Here is an excerpt from the offical docs for the curious:
"Why not use ActivityPub?
ActivityPub is a federated social networking technology popularized by Mastodon.
Account portability is a major reason why we chose to build a separate protocol. We consider portability to be crucial because it protects users from sudden bans, server shutdowns, and policy disagreements. Our solution for portability requires both signed data repositories and DIDs, neither of which are easy to retrofit into ActivityPub. The migration tools for ActivityPub are comparatively limited; they require the original server to provide a redirect and cannot migrate the user's previous data.
Another major reason is scalability. ActivityPub depends heavily on delivering messages between a wide network of small-to-medium sized nodes, which can cause individual nodes to be flooded with traffic and generally struggles to provide global views of activity. The AT Protocol uses aggregating applications to merge activity from the users' hosts, reducing the overall traffic and dramatically reducing the load on individual hosts.
Other smaller differences include: a different viewpoint about how schemas should be handled, a preference for domain usernames over AP's double-@ email usernames, and the goal of having large scale search and algorithmic feeds."
a very opinionated piece that leads by conclusion rather than building up to it.
The main part of ATProto that is centralized is the PLC and that will eventually be made (most likely) into a consortium. PDS hosting is debatable
That being said, it should be possible to run completely independent atproto networks today. We have several dev infra setups for doing it in the ecosystem
Anything "social" basically - the first ideas that come to people's minds are of course things like: GitHub but on ATProto, Instagram on ATProto, Tiktok on ATProto, Reddit on ATProto…
Currently atproto is still figuring out how to approach private data. Right now there exists extremely limited abilities to store private data via the bluesky preferences but until that mechanism is standardised in a way other projects can use, there's not really a good way to store data privately let alone transmit data privately.
There's a working group for doing this but it'll be a while before anything is adopted at scale.
If fully public is okay for you, there is actually already a chatroom/IRC-esque platform called Roomy. It works well but it is all public and there's a touch more latency than a normal client-server platform due to the nature of atproto's gossip protocol.
So, one big problem is that there's basically no way to have shared-private data in the protocol - it's either private to you, or fully public. Hence no "locked accounts", "followers-only posts" and so on on Bluesky, and this also prevents more sensitive ideas like e.g. "Strava on ATProto" (where you probably don't want to share your run map with the whole world!).
They are working on this, but it's still gonna take a while as I understand.
Ah thanks for the answer. What's the PKI story on bluesky, doesn't every identity have a corresponding public key? So if I had a list of people I wanted to a post to be visible to, couldn't I "just" encrypt it with a key that is decryptable by each of those individuals via their pubkey?
PKI distribution for encrypted data is an unsolved problem at the scale of many millions or billions of people. Signal caps at 10k iirc
It's also generally not advisable to make your cypher text publicly visible
That being said, I'm working with others in the ecosystem on "permissioned space", which are much closer to how people think about Google Docs and similar systems working.
There is also another effort around E2EE content (MLS) for messaging. They are also thinking beyond just messages too
I'm not really familiar with that layer of things, but I think it's possible, though that "just" is doing a lot of work here of course, and I think it might not necessarily be a good idea to have encrypted messages available publicly for everyone all the time, so they can collect them and wait until someone slips up / a vulnerability is found / they have enough hardware to crunch it...
It’s not that shared private data is impossible, just that the mechanisms haven’t been fleshed out yet. I expect this type of setup might be difficult to scale?
I don't think that Matrix chat was used much after the initial months, I've only really heard about it in legends... That Discord (the ATProto Touchers) is community-run.
ATProto is a lot of fun to work with, but of course by no means perfect. The biggest challenge right now is dealing with private data, I hope they can figure out a way to support it soon.
yea i dont think there's any blocker from a protocol perspective, im just saying i'd love to see it happen. adoption for sure among the largest hurdles id guess
Been pondering for my team to use it for our product’s timeline. I don’t particularly want our user base to be Bluesky, but it’d be good to have support for the protocol, and control over the system.
Have there been any products go embraced this? Or is it like ActivityPub where basically the whole thing is Mastodon.
This isn’t quite true. WordPress.com announced they were planning on ActivityPub support, but that is a separate entity run by a commercial company (Automattic).
Their plan was to support it specifically on Tumblr, as well as helping fund an open source plugin for it; there have been no plans to integrate it into the WordPress software directly.
I believe they’ve also deprioritised it as they did significant layoffs recently.
For now mostly just small things that the Bluesky dev/user community is playing with, but check out e.g. Tangled which is meant to be a GitHub alternative on ATProto: https://tangled.sh
I see the error of forgetting the long distance prefix and dialling some poor innocent to squeal tones in xyr ear during Zone Mail Hour is alive and well. (-:
If you want to find other apps that are using Bluesky and ATProto we run https://blueskydirectory.com for that. Feel free to add any apps you find to it!
We might be able to do this with permissioned spaces. There are instances or use-cases where you want an outside entity to make changes to a user's repo
- email / inbox [or @mail since it is @atproto :]
- unsubscribe from email
- notifications / rsvp
The cool thing is that we could use the stackable moderation infra for dealing with bad actors
stackable moderation for ignoring senders is a cool idea. I'll keep an eye out for permissioned spaces, is there encryption and signatures involved at all? (everything on bluesky is signed with PKI, iirc?)
And just unsolicited feedback but "Blebbit" is a deeply terrible name. It turns my stomach for some reason. I don't even know what a bleb could be or what it could represent besides, like, an ulcer.
Your content is signed with a key, but there isn't PKI in the same sense as certificates
There are two efforts around "permissioned" and "encrypted" spaces/content, where encrypted is the E2EE / signal like stuff and permissioned is more like Google Docs or the Discord like permissioning systems. There are use-cases for both
re: name, the second person to dislike, outnumbered by those who do like, will add you to the tally
the name is a play on plebeians / plebs / blebs, not to belittle, but to emphasize this is for the people, not the oligarchs.
Credible Exit Philosophy is important to me and the ATProtocol ecosystem. It means that users can leave an app without losing their data, that they can move their database without losing access, that the majority of Bluesky users could switch to an alternative if they become adversarial.
What it means is that ATProtocol bakes competition into our shared social fabric that all apps build on
there shouldn't be a rush to replace the things that have stood the test of time. Lindy's law would suggest a protocol that's been around 40+ years is fundamental and won't be going anywhere anytime soon.
email has come a long way with SPF, DKIM, and DMARC, and its cool that anyone can purchase a slice of the global namespace that is transferable between providers, but AFAIK the biggest road block to using email in a distributed self sovereign way is reputation and getting your messages delivered to google and outlook users partially because of the nonstop spam.
Do we have any new tools to prevent spam in a post-email world? Or can we just use the current email structure with some better GUI around PGP and Hashcash and force anyone who wants to send a message to burn 10 cents worth of electricity ?
I'm curious what you're looking for in an email standard ?
A quick back-of-the-envelope calculation says that USD 0.1 would be about 700 Wh, so, give or take, a high-performance desktop processor running full tilt for over four hours.
Personally, I'd prefer something like an expansion of how XMPP works. By default you only see what people in your contact list have sent you, and anything else is marked "dubious", and it's up to you to read it or not. I think it's a mistake that email servers have been given the responsibility to filter unwanted traffic. Email servers should have only ever simply passed along whatever they received (excluding excessively large messages, of course).
Here is an excerpt from the offical docs for the curious:
"Why not use ActivityPub?
ActivityPub is a federated social networking technology popularized by Mastodon.
Account portability is a major reason why we chose to build a separate protocol. We consider portability to be crucial because it protects users from sudden bans, server shutdowns, and policy disagreements. Our solution for portability requires both signed data repositories and DIDs, neither of which are easy to retrofit into ActivityPub. The migration tools for ActivityPub are comparatively limited; they require the original server to provide a redirect and cannot migrate the user's previous data.
Another major reason is scalability. ActivityPub depends heavily on delivering messages between a wide network of small-to-medium sized nodes, which can cause individual nodes to be flooded with traffic and generally struggles to provide global views of activity. The AT Protocol uses aggregating applications to merge activity from the users' hosts, reducing the overall traffic and dramatically reducing the load on individual hosts.
Other smaller differences include: a different viewpoint about how schemas should be handled, a preference for domain usernames over AP's double-@ email usernames, and the goal of having large scale search and algorithmic feeds."
Relevant post by Christine Lemmer-Webber (Co-creator of ActivityPub) https://dustycloud.org/blog/how-decentralized-is-bluesky/
a very opinionated piece that leads by conclusion rather than building up to it.
The main part of ATProto that is centralized is the PLC and that will eventually be made (most likely) into a consortium. PDS hosting is debatable
That being said, it should be possible to run completely independent atproto networks today. We have several dev infra setups for doing it in the ecosystem
> it should be possible to run completely independent atproto networks today
But does anyone do it? It doesn't really matter if it's /theoretically possible/ if no one actually does it.
Running an ActivityPub server is piss easy, anyone can do it on a $5 VPS or in their basement, and that's one of its big strengths.
People are doing it yeah. The post linked in the comment above is already outdated, see https://whtwnd.com/bnewbold.net/3lo7a2a4qxg2l for relatively recent developments.
> Running an ActivityPub server is piss easy, anyone can do it on a $5 VPS or in their basement, and that's one of its big strengths.
same statement can be applied to running a bluesky PDS. Here are the server recs: https://github.com/bluesky-social/pds?tab=readme-ov-file#sel...
I could be mistaken, but I believe BlackSky is pretty close today.
Was fully expecting to see descriptions of “ATD” and “ATH”…
RING, RING, RING, ATA, CONNECT!
If you are interested in building on ATProtocol, one of the best places to start is the Discord (until we have an atproto native alt @blebbit.app)
https://discord.atprotocol.dev/
Of course the spec is good too, very easy read
https://atproto.com
https://docs.bsky.app
What sorts of things can be built on the protocol?
It’s good at social-oriented apps - there’s obviously Bluesky, and many other smaller apps in the style of other platforms.
One of the most interesting projects is tangled.sh - a github-like using atproto for the social layer, which fits perfectly.
Anything "social" basically - the first ideas that come to people's minds are of course things like: GitHub but on ATProto, Instagram on ATProto, Tiktok on ATProto, Reddit on ATProto…
Why isn't there a Discord built on ATProto ? [Serious Question, wondering if there are trade-offs that make this especially annoying]
Currently atproto is still figuring out how to approach private data. Right now there exists extremely limited abilities to store private data via the bluesky preferences but until that mechanism is standardised in a way other projects can use, there's not really a good way to store data privately let alone transmit data privately.
There's a working group for doing this but it'll be a while before anything is adopted at scale.
If fully public is okay for you, there is actually already a chatroom/IRC-esque platform called Roomy. It works well but it is all public and there's a touch more latency than a normal client-server platform due to the nature of atproto's gossip protocol.
So, one big problem is that there's basically no way to have shared-private data in the protocol - it's either private to you, or fully public. Hence no "locked accounts", "followers-only posts" and so on on Bluesky, and this also prevents more sensitive ideas like e.g. "Strava on ATProto" (where you probably don't want to share your run map with the whole world!).
They are working on this, but it's still gonna take a while as I understand.
Ah thanks for the answer. What's the PKI story on bluesky, doesn't every identity have a corresponding public key? So if I had a list of people I wanted to a post to be visible to, couldn't I "just" encrypt it with a key that is decryptable by each of those individuals via their pubkey?
PKI distribution for encrypted data is an unsolved problem at the scale of many millions or billions of people. Signal caps at 10k iirc
It's also generally not advisable to make your cypher text publicly visible
That being said, I'm working with others in the ecosystem on "permissioned space", which are much closer to how people think about Google Docs and similar systems working.
There is also another effort around E2EE content (MLS) for messaging. They are also thinking beyond just messages too
Fantastic. Looking forward to seeing where you land.
I'm not really familiar with that layer of things, but I think it's possible, though that "just" is doing a lot of work here of course, and I think it might not necessarily be a good idea to have encrypted messages available publicly for everyone all the time, so they can collect them and wait until someone slips up / a vulnerability is found / they have enough hardware to crunch it...
It’s not that shared private data is impossible, just that the mechanisms haven’t been fleshed out yet. I expect this type of setup might be difficult to scale?
My immediate thought to
Working on it, https://blebbit.app (mainly landing pages, but login and basic chat work)
Thats such a bummer, I was on the matrix dev chat for a while and it was good and helpful. I wonder why they changed it from that?
I don't think that Matrix chat was used much after the initial months, I've only really heard about it in legends... That Discord (the ATProto Touchers) is community-run.
Here I was thinking I'd see old AT commands for controlling radios. Learned something new
theyre not old and still used in many many cell modems :-)
Yup.
Bluesky's name collision was pretty avoidable here but I guess they thought the obvious name was BS.
I believe that's still used in phones for communication between the computer and the cell phone hardware.
Same. ATS11=43 was magic back in the day.
ATDT <My Favorite BBS>
. . .
ATH
ATProto is a lot of fun to work with, but of course by no means perfect. The biggest challenge right now is dealing with private data, I hope they can figure out a way to support it soon.
see my comment in another thread, things are happening!
+++ATH0
Those old enough will know :)
I bought a 5G modem made by waveshare, I had lot of fun tinkering that device with AT commands.
ATDT1170,
Thinking about changing my ring tone now... ;)
AT&N34 ha!
would love fb marketplace disruptor on atproto
Isn't the problem the network effect, and not the protocol whatsoever?
yea i dont think there's any blocker from a protocol perspective, im just saying i'd love to see it happen. adoption for sure among the largest hurdles id guess
I'll save you a click: it's unrelated to the Hayes AT commands [1].
[1] https://en.wikipedia.org/wiki/Hayes_AT_command_set
Been pondering for my team to use it for our product’s timeline. I don’t particularly want our user base to be Bluesky, but it’d be good to have support for the protocol, and control over the system.
Have there been any products go embraced this? Or is it like ActivityPub where basically the whole thing is Mastodon.
ActivityPub is embraced by:
It is by no means just Mastodon.> WordPress
This isn’t quite true. WordPress.com announced they were planning on ActivityPub support, but that is a separate entity run by a commercial company (Automattic).
Their plan was to support it specifically on Tumblr, as well as helping fund an open source plugin for it; there have been no plans to integrate it into the WordPress software directly.
I believe they’ve also deprioritised it as they did significant layoffs recently.
For now mostly just small things that the Bluesky dev/user community is playing with, but check out e.g. Tangled which is meant to be a GitHub alternative on ATProto: https://tangled.sh
TikTok: https://bsky.app/profile/skylight.social
Insta: https://bsky.app/profile/pinksky.app
Twitch: https://bsky.app/profile/stream.place
Events: https://bsky.app/profile/smokesignal.events
Pinterest: https://bsky.app/profile/scrapboard.org
And here is an app to generate unified feed for such apps: https://bsky.app/profile/atpage.one
Build your own feeds / algorithms in the browser: https://graze.social
activitypub is mostly used in the fediverse. mastodon is one of many clients and servers, and one of the worst.
Here's another great resource about the ATProto distributed design
https://atproto.com/articles/atproto-for-distsys-engineers
In this house, we believe “AT protocol” refers to Hayes modem commands.
ATDT2024561414
A slightly more modern usage for cell modems that still implement AT commands in 2025:
AT+QSINR?
AT+QRSRQ
AT+QRSRP
AT+QNWINFO
-- getting current status/band of a link
I see the error of forgetting the long distance prefix and dialling some poor innocent to squeal tones in xyr ear during Zone Mail Hour is alive and well. (-:
+++ ATH0
This brings back memories of hanging my 56k modem up with a specially crafted ping command :)
Would love for more platforms to embrace the AT protocol.
I'm working with some people on permissioned spaces for atproto (spec and pds changes). This will unlock a ton of use-cases not possible today
Working Group is forming this fall, we'll be at IETF, Montreal in Nov
Also building one such platform that needs permissioned spaces, if you want to follow along
https://github.com/blebbit/atproto
https://bsky.app/profile/blebbit.app
Off the top of my head, there are also WGs for E2EE messaging, web monetization, and geo.
Lot's of infra getting built this year
If you want to find other apps that are using Bluesky and ATProto we run https://blueskydirectory.com for that. Feel free to add any apps you find to it!
Would be great to have a new modern alternative to the E-mail standard that is usable for both public and private messaging.
ActivityPub can be used for both public and private messaging, though I don't think the e-mail standard needs to be retired anytime soon.
There was once an idea named IM2000.
Then the world invented pull-style electronic communications systems via another route. You're looking at one.
* https://news.ycombinator.com/item?id=10410164
* https://jdebp.uk/Proposals/IM2000/
We might be able to do this with permissioned spaces. There are instances or use-cases where you want an outside entity to make changes to a user's repo
- email / inbox [or @mail since it is @atproto :]
- unsubscribe from email
- notifications / rsvp
The cool thing is that we could use the stackable moderation infra for dealing with bad actors
https://bsky.social/about/blog/03-12-2024-stackable-moderati...
stackable moderation for ignoring senders is a cool idea. I'll keep an eye out for permissioned spaces, is there encryption and signatures involved at all? (everything on bluesky is signed with PKI, iirc?)
And just unsolicited feedback but "Blebbit" is a deeply terrible name. It turns my stomach for some reason. I don't even know what a bleb could be or what it could represent besides, like, an ulcer.
Your content is signed with a key, but there isn't PKI in the same sense as certificates
There are two efforts around "permissioned" and "encrypted" spaces/content, where encrypted is the E2EE / signal like stuff and permissioned is more like Google Docs or the Discord like permissioning systems. There are use-cases for both
re: name, the second person to dislike, outnumbered by those who do like, will add you to the tally
the name is a play on plebeians / plebs / blebs, not to belittle, but to emphasize this is for the people, not the oligarchs.
Credible Exit Philosophy is important to me and the ATProtocol ecosystem. It means that users can leave an app without losing their data, that they can move their database without losing access, that the majority of Bluesky users could switch to an alternative if they become adversarial.
What it means is that ATProtocol bakes competition into our shared social fabric that all apps build on
there shouldn't be a rush to replace the things that have stood the test of time. Lindy's law would suggest a protocol that's been around 40+ years is fundamental and won't be going anywhere anytime soon.
email has come a long way with SPF, DKIM, and DMARC, and its cool that anyone can purchase a slice of the global namespace that is transferable between providers, but AFAIK the biggest road block to using email in a distributed self sovereign way is reputation and getting your messages delivered to google and outlook users partially because of the nonstop spam.
Do we have any new tools to prevent spam in a post-email world? Or can we just use the current email structure with some better GUI around PGP and Hashcash and force anyone who wants to send a message to burn 10 cents worth of electricity ?
I'm curious what you're looking for in an email standard ?
A quick back-of-the-envelope calculation says that USD 0.1 would be about 700 Wh, so, give or take, a high-performance desktop processor running full tilt for over four hours.
Personally, I'd prefer something like an expansion of how XMPP works. By default you only see what people in your contact list have sent you, and anything else is marked "dubious", and it's up to you to read it or not. I think it's a mistake that email servers have been given the responsibility to filter unwanted traffic. Email servers should have only ever simply passed along whatever they received (excluding excessively large messages, of course).