Nostr notes by Émilio Gonzalez

Nostr event nevent1qqszzu8s245q2n2tdunv4a2e224fdq5624xqheg58vdsphptesym3qczyrs4nadgwunwxmxm8lujzvxaumt3nfhvnwhpk4f34t2tgqgm6hwxgy8zhgk

2026-02-28T21:11:15Z

In reply to nevent1q…wwsx
_________________________

What I'm trying to say is that "independence" is not ...

2026-01-04T22:56:59Z

In reply to nevent1q…8es3
_________________________

What I'm trying to say is that "independence" is not something that is achieved, it's at the extreme of a spectrum that you can never quite reach, but aim to get close to

I find that thinking about independence as a binary (as a lot of ...

2026-01-04T22:55:18Z

In reply to nevent1q…vfwf
_________________________

I find that thinking about independence as a binary (as a lot of people seem to be doing) is flawed. Nothing is ever truely independent, we all rely on things built and controlled by others and this will always be the case, so this is why I think it's misplaced. You don't *need* your own servers to be independent because true independence is not achievable.

Words like *need* imply that there is a recipe to follow to achieve "independence" (boolean). I don't think this is a fair way to frame it. Using Signal means that your chat platform is more independent than if you were using facebook Messenger. In the same way, using Matrix or some other decentralized protocol makes it more independant than using Signal

Independance is not solely about decentralization, it's about ...

2026-01-04T16:59:23Z

In reply to nevent1q…sh2z
_________________________

Independance is not solely about decentralization, it's about many other things, of which Signal represents some of them

What are the privacy risks you're referring to?

2025-07-17T23:30:55Z

In reply to nevent1q…vnn5
_________________________

What are the privacy risks you're referring to?

Why'd you drop Bluesky?

2025-07-13T22:13:38Z

In reply to nevent1q…lehq
_________________________

Why'd you drop Bluesky?

Let me tell you the story of Arslan, a guy from Pakistan working ...

2025-02-24T16:51:01Z

Let me tell you the story of Arslan, a guy from Pakistan working for the #BlackBasta ransomware group. This story is part funny, part sad. 🧵

(this is related to my previous thread https://infosec.exchange/@res260/114048694181192174 )

I would maybe nuance your first phrase like this: "so ...

2025-02-01T22:32:06Z

In reply to nevent1q…zr6e
_________________________

I would maybe nuance your first phrase like this: "so basically, it's not decentralized, but the technology is there if some people with a medium amount of resources want it to be decentralized."

It's currently not entirely up to bluesky to decide how decentralized the network is. They have in their roadmap things planned that with help with decentralization, but everything is currently there for people to make it more decentralized.

However, the BlueSky company COULD make it harder to decentralize, for example by only allowing THEIR AppView to consume from their Relays (firehose). This is why having more independant relays will be key to ensure that ATProto becomes more decentralized. If you know about TOR nodes, it's kind of the same things. If one entity controls most TOR nodes, this entity owns the TOR network, which is not supposed to happen.

TOR as a protocol and network kind of has a similar problem, as running a TOR node can be expensive.

A few facts and thoughts about #BlueSky being decentralized or ...

2025-02-01T22:01:25Z

A few facts and thoughts about #BlueSky being decentralized or not:<li><a href="https://infosec.exchange/tags/ATProto"; class="mention hashtag" rel="tag">#ATProto</a> (the protocol behind bluesky) is decentralized and open-source, but is controlled by a for-profit (albeit fiscally a public benefit) organization, "Bluesky Social PBC".</li><li>"Bluesky" refers to a sum of ATProto concepts, notably the AppView (bsky.app), the main Personal Data Servers (PDS, bsky.social), and the Relays (or firehose, bsky.network). There are others, but they're the 3 important ones.</li><li>Anyone can run their own AppView, PDS or Relay AND consume the content from/get their content consumed by the Bluesky infrastructure. HOWEVER, not everything is trivial or cheap to run.</li>

3.1 A PDS, which contains your data (account details but also posts, likes, follows, etc), is trivial and cheap to self-host. Cheaper than hosting a mastodon instance, even, because it does way less stuff and receives way less requests. See https://github.com/bluesky-social/pds

3.1 An AppView (the presentation layer, where users interact with ATProto content) can be created by anyone, but the bsky.app backend is NOT open-source, so there are not a ton of options right now.

3.2 Running a relay is trivial but expensive to self-host. This is because its purpose is to act as an aggregator for all the PDS so that AppViews can consume the data in a way that scales better. The Bluesky relay implementation (bigsky) is open-source: https://github.com/bluesky-social/indigo/blob/main/cmd/bigsky/README.md
About 2.5 months ago, 4.5TB of storage was needed and an OVH server costing 150$/month worked to host a full-atmosphere relay (more on that later).<li>To make a comparison with <a href="https://infosec.exchange/tags/ActivityPub"; class="mention hashtag" rel="tag">#ActivityPub</a> (the protocol behind <a href="https://infosec.exchange/tags/mastodon"; class="mention hashtag" rel="tag">#mastodon</a> ), the AppView and PDS is the same thing in ActivityPub, and the concept of relay doesn't exist. There are advantages and drawbacks to both architectures, I might do a future post highlighting those.</li><li>With those definitions out of the way, some observations:</li>

5.1 A lot of users self-host their PDS, but the vast majority of users chose the simpler option.

5.2 There are some alternative AppViews built on ATProto, but the vast majority of users visit bsky.app.

5.3 There are very little non-bluesky self-hosting of relays, mostly because of their prohibitive cost. Running the bigsky relay is expensive partly because of design decisions for ATProto and partly because it takes ALL content from ALL accounts for ALL the network on the atmosphere (in this case atmosphere == fediverse but for ATProto). This is like if your Mastodon instance queried ALL servers for ALL accounts querying ALL posts. In the future, there might exist relays that don't scrape ALL data but only a subset of it, which would bring down costs, but it's not yet the case.<li>So "is Bluesky decentralized?"</li>

6.1 In theory, yes, everything that bluesky does on ATProto can be.

6.2 In practice, however, the most decentralized part of Bluesky is the PDS, where the user data is stored, and even that is not *that* decentralized.

6.3 Will it stay this way? I'm hopeful it won't, but I don't know. ATProto is fairly new compared to ActivityPub, and the ecosystem around it was mostly built by the BlueSky company, but I expect this to change in the future. However, the cost of entry for things built on ATProto will always be *more* than the cost of entry for things built on ActivityPub.

6.4 Things built on ActivityPub will always be *more* decentralized than things built on ATProto, because of design decisions from both of these protocols.