amplified. All in all I felt like a babe in the woods on Mastadon while Bluesky is pretty shamelessly just "Twitter minus Nazis". One thing I like about Bluesky is when a thread starter mutes one of the posters, it mutes them for everybody in the thread, not just the original poster. While this might unfortunately facilitate creation of echo chambers it is a supremely powerful anti-troll tool.

The other big reason I went with Bluesky over Mastadon is that several of the people I used to follow on Twitter have moved over to Bluesky.


> One thing I like about Bluesky is when a thread starter mutes one of the posters, it mutes them for everybody in the thread, not just the original poster.

Oh interesting. This is a really cool feature. It kinda nudges it in the direction of being a private, self-run micro-blogging platform, where replies are essentially comments that you can moderate.


There's actually a few projects, mostly in Japanese, that use ATProto as a blogging platform. Kinda like how there's other applications using AP.


It does so much to lower the temperature of discussions there. BlueSky is by far my preferred social media platform.


Mastodon core devs avoid discussion of server choices because it inevitably reveals that 1/3 to 1/2 of Twitter/Bluesky/Mastodon by volume and/or users are Japanese image posters incompatible with Western, especially European, languages/memes/values.

2/3 of top 3 and half of top 10-20 Mastodon instances(not including Misskey ActivityPub servers) are Japanese. They really don't like that.


I think the primary difference is in the communities. Every six months or so I log back into Mastodon and the discussion there is one hard 'Nope' for me. I don't understand why I'd voluntarily read a platform where every other post is a 'call out' of something 'problematic' according to the warped world view of '@CatMomLibrarian' or something similar.

Cutting out the Nazis from Twitter is a great start, but Mastodon has done this by simply doubling down on the other end of the horseshoe. It's Truth Social for the other fringe.

BlueSky seems somewhat richer in normal people, but that probably won't last if the platform is successful over time. It seems in the nature of social networks to be taken over by parasitic outrage grifters.


Jack Dorsey out, plaintext DMs in.

Slow clap for Bluesky.


My offer still stands to help the Bluesky folks implement these types of things if they can't figure it out. Call me!


From discussions with security professional friends and folks on E2E encryption of protocols: I don't think it's that they can't figure it out, it's that they know it's hard to get right and harder to fix later, so they're taking their time to do it right in the first place. They don't want to end up like Telegram or Matrix with furries doing unflattering writeups on their security.


I agree that the furry interpretation of privacy is intimidating, but at the very least I think Bluesky could start with generating a private key on each client device, and then using a simple box algorithm to encrypt messages towards the user they want to talk to. The PDS could store these messages encrypted, so the PDS owner cannot read the messages.

I don't think https://tweetnacl.cr.yp.to/ is hard to mess up. Similar to the interior of a furry suit, you won't know what is going on in there.


> but at the very least I think Bluesky could start with generating a private key on each client device, and then using a simple box algorithm to encrypt messages towards the user they want to talk to.

Furry cryptography nerd here.

No. This is inadequate.

> I don't think https://tweetnacl.cr.yp.to/ is hard to mess up.

Yes it is! If you're doing to encrypt some things in a constrained use-case, sure, NaCl is better than hand-rolling it yourself. But it's not sufficient for end-to-end encryption. Here's a few things that TweetNaCl (and other NaCl variants) is, without further protocol design, inadequate to protect against:

1. Invisible Salamanders. NaCl uses xsalsa20poly1305, which is not key-committing.

2. Forward Secrecy. NaCl's crypto_box doesn't give you this at all.

3. Key Compromise Impersonation. See also, Toxcore, which built atop NaCl: https://github.com/TokTok/c-toxcore/issues/426

4. How do you do group messaging? If you do it as just pairwise, do you use the same public key as your p2p messaging? There's a lot of ways that can subtly go wrong.

There is a damn reason end-to-end encryption involves authenticated key exchanges and forward-secure double ratchets.


Well, exactly. My point is that in a constrained use-case NaCl would be sufficient.

If you want to rotate keys, then simply delete your private key and since we trust Bluesky so much we can use the PDS to share new pubkeys once we rotate. In fact, this would work for signing keys too! Then the PDS wouldn't be able to write messages for you if it wanted to.

For group messaging you simply encrypt the message to each recipient.

If they want to upgrade to a Axolotl from this, great! But starting with plain text is not private messaging, it is group messaging with your PDS admins and whoever they want to share that data with.


I literally wrote an X3DH implementation atop libsodium once

https://github.com/soatok/rawr-x3dh

I'm telling you, TweetNaCl is not enough to build a secure messenger

libsodium, maybe


I agree there are more layers you can add on top of TweetNaCl to improve security.

I'm going to personally add you to the list of people Bluesky should hire to get this implemented without the consent of the Bluesky employees. If they choose to hire both of us perhaps we can figure out how to implement this for them.

I will not commit to putting on a furry suit. But I've been known to try everything once. And bonus I live right next to the furry convention center and have always wondered what the heck is going on at the Hyatt while you guys are here.


There are over 150 different furry conventions and 80 that have happened in the last couple of years. Which one are you talking about?


I'm not prepared to admit that information to a stranger, but I'm sure from my profile you can figure it out.


I won't go out of my way to find out if you don't want it known. If you decide you want to know what's going on in the hotel, there's probably lots of video on YouTube from whichever convention it is.


I don’t think they want a plan to get Dorsey back — he seems to be an idiot.


I really want bsky to succeed. They have a promising product. Users and Content are all that matters now.


They have a product, but do they have a business? I haven't kept up with them lately; do they have anything approaching a revenue model that would sustain them and provide good returns to their investors?


I’ll stick to Signal for private communications and publish my public takes with ActivityPub based Mastodon. No need for proprietary stuff anymore.


All of bluesky is MIT licensed (unless there's a subset I'm missing), and developed pretty openly. Heck, you could use DMs much earlier if you logged into main.bsky.dev (with an app password, ideally) rather than bsky.app.

They don't have E2EE yet, and use a different system than posting does on the site. (ergo, I think they're not in the firehose)


I consider ATProto, the protocol BlueSky uses, to be a proprietary thing as it is owned and maintained by BlueSky. ActivityPub is an Open Standard.


I have a question that is not relevant to this post. Has anyone tried to implement the Bluesky federated protocol?


I know folks are hosting their own PDSs, at least in the sandbox, and I want to say in prod?

I'm not sure there are any non-bluesky Relays

I know folks are hosting their own labellers.

and I know folks are hosting their own appviews

I've seen repeated kerfuffles about people running mastodon-bluesky bridges


Yeah, I wrote my own PDS from scratch[0], that was capable of federating with the sandbox network.

Now that federation is enabled in the public network, I've been working on a slightly more production-ready rewrite[1], although it's not yet in a usable state (haven't had much time to work on it lately)

[0] https://github.com/DavidBuchanan314/picopds

[1] https://github.com/DavidBuchanan314/millipds


I am in the middle of implementing DMs. What are my options for making it e2e encrypted? I am using postgres if that matters.


I don't think this is the right place for that, but there are generally a bunch of libraries which will help you get this sorted out. If you tweet at me your tech stack and framework(s), I might be able to help you with more info. My details are in my bio.


I'm building a Twitter/Bluesky/Mastadon/Farcaster competitor targeted at the average HN reader. Usable but not yet launched. Anyone want to beta test it?


Can you only access it if you have an interesting story about a company you worked for in the bay area 10 years ago.


Absolutely! mrinfinity@micg.net


I'd give it a spin


Sure.


Send me an email for an invite: alan@wakatime.com


Um...

So all the money, all the development, to create Twitter² and they just added DMs?

That seems an underwhelming achievement.


The headline is that it's not a shithole ridden with ads, spam, influencers, scams, etc. That's the important part of replacing Twitter.


What are the criteria for deciding how to either stop influencers from signing up, or how to permaban them as soon as they start?

It would be something no other platform has managed. Including this site.


Neither was Twitter at the equivalent point in time.


There are a lot of people who would disagree with that. BlueSky already has better mod tools than Twitter circa 2014 did.

Musk’s transformation may have made it exponentially worse, but for some people it was already very bad.


Very true, and if Bluesky sucks 5 years down the road I'll leave for something new.


These people are just gonna re-invent Email next.


Decentralized email, what will they think of next?


Wake me up when the non tech people are using it.


I went to Bluesky because some of my personal favorite non-tech Twitter personalties ended up there. I'm a fan of @Popehat, who has a lot of informed political legal commentary. There are also a number of fiction writers and artists I like there. Surprisingly full of the people I happen to want to subscribe to. And surprisingly large gardening and astronomy communities.

Less my thing, but if your interests include trans rights, furry porn, or romance authors, Bluesky's definitely the place for you.

Signing up went really well. Mastodon absolutely fumbled the Twitter disaster because it was difficult for non-technical people to figure out what to do. Bluesky just looks like Twitter unless you're actively looking for options to be on another server.


Mastodon has fixed their onboarding process (a bit late) to be much more user friendly.

> if your interests include trans rights, furry porn, or romance authors, Bluesky's definitely the place for you.

Same could be said for Mastodon, plus retrocomputing and a lot of tech people who don’t want to be on Musk’s Nazi bar anymore. Compiler folks and John Mashey hang out on Mastodon.

If you follow US politics, you do want to be on BS, though. Mastodon is better for international politics and stuff like Eurovision.


Where are the tech people using it? I've mostly only found bsky employees and politics doomscrollers...


i haven't seen tech people, save for the bsky devs. in my time building a client for it (as a side project), i observed a healthy population of journalists, furries, and people who have bad political takes.

when openai launched gpt-4o and google had its i/o, the two events didn't make a dent in the bsky trends. what did make a big dent was eurovision. that says a lot about the population of tech people.


It’s where a significant chunk of the writing community has ended up. I think people who feel the need to reach out to the public may still be more active on Twitter, but it’s definitely the online writers’ bar now.


Some of the photographers I follow now have accounts at Bluesky.


at least among the people I follow, there aren't really very many tech people. It's pretty much friendly enough for anyone to use imo.

I mean, sure if you want to run a PDS or labeller, that's basically technical folks only at this point, but I've seen non-technical people put together feeds, choose which labellers they want to pay attention to, etc.

but for just skeeting and BMing, it's user friendly


Not only are they not end-to-end encrypted, Bluesky's DMs seem like they're entirely centralized. From their 2024 roadmap:

> We looked closely at alternatives like linking to external services, re-using an existing protocol like Matrix, or rushing out on-protocol encrypted DMs, but ultimately decided to launch a basic centralized system to take the time pressure off our team and make our user community happy.

https://docs.bsky.app/blog/2024-protocol-roadmap


It's a stop-gap because people want DMs and implementing them correctly (decentralized, e2e encrypted, etc.) is non-trivial. Rushing e2e encryption is not a good idea (and no, you can't just slap on matrix/signal and call it a day).

The alternatives are to:

1. Wait a bit longer for something half-baked that appears to meet the goals (i.e., something you're going to regret but will be unable to replace). 2. Wait even longer for something perfect.

By making the protocol centralized and stupid-simple, it's also stupid-simple to replace in when everyone is done painting the perfect bikeshed.


> By making the protocol centralized and stupid-simple, it's also stupid-simple to replace in when everyone is done painting the perfect bikeshed.

But we all know that the more temporary the fix, the more permanent it becomes.


In my experience, temporary fixes are more likely to "stick" the better they are at addressing the problem. The fact that nobody is satisfied with this fix is a good sign.


There is nothing more permanent than a temporary solution.


> By making the protocol centralized and stupid-simple, it's also stupid-simple to replace in when everyone is done painting the perfect bikeshed.

Can you recall any example of anyone replacing a centralized protocol with a decentralized one?


Didn’t Bluesky ship centralized, and then later replaced the centralized protocol with the decentralized at proto?


Did they? Heh, I didn't know that. But I thought they launched with the AT protocol already, no?


They did, which is why it seems like a relevant example to your question. They shipped centralized, and have already replaced the centralized service they shipped with a decentralized service.


Threads sits on top of the Instagram infrastructure.

And they have added ActivityPub integration moving everything closer to decentralisation.

Given how much of a win-win for Meta it is it wouldn't surprise me to see all their networks move in that direction.


> Given how much of a win-win for Meta

How much?

> to see all their networks move in that direction.

Why would they? What exactly will the move entail?


a) They can monetise content that didn't originate on their platform.

b) It shifts regulators attention from them to closed platforms like X.

c) They can leverage their advantages e.g. ad serving, safety to push competitors into niches.


> They can monetise content that didn't originate on their platform.

They have been doing it for years.

> It shifts regulators attention from them to closed platforms like X.

It doesn't. Threads is just as closed (despite integrating an open protocol), and is still subject to the same scrutiny and provisions as the rest of Meta's products.

> They can leverage their advantages e.g. ad serving, safety to push competitors into niches.

So, let me get it straight. Facebook gained so much from adopting a decentralized protocol so they will inevitably move in the same direction that:

- they will use it to remain the only centralized service?

- they will use it to do the same thing they do before (serve ads, collect user data etc.) but somehow will be absolved of regulations and scrutiny?


Facebook messenger is not completely decentralized, but it is E2E encrypted now after years of struggle with governments and UX. It's definitely possible to move centralized systems to be more decentralized.


How is that an answer to the question?


It's an example of somebody replacing a centralized protocol with a more decentralized one. It's also one of the biggest direct messaging platforms in the world with E2E encryption.


How is it decentralized? It's running from and through Facebook servers.


Facebook cannot read your messages, so it is more decentralized than a system that stores messages in plaintext (or stores the decryption keys).


That's not what decentralized means though. This whole comment thread is unclear on whether decentralization or encryption is what's desired.


That is because people want decentralized e2ee multi-device chats without manual key management, which afaik is not really possible


Seems like its simply a more private option

it being encrypted but routed through a single companies servers means its just as centralized as if it were unencrypted though


That depends on your definition of decentralization. Because of the way most people set up their apps, almost all Matrix users and ~all Signal users are using a centralized app under this definition.


> That depends on your definition of decentralization.

Decentralization literally means "not centralized". If you have a single centralized entity serving all your messages through a set of centralized servers, it makes the setup what?

> Because of the way most people set up their apps, almost all Matrix users and ~all Signal users are using a centralized app under this definition.

Yes, they do, and it's centralized. What exactly makes you think otherwise?


Bluesky.


e2e encryption is a net loss for a lot of use cases. Particularly, most DMs are spam in my experience.

Spam prevention is much harder if the server can't see the message. Spam reporting can be done with sufficient effort, but stopping the known spam from reaching the user in the first place is impossible (the closest you can get is a client-side scan before actually showing the message to the user, which requires downloading the whole message just to show "number of incoming messages" indicator or else having the indicator lie).

And of course, E2EE is a lie if you're visiting a website anyway.


It is my understanding that many E2EE chat systems won't actually E2EE your initial message to someone you aren't already mutual in-app contacts with.

Either E2EE is something you "upgrade" an existing conversation into (only after both sides consent to the conversation); or E2EE is something that only inherently establishes once both sides have sent one-another a message; or E2EE is something you can only enable before you start a conversation, if you already have the other person's public key (which you only get when you request to add them as a contact, and they accept.)

I think schemes like this balance privacy with spam-prevention quite well: privacy-conscious people can explicitly add each-other before either person says anything / can send intentional small-talk as pairing messages; while everyone else gets the benefit of a central spam-filter sitting between them and messages from strangers.


Except they'll never replace it because they'll be too busy making some other feature stupid simple by centralizing it and we'll be back to centralized social media.


I feel for them, because even if they (and weirdos like us on this site) value decentralization and other related values the average customer just DOES NOT CARE. They're trying to compete with other platforms without this handicap and very people people are willing to give them any "credit" for it


I'm a little bit sympathetic, but they've also kinda tried to have it both ways. They spent ages inventing a new protocol for decentralized microblogging, and then ages more before you could actually use a server other than theirs. But DMs is now where they don't want to spend the time up front to do it the right way?


To be fair, they’re a tiny team with a ton of things on their roadmap and limited time to do it all. It seems they’re taking it slow on core stuff that they really need to get right, because it can’t be changed later, while adopting pragmatic solutions for things that users want now and which can be swapped out for better implementations in future.


I thought the entire point of Bluesky was that it was to be decentralized? Did that change?


From using Bluesky it feels like the goal is to build a social media experience that’s as decentralized as possible without sacrificing the user experience.

So, they want the experience to be like Twitter for the users that don’t care about decentralization, but to be backed by something like ATProto underneath for those who care.

I’d say Mastodon is more “the entire point is that it’s decentralized”. Bluesky it’s a major point, but not the entire point.


When you're competing against goliath first-moved closed platforms, pragmatic eventual-decentralization makes sense.

What use is first delivering today's table stakes features 5 years from now, albeit fully decentralized and open?


Yea, especially when their rational is DMs are the most asked for feature.

Build a good enough version now, and then tackle the end to end encrypted fully decentralized version. The cheap version can give them the breathing room to build the better version.


Twitter is over ten years old so arguably all its competitors are "late". Bluesky doesn't have 5 years of runway though.


>Bluesky it’s a major point, but not the entire point.

And I'd say that was the right tradeoff to make. Mastodon is only marginally more useful than IRC at this point, and is completely useless to the average person. I as a developer have yet to even figure out how it's supposed to work. And no, I'm not going to spend hours digging through docs.


>Mastodon is only marginally more useful than IRC at this point, and is completely useless to the average person. I as a developer have yet to even figure out how it's supposed to work.

I don't know how you define "average person" but plenty of people who aren't developers are on Mastodon.

This argument that Mastodon is "too complicated" is perennial, despite the obvious evidence to the contrary in the growth of its adoption. It's particularly weird to keep seeing it on a forum full of people who think compiling software from source and working in arcane terminals is trivial.

You can just sign up for an instance like any other website (or multiple.) Or you can pay any number of hosts for an instance of your own (I use masto.host, $9.00/mo.) Or just run the activitypub plugin in Wordpress and your Wordpress is now also a Mastodon node.

If I can do it, it ain't that hard.


It's been on a steady downward slide for the last year, from almost 2m during The Exodus to about 900k active users now. People sign up, but most don't stick around. I also can't help but notice my own timeline has slowed to a crawl, and it's mostly the same few people. It's not vibrant and busy like it used to be.


Aggressive growth and addictive velocity are cancerous, let it reach a healthy equilibrium. Slow can be good, too.

I'm following ~500 people at the moment, and getting relays from a few instances. I see a constant flow of new stuff but I can also easily leave and do other things, because Mastodon isn't designed to maximize engagement and addiction. I don't feel a constant need to post or comment or chase endorphins. The scale is just fine for me.


I was on there when it was just Mastodon.social. It was more vibrant then, and it's been more vibrant in recent memory, before it rocketed to 2m users and started falling. Something is different, and it's not good. I think people who've been there are getting fed up with problems no one seems to care about years on (even people like me who kept giving it chances and pushing for change), and new people are going somewhere else instead of trying Mastodon.

You can stick your head in the sand if you want and hope the year-long freefall stops rather than consider there might be a problem. It's what I've come to expect.


I'm not sticking my head in the sand, I'm just not having the experience you seem to have had, and neither is anyone I actually hang around with.

If you prefer Bluesky, that's fine. Competition is good.


> plenty of people who aren't developers are on Mastodon

How many of them are gonna stick around once their instance goes offline, or the admin does something crazy (which isn't impossible considering how many of these are ran as personal/fun projects by geeks rather than actual businesses), or their instance gets into a feud with the others and results in defederation?

All of this is overhead. It's overhead that can be managed, or you can pay someone to manage it for you, but it's still overhead and extra problems that just don't exist when you can instead sign up for Instagram or Twitter and call it a day.


My person in deity the standard you're defending is the lunatic dumpster fire that is Twitter, where Elon just decides shit at random like "likes are private now" and "you can just pay for a checkmark" or "I'm unbanning all the nazis lol."

I personally haven't experienced any of the "overhead" of Mastodon that you're mentioning, and making seem far more common than it is, but Mastodon seems far more stable than Twitter as a platform and a community at the moment.

And sure, some people might not like it, and that's fine. There are and will always be alternatives. But anything is better than Twitter.


>I as a developer have yet to even figure out how it's supposed to work

You go to https://joinmastodon.org/, click on "join" (or pick another server if you are adventurous), fill in your username and email and you're good to go.

Why do people invent fictional horror stories about a service that's at this point functionally as easy to use as any bog standard website?


You go to https://joinmastodon.org/, click on "join" (or pick another server if you are adventurous)

Regular consumers hate this because they don't know what they're getting into, and it feels like the social media equivalent of a crypto scam where you're invited to buy a coin, any coin. It was probably intended to resemble arriving at college during rush week and pick a social/activity club to join, except you have to pick a server without any real way to browse around and understand what differentiates them.


heck, I'm not a regular user, and I find it annoying to pick a server without knowing what the vibe is. I want to lurk without any transaction costs before I sign up for something


You can see posts on any server to "find out what the vibe is" without registering. For example: https://fosstodon.org/public/local. What are the transactional costs here?


>You go to https://joinmastodon.org/, click on "join" (or pick another server if you are adventurous), fill in your username and email and you're good to go.

And that gives me access to the entire service? Or just bits and pieces of it? And how do I find other services? Asking around? Who's seeing my data if I sign up on another server? What are the anonymous operators of said server doing with my password and email? How do I message someone from another server? Are those messages secure at all?

Decentralized works for motivated parties. It does not work for the masses.


Yes, it gives you access to the entire service, you don't need to find anything. Messages and accounts in Mastodon are visible across the network. The operators of almost all instances aren't anonmyous, the address of the default server operators is literally listed on the about page.

If you have zero knowledge and don't care Mastodon functions exactly like Twitter. If you care more, you can invest time, host your own server, do what you want, that's optional.

If decentralized systems don't work it's amazing that my grandfather is able to send emails every day. Which is btw the exact equivalent to Mastodon. You don't care you sign up for Gmail, if you do, run a server out of your basement.


> If you have zero knowledge and don't care Mastodon functions exactly like Twitter.

That’s simply not true. Even as a technical user I sometimes stumble over things like not being able to follow an account after being linked to their servers web site. “Wait, why am I logged ou– oh, this isn’t my server.”


And you know the answer to all those questions for bluesky?


Those questions aren't there, when you sign up it's just like any other service. If you want to do the decentralized thing or wonder 'why do some people have specific domain handles and the like, the information is easy to get, but you could also use it without ever knowing any of that. So very low friction for non-technical users.


> And you know the answer to all those questions for bluesky?

Nope. Just pointing out the downfalls of decentralized, and the fact that compromising with some centralization (as Bluesky is doing) is a better way for most people.


the masses don't ask questions at that granularity though, it either works or it doesn't.


I mean you can just sign up and use it. No need to read docs. I have plenty of complaints, but it’s largely alright imo.


That was the idea with Bluesky, but people refuse to budge from Twitter without DMs integrated into the platform.


Which applies to WhatsApp, TikTok too.

The main issue with other platforms is that the content that exists within are too wild-west. Anime isn't a everybody thing nor are geeky Programming/Linux communities or furry artwork for that matter.

Where do I find TikTok content within Matrix? That's what the current content-matter is.

The corporate apply heavy exploitation; psychology and social exploits to the user. And while the other platforms don't and carry merits such as privacy and the likes; people really just don't care they are being used for systematic learning, being manipulated because some peer is influencing them.

Companies pay large amount of money in R&D for developing social exploits, all the way down to the background colour of the icon of the app. A platform has to have a gimmick to catch. Privacy, decentralized isn't it.

These foundations don't have corp money to pay for content producers, influencers and so you then end up with dwellings of niches which can turn urk at best.


Decentralization is a solution for establishing a saner, fail-safe governance structure (or we can call it "billionaire-proof"), not the problem to be solved by itself. You need to have enough traction to achieve this goal and sometime it might make sense to compromise the decentralized implementation part.


Yes. No.


> the average customer just DOES NOT CARE

They're not targeting the average customer (by whatever metric you measure an average customer). They're targeting people that value decentralization.


Kind of, sort of, but not so much? They're also targeting people who left Twitter because of the moderation policies, ownership, and/or user base. Among Bluesky users, Twitter migrants easily outnumber decentralization enthusiasts 10 to 1 at this point.


This is spot on. BlueSky and Threads have just become "left-wing Twitter", intentionally in quotes because it's actually a very small subset of users that left to found their own hug-box, due to some irrational hate of Musk, or that people they don't like at the old place are allowed to have opinions again.

Nobody cares about protocols, except maybe the handful of infosec nerds on Mastodon. It's about a middle school-level rearranging of friend groups. A VIP lounge where they only hang out with their own.

There was an exodus of a small subset of users, and BlueSky was there like an abandoned building that was squatted. It being invite-only added to the exclusivity as invites were passed amongst like-minded peers online, further adding to the echo-chamber.


I left Twitter because I got tired of having inflammatory content be shoved in my face without ever actively following any of the people posting it.

Censorship is bad, but amplification of horrible takes is not equivalent the absence of censorship.

The quality of ads (I was using the official client) was also quickly approaching the quality of predatory late-night TV shopping channels (“call NOW to get our ULTRA LINT REMOVER with free shipping!!!”).


> but amplification of horrible takes

The problem is the definition of 'horrible takes' is, and always will be, subjective.


It is, so I left, just like I’m not reading newspapers that I don’t like the editorial decisions of.

Possibly there is also a way to run a social network uneditorialized, but Twitter clearly isn't attempting that.


Right, which is why people may prefer Bluesky, which doesn't amplify anyone's takes and lets users decide what they prefer to see.


> that people they don't like at the old place are allowed to have opinions again.

Sorry, but I think that deliberately obfuscates the changes Musk has made at Twitter. See https://ketanjoshi.co/2024/04/19/you-are-the-fuel-that-energ... for one summary.


Why is hating Elon Musk irrational? Regardless of politics or business practices, his personal conduct is revolting.


Why do you care? You're not his friend or related to him. He is the CEO of a scaled text messaging app.

Do you get upset if the CEO of your electric utility made stupid political statements?

Or if the owner of a car dealership cheats on his wife?

Tiger Woods slept with like fifty waitresses and masses of people were furious. Why? What did they expect his life as a star athlete was?

People dislike Musk out of pure jealousy and try to rationalize it via other means. The logical option would be to simply not care.


His tweets started appearing in my feed at an absurd rate some time after he bought it, and I never followed him.

That’s like my utility company insisting I watch a message from their CEO on all devices they power every once in a while, or the owner of my car dealership calling me every once in a while unprompted to chitchat.


> or the owner of my car dealership calling me every once in a while unprompted to chitchat.

If you know the secret to stopping car dealership spam, please share!


> People dislike Musk out of pure jealousy and try to rationalize it via other means.

I don't think this is true. Most people I hear express that they don't particularly like him, also attribute it to things that made me not like him. The rescuer story, the absurd trolling, the disparaging of specific individuals, the pretending to be for "freedom of speech" until the speech is about him.

This is a person I once thought had the desire and the means to push humanity forward. He's done so much, all of it tainted by, well, being absolutely unhinged.


Are you Elon's friend or relative? Logically, other people's opinions about him shouldn't concern you at all. Yet here you are white knighting someone who's just the CEO of a scaled text messaging app. Why do you care?


Who's talking about "getting upset"? Elon Musk has done a lot of things in his life that slot him into the "bad person, do not like, do not support" category. That's just called forming an opinion. I'm not playing darts with his photograph. I'd prefer to hear as little about or from him as possible, frankly.


customer? who's paying for it?


It's nice that they are being honest about how the existing thing is not encrypted. Typically what happens with these things is that some entity announces that they have end to end encryption. But it turns out that they mean that end to end encryption is only possible. The user has to compare some ridiculously long number to achieve it and few users actually end up doing that. In most cases they are not even provided with any concepts to allow them to initially make things secure and maintain this security over time.


Didn't the early versions of Skype, which was coded by like 4 guys, do decentralized end-to-end encrypted messaging like 20 years ago? Before MS bought it and removed all the security at the behest of the government[0], I mean.

So two decades later, when we now have so many widely available open source libraries for networking and encryption, that job is somehow too hard for a well-funded organization like Bluesky? That's very sad.

[0] https://en.m.wikipedia.org/wiki/Skype_security#Eavesdropping...


End to end encryption is not a hard problem from a cryptography perspective. It's a hard problem for key management (eg, how do you handle multiple devices?) and recovery (how do you handle someone losing their phone and wanting to recover their previous messages?). Twitter tried this and half-assed it, and Bluesky apparently want to do a better job.


apparently they didn't.


Not having done something yet doesn't mean you've failed to do it.


releasing, missing a core feature, isn't a great example that you care about that core feature


It's not a core feature for their current user base, apparently. I think they care about it more than their users do. They won't be able to implement it at all if they don't have any users.


Doing it in a way that behaves the way people expect is what requires work. It's easy when both people are online at the same time. It becomes more difficult when you want to ensure asynchronous delivery and receipt and which supports people hopping between devices and not losing the conversation history. I can naively think of a way which would be to make them work identically to normal Bluesky posts except they're encrypted with a public-private keypair, but that would leak who is talking to who and how many DMs people are sending and receiving.


Curious if they could simply piggyback on the Signal source code. Lots of folks try to reinvent the wheel these days. Just like protocol buffers reinvented ASN.1 + PER and so-forth. Even the crypto folks at protocol labs opted for the former in place of an established standard.


No. I wrote about this a couple of years ago (https://mjg59.dreamwidth.org/62598.html) and the answer is that while Signal solves the cryptography problem, the other hard problem (ie, everything to do with key management) is still up to whatever's on top of the Signal protocol.


They're not E2E yet, although they plan to introduce this later (and have had a good record so far of adding features incrementally with very few bugs). But you shouldn't be using any social media platform for communications that need to be secure.


Probably a noob question but: why is E2E encryption hard to implement? It took WhatsApp a long time to implement as well. Is there a particular reason?


End to end encryption isn't hard. End to end encryption for non technical users who might forget their password, is hard.

The trouble isn't the encryption. It's, how do you make it feel seamless without having access to the private keys, and without asking the end user for their private key.


reminder for all the twitter haters: Twitter's good!

Yes, I know there's plenty of reasons you'll nitpick twitter and I can nitpick bluesky as well.

More competition is good and I like to see it. Go where your friends are and have a good time.

If you want the edge of Ai/ML, I suggest twitter. Lots of world class accounts. Bluesky is good, has more old school... like 'harry potter' type nerds on it. They post interesting stuff. You should also have a discord. Maybe an insta if you're trying to get a gf


I don’t think my wife would be happy with me getting a girlfriend.


;) she wants to see you happy


>Twitter's good!

It's really not. It was good for a short while, way before the Muskquisition but the quality both of the service and of discourse have declined.


Finally! It was useless without DMs! Unfortunately, there's no E2E.


slightly off-topic but did anyone find a way to still use Twitter/X using Firefox (without disabling strict tracking protection of course)?


wasn't this fixed a few days ago? https://x.com/FirefoxSupport/status/1791459697297608943

firefox is my default browser, and i have the enhanced tracking protection to strict.


actually not, I am using latest Firefox 126.0 and it is still broken.


https://nitter.poast.org/ still seems to work


Kind of lost interest in blueskys future after they announced they hired twitters former trust and safety lead. Twitter has issues today for sure but that isn’t one aspect I’d like back (eg shadowbanning and lying about shadowbanning etc).


The only thing that has changed with Twitter is who gets banned.


The problem with BlueSky is that they built something specific for Twitter like experiences.

Nostr is much better positioned to take on these large platforms IMO. You can build pretty much any social experience on it.

Here's a selection of things folks have built on top of the protocol: https://www.nostrapps.com


This could also be seen as a weakness. The lack of focus means fragmentation. Fragmentation means confusion. Users tend to want/need to know what to use and where to go. Telling someone, "go get an email account," will leave them asking more questions or giving up. It's a homework assignment for research. Telling someone, "go get a gmail account," is an actionable thing they can do. We made it there with email, but they were news anchors trying to explain it to people and a lot of friends helping friends, or simply ISPs setting it up for their customers. It's been 30 years of mainstream awareness.

If someone said, "I'm on Nostr," and I wanted to join them, then I found that page you linked to... now what? What is a Zap? Is this some kind of crypto nonsense? "amount in sats"... what's a sat? I just went to what was supposed to be a reddit clone and there were 0 posts. Another one is just a chess board. What is this supposed to be, the user asked? I'm already annoyed by this. "Here are 90 sites, go find the 1 that might not be a ghost town that will also let you talk to your friends." This is a bad first impression, and it's not even my first time hearing about it.

The public will never be sold on a protocol, there needs to be that one killer app that brings people in, and if the protocol is flexible to allow for more things, great.


Check primal.net to find that app you are talking about.


“The Social Bitcoin Wallet”

Hard pass. Why would I ever want my wallet to be social? What does a social network have to do with Bitcoin? This sounds like social media for insufferable crypto bros.


At this point why use nostr over ActivityPub?


why "at this point"? nostr was designed after activitypub was, in order to solve problems in activitypub. No substantial evolution has happened in activitypub in the interim to invalidate these improvements.


I’d argue the rise of popularity attributable to Mastodon is what’s different. It has momentum.


I pretty much haven't heard of Bluesky since it went public. Is it still a mostly cesspool of american politics-obsessed twitter refugees?


> Is it still a mostly cesspool of american politics-obsessed twitter refugees?

99% of social media on the English-speaking web is basically American politics obsessed, if you don't want that you need to branch out to other languages.


Are they politics obsessed in other politics, or is that particular to Americans?


Unfortunately the garbage is spreading.

It's less due to politics and more due to the rotten business models of all mainstream social media - it encourages engagement (algorithmically, so it doesn't even need human intention/decisions), it just turns out that political content is great at generating engagement and thus it floats to the top.

Various actors take advantage of this for various reasons (including political motivations) but the underlying problem is that the platform itself will promote any content as long as it generates engagement.


My experience is that it's the opposite. My twitter timeline got filled up with blue checkmarks spamming their things. Their comments are boosted in every discussion. And since it's a certain demographic that pays for twitter blue, it completely altered everything. So at least in my circles it's to get away from all the hate and outrage that was just to gain virality, and get back to actual discussions on the topics we care about (which is far from US politics).


pretty much, the same rational and objective (and fact based!) political views you can read on hn


Bluesky is going to have the same problem as orkut.

While they’re building out, keeping it exclusive and taking their sweet-ass time, something else will come along and eat their lunch.

I am saying this as a bitter outsider without a Bluesky account but with FOMO.


> I am saying this as a bitter outsider without a Bluesky account but with FOMO

You'll be pleased to learn that Bluesky sign-up has been open to all without invitation since last February.


> something else will come along and eat their lunch

It already happened.

Whilst Bluesy was requiring invites, Threads launched and now has the highest DAUs of all of the text social networks.


I agree with you on this, but the Threads culture of 'no bad vibes' is very hard to take


Its no longer invite only.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: