Bluesky adds direct messages(bsky.social) |
Bluesky adds direct messages(bsky.social) |
Social platforms like BlueSky have radically different design constraints than direct messaging applications. The implications range from security to social dynamics to legal concerns.
Social DMs are bad. Try not to use them!
Which are...?
> Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can.
I think nowadays we can substitute email with chat/DM.
What's lacking for me now is video. Having to share through YouTube and then embed for just small daily clips is a bit cumbersome.
The people I interact with on BlueSky are nice, and the website is serviceable. But like Pebble / T2, I just don't see the momentum there.
Slow clap for Bluesky.
They don't have E2EE yet, and use a different system than posting does on the site. (ergo, I think they're not in the firehose)
I'm not sure there are any non-bluesky Relays
I know folks are hosting their own labellers.
and I know folks are hosting their own appviews
I've seen repeated kerfuffles about people running mastodon-bluesky bridges
Now that federation is enabled in the public network, I've been working on a slightly more production-ready rewrite[1], although it's not yet in a usable state (haven't had much time to work on it lately)
So all the money, all the development, to create Twitter² and they just added DMs?
That seems an underwhelming achievement.
It would be something no other platform has managed. Including this site.
Less my thing, but if your interests include trans rights, furry porn, or romance authors, Bluesky's definitely the place for you.
Signing up went really well. Mastodon absolutely fumbled the Twitter disaster because it was difficult for non-technical people to figure out what to do. Bluesky just looks like Twitter unless you're actively looking for options to be on another server.
> if your interests include trans rights, furry porn, or romance authors, Bluesky's definitely the place for you.
Same could be said for Mastodon, plus retrocomputing and a lot of tech people who don’t want to be on Musk’s Nazi bar anymore. Compiler folks and John Mashey hang out on Mastodon.
If you follow US politics, you do want to be on BS, though. Mastodon is better for international politics and stuff like Eurovision.
when openai launched gpt-4o and google had its i/o, the two events didn't make a dent in the bsky trends. what did make a big dent was eurovision. that says a lot about the population of tech people.
> We looked closely at alternatives like linking to external services, re-using an existing protocol like Matrix, or rushing out on-protocol encrypted DMs, but ultimately decided to launch a basic centralized system to take the time pressure off our team and make our user community happy.
Yes, I know there's plenty of reasons you'll nitpick twitter and I can nitpick bluesky as well.
More competition is good and I like to see it. Go where your friends are and have a good time.
If you want the edge of Ai/ML, I suggest twitter. Lots of world class accounts. Bluesky is good, has more old school... like 'harry potter' type nerds on it. They post interesting stuff. You should also have a discord. Maybe an insta if you're trying to get a gf
It's really not. It was good for a short while, way before the Muskquisition but the quality both of the service and of discourse have declined.
firefox is my default browser, and i have the enhanced tracking protection to strict.
Nostr is much better positioned to take on these large platforms IMO. You can build pretty much any social experience on it.
Here's a selection of things folks have built on top of the protocol: https://www.nostrapps.com
If someone said, "I'm on Nostr," and I wanted to join them, then I found that page you linked to... now what? What is a Zap? Is this some kind of crypto nonsense? "amount in sats"... what's a sat? I just went to what was supposed to be a reddit clone and there were 0 posts. Another one is just a chess board. What is this supposed to be, the user asked? I'm already annoyed by this. "Here are 90 sites, go find the 1 that might not be a ghost town that will also let you talk to your friends." This is a bad first impression, and it's not even my first time hearing about it.
The public will never be sold on a protocol, there needs to be that one killer app that brings people in, and if the protocol is flexible to allow for more things, great.
99% of social media on the English-speaking web is basically American politics obsessed, if you don't want that you need to branch out to other languages.
While they’re building out, keeping it exclusive and taking their sweet-ass time, something else will come along and eat their lunch.
I am saying this as a bitter outsider without a Bluesky account but with FOMO.
You'll be pleased to learn that Bluesky sign-up has been open to all without invitation since last February.
It already happened.
Whilst Bluesy was requiring invites, Threads launched and now has the highest DAUs of all of the text social networks.
Nostr has it right where servers/instances are completely interchangeable and all the hard work is done by the client.
I get why Mastodon had servers at the beginning - because browsers can't speak any other protocol than HTTP towards a single origin domain name. But this limitation fundamentally constrained the entire product into a corner that's very hard/impossible to back out of.
Mastodon should've been Nostr in the first place, with "instances" just being read-only views into the network (to satisfy browser's "demand" for an HTTP endpoint), but otherwise would be disposable and interchangeable - all write actions would be made by a client that doesn't have the constraints of a browser and can interact with the decentralized network over an appropriate protocol (and do the necessary cryptographic magic to ensure those peers are trustless and interchangeable).
The concept of "instances" not only introduces many user experience problems that makes it a non-starter for non-technical people (or even technical people who just don't have the time/willingness to deal with BS) but also open the door for politically-motivated feuds between instance admins to which the users are held hostage (instead of moderation being done on the client where the user is the only one in control of which "moderation feeds" they subscribe to, similar to an ad blocker list).
Plus realising that global search was something that many admins were fundamentally opposed to.
Oh and the array of UX issues that made me suspect that many demographics would never adopt it.
You need to recreate your own centralized cyberspace and then build the underground path to the decentralized canyon.
Then provide a mothership allowing others to dock of their own standards and protocols. Yet allowing them to take off at their own accord with the data of the centralized hub.
That seems like a positive, not a negative. If you don't like the choices of the people running Twitter or BlueSky, you can't leave but still maintain your social graph.
I suspect that's why Twitter is still doing as well as it is participation-wise since the Musk acquisition: Twitter is still by and large where the people are, even if the owner is an insufferable jerk.
From listening to a podcast with the founder it seems that's their goal too as they want to integrate bluesky with e-commerce which obviously doesn't work well globally.
The other big reason I went with Bluesky over Mastadon is that several of the people I used to follow on Twitter have moved over to Bluesky.
Oh interesting. This is a really cool feature. It kinda nudges it in the direction of being a private, self-run micro-blogging platform, where replies are essentially comments that you can moderate.
2/3 of top 3 and half of top 10-20 Mastodon instances(not including Misskey ActivityPub servers) are Japanese. They really don't like that.
Cutting out the Nazis from Twitter is a great start, but Mastodon has done this by simply doubling down on the other end of the horseshoe. It's Truth Social for the other fringe.
BlueSky seems somewhat richer in normal people, but that probably won't last if the platform is successful over time. It seems in the nature of social networks to be taken over by parasitic outrage grifters.
I mean, sure if you want to run a PDS or labeller, that's basically technical folks only at this point, but I've seen non-technical people put together feeds, choose which labellers they want to pay attention to, etc.
but for just skeeting and BMing, it's user friendly
The alternatives are to:
1. Wait a bit longer for something half-baked that appears to meet the goals (i.e., something you're going to regret but will be unable to replace). 2. Wait even longer for something perfect.
By making the protocol centralized and stupid-simple, it's also stupid-simple to replace in when everyone is done painting the perfect bikeshed.
But we all know that the more temporary the fix, the more permanent it becomes.
Can you recall any example of anyone replacing a centralized protocol with a decentralized one?
Spam prevention is much harder if the server can't see the message. Spam reporting can be done with sufficient effort, but stopping the known spam from reaching the user in the first place is impossible (the closest you can get is a client-side scan before actually showing the message to the user, which requires downloading the whole message just to show "number of incoming messages" indicator or else having the indicator lie).
And of course, E2EE is a lie if you're visiting a website anyway.
They're not targeting the average customer (by whatever metric you measure an average customer). They're targeting people that value decentralization.
Nobody cares about protocols, except maybe the handful of infosec nerds on Mastodon. It's about a middle school-level rearranging of friend groups. A VIP lounge where they only hang out with their own.
There was an exodus of a small subset of users, and BlueSky was there like an abandoned building that was squatted. It being invite-only added to the exclusivity as invites were passed amongst like-minded peers online, further adding to the echo-chamber.
So two decades later, when we now have so many widely available open source libraries for networking and encryption, that job is somehow too hard for a well-funded organization like Bluesky? That's very sad.
[0] https://en.m.wikipedia.org/wiki/Skype_security#Eavesdropping...
The trouble isn't the encryption. It's, how do you make it feel seamless without having access to the private keys, and without asking the end user for their private key.
Musk’s transformation may have made it exponentially worse, but for some people it was already very bad.
Hard pass. Why would I ever want my wallet to be social? What does a social network have to do with Bitcoin? This sounds like social media for insufferable crypto bros.
It's less due to politics and more due to the rotten business models of all mainstream social media - it encourages engagement (algorithmically, so it doesn't even need human intention/decisions), it just turns out that political content is great at generating engagement and thus it floats to the top.
Various actors take advantage of this for various reasons (including political motivations) but the underlying problem is that the platform itself will promote any content as long as it generates engagement.
Either E2EE is something you "upgrade" an existing conversation into (only after both sides consent to the conversation); or E2EE is something that only inherently establishes once both sides have sent one-another a message; or E2EE is something you can only enable before you start a conversation, if you already have the other person's public key (which you only get when you request to add them as a contact, and they accept.)
I think schemes like this balance privacy with spam-prevention quite well: privacy-conscious people can explicitly add each-other before either person says anything / can send intentional small-talk as pairing messages; while everyone else gets the benefit of a central spam-filter sitting between them and messages from strangers.
Petty tyrants try to ruin everything.
On Bluesky, there are art feeds for every kind of interest. I've used Mastodon since near the beginning and really only stick around for the small cohort of instances mine is in. It's increasingly all crossposts from Bluesky.
>> "If you don't like the choices of the people running Twitter or BlueSky, you can't leave but still maintain your social graph."
It took a while but I'm convinced they're sincerely working toward account portability. I can at least already point my domain at another PDS even if getting at my posts would be a sketchy, probably very technical operation with command lines and scripts. (For now)
These are people who've been working on decentralized social media for as long as it's been a thing (and newer people who share the goal), and it's hard to ignore the dedication to that goal once you look into their histories.
[0] https://info.tech.lgbt/2023/10/13/thebadspace-situation.html
I (actually not my personal but a project account) had to move servers because the original server had been blocked by other admins because of a fairly interminable dispute about whether one user had been racist (it was far from clear cut from what I could tell from the brief time I spent digging into it).
How is this positive? It seemed to spell out a future where Mastodon split into islands based on long-forgotten generational disputes.
I want one network with a clean way to choose who I see and who interacts with me. I don't want other people making this decisions on my behalf.
Twitter and mainstream social media is still doing well because they have a large network of people that are either non-technical and can't use the fediverse or just can't be bothered.
The Musk acquisition is a storm in a teacup, for the vast majority of people (especially outside the tech circles) nothing changed. Yes it's still a cesspool, there's spam, Nazis and harassment, but that's not a significant difference from what it was before (every high profile tweet was immediately replied to by crypto scam bots even pre-Musk), and the format of the platform has always encouraged polarization, hostility and harassment, so Musk didn't change much there either. Yes it's a cesspool, but it's the same one that people know and (seemingly) love.
To me it seems like Mastodon's focus on hashtags as discovery mechanism won hard in this space thus allowing such diverse communities to thrive on the platform.
There's an implicit language filter around your default language. It was implemented because the Japanese is comparatively as large as the English audience and a lot of English language users were complaining about searches and feeds being filled by Japanese posts. I chat a lot with Japanese Bluesky because I'm fluent in Japanese; probably 50% of my Bluesky activity is with Japanese Bluesky. I've made friends with a Japanese tech reporter and they share their articles with me occasionally, so it's fun to see a non-English speaking perspective.
Unfortunately I think a lot of the people who use Mastodon and are trying to dunk on Bluesky are doing so in bad faith or not quite bad faith but a non-willingness to explore Bluesky with the same openness and curiosity as Mastodon (this may purely be from a time perspective, I mean we're all human and only have so much time to devote to internet shitposting.) I used and stopped using Mastodon before the whole Xitter thing, because I had 2 instances shutdown on me for various reasons and didn't want to bother trying again. I'm mostly on Bluesky and it seems to have the same features as Mastodon sans the easy to build instances because ATProto is a more complicated protocol. I find the network of Bluesky (or at least my feed) to be a lot less tech focused and for me this is a win. I already engage with tech people on HN, parts of Reddit, and Discord. I don't need yet another tech site full of the common tech tropes like ranting emotionally into the void or getting hung up on niche things that only tech people care about. Just my $0.02.
The feedback about not cross-pollinating non-English-speakers is good though and I've been working on a feed that uses some ML to generate cross-cultural feeds around certain topics. It's been slow going because work has been tough and I'm locked in wedding "hell" in my personal life.
They are moving slowly on purpose. I get what you're saying but perhaps give it some time to grow?
Twitter has been around for almost 20 years now, and Mastodon for who knows how long.
I don't think https://tweetnacl.cr.yp.to/ is hard to mess up. Similar to the interior of a furry suit, you won't know what is going on in there.
Furry cryptography nerd here.
No. This is inadequate.
> I don't think https://tweetnacl.cr.yp.to/ is hard to mess up.
Yes it is! If you're doing to encrypt some things in a constrained use-case, sure, NaCl is better than hand-rolling it yourself. But it's not sufficient for end-to-end encryption. Here's a few things that TweetNaCl (and other NaCl variants) is, without further protocol design, inadequate to protect against:
1. Invisible Salamanders. NaCl uses xsalsa20poly1305, which is not key-committing.
2. Forward Secrecy. NaCl's crypto_box doesn't give you this at all.
3. Key Compromise Impersonation. See also, Toxcore, which built atop NaCl: https://github.com/TokTok/c-toxcore/issues/426
4. How do you do group messaging? If you do it as just pairwise, do you use the same public key as your p2p messaging? There's a lot of ways that can subtly go wrong.
There is a damn reason end-to-end encryption involves authenticated key exchanges and forward-secure double ratchets.
If you want to rotate keys, then simply delete your private key and since we trust Bluesky so much we can use the PDS to share new pubkeys once we rotate. In fact, this would work for signing keys too! Then the PDS wouldn't be able to write messages for you if it wanted to.
For group messaging you simply encrypt the message to each recipient.
If they want to upgrade to a Axolotl from this, great! But starting with plain text is not private messaging, it is group messaging with your PDS admins and whoever they want to share that data with.
Censorship is bad, but amplification of horrible takes is not equivalent the absence of censorship.
The quality of ads (I was using the official client) was also quickly approaching the quality of predatory late-night TV shopping channels (“call NOW to get our ULTRA LINT REMOVER with free shipping!!!”).
The problem is the definition of 'horrible takes' is, and always will be, subjective.
Possibly there is also a way to run a social network uneditorialized, but Twitter clearly isn't attempting that.
Sorry, but I think that deliberately obfuscates the changes Musk has made at Twitter. See https://ketanjoshi.co/2024/04/19/you-are-the-fuel-that-energ... for one summary.
Do you get upset if the CEO of your electric utility made stupid political statements?
Or if the owner of a car dealership cheats on his wife?
Tiger Woods slept with like fifty waitresses and masses of people were furious. Why? What did they expect his life as a star athlete was?
People dislike Musk out of pure jealousy and try to rationalize it via other means. The logical option would be to simply not care.
That’s like my utility company insisting I watch a message from their CEO on all devices they power every once in a while, or the owner of my car dealership calling me every once in a while unprompted to chitchat.
I don't think this is true. Most people I hear express that they don't particularly like him, also attribute it to things that made me not like him. The rescuer story, the absurd trolling, the disparaging of specific individuals, the pretending to be for "freedom of speech" until the speech is about him.
This is a person I once thought had the desire and the means to push humanity forward. He's done so much, all of it tainted by, well, being absolutely unhinged.
https://github.com/soatok/rawr-x3dh
I'm telling you, TweetNaCl is not enough to build a secure messenger
libsodium, maybe
I'm going to personally add you to the list of people Bluesky should hire to get this implemented without the consent of the Bluesky employees. If they choose to hire both of us perhaps we can figure out how to implement this for them.
I will not commit to putting on a furry suit. But I've been known to try everything once. And bonus I live right next to the furry convention center and have always wondered what the heck is going on at the Hyatt while you guys are here.
So, they want the experience to be like Twitter for the users that don’t care about decentralization, but to be backed by something like ATProto underneath for those who care.
I’d say Mastodon is more “the entire point is that it’s decentralized”. Bluesky it’s a major point, but not the entire point.
What use is first delivering today's table stakes features 5 years from now, albeit fully decentralized and open?
Build a good enough version now, and then tackle the end to end encrypted fully decentralized version. The cheap version can give them the breathing room to build the better version.
And I'd say that was the right tradeoff to make. Mastodon is only marginally more useful than IRC at this point, and is completely useless to the average person. I as a developer have yet to even figure out how it's supposed to work. And no, I'm not going to spend hours digging through docs.
I don't know how you define "average person" but plenty of people who aren't developers are on Mastodon.
This argument that Mastodon is "too complicated" is perennial, despite the obvious evidence to the contrary in the growth of its adoption. It's particularly weird to keep seeing it on a forum full of people who think compiling software from source and working in arcane terminals is trivial.
You can just sign up for an instance like any other website (or multiple.) Or you can pay any number of hosts for an instance of your own (I use masto.host, $9.00/mo.) Or just run the activitypub plugin in Wordpress and your Wordpress is now also a Mastodon node.
If I can do it, it ain't that hard.
You go to https://joinmastodon.org/, click on "join" (or pick another server if you are adventurous), fill in your username and email and you're good to go.
Why do people invent fictional horror stories about a service that's at this point functionally as easy to use as any bog standard website?
The main issue with other platforms is that the content that exists within are too wild-west. Anime isn't a everybody thing nor are geeky Programming/Linux communities or furry artwork for that matter.
Where do I find TikTok content within Matrix? That's what the current content-matter is.
The corporate apply heavy exploitation; psychology and social exploits to the user. And while the other platforms don't and carry merits such as privacy and the likes; people really just don't care they are being used for systematic learning, being manipulated because some peer is influencing them.
Companies pay large amount of money in R&D for developing social exploits, all the way down to the background colour of the icon of the app. A platform has to have a gimmick to catch. Privacy, decentralized isn't it.
These foundations don't have corp money to pay for content producers, influencers and so you then end up with dwellings of niches which can turn urk at best.
If you know the secret to stopping car dealership spam, please share!
And they have added ActivityPub integration moving everything closer to decentralisation.
Given how much of a win-win for Meta it is it wouldn't surprise me to see all their networks move in that direction.
How much?
> to see all their networks move in that direction.
Why would they? What exactly will the move entail?
b) It shifts regulators attention from them to closed platforms like X.
c) They can leverage their advantages e.g. ad serving, safety to push competitors into niches.
They have been doing it for years.
> It shifts regulators attention from them to closed platforms like X.
It doesn't. Threads is just as closed (despite integrating an open protocol), and is still subject to the same scrutiny and provisions as the rest of Meta's products.
> They can leverage their advantages e.g. ad serving, safety to push competitors into niches.
So, let me get it straight. Facebook gained so much from adopting a decentralized protocol so they will inevitably move in the same direction that:
- they will use it to remain the only centralized service?
- they will use it to do the same thing they do before (serve ads, collect user data etc.) but somehow will be absolved of regulations and scrutiny?
it being encrypted but routed through a single companies servers means its just as centralized as if it were unencrypted though
I'm following ~500 people at the moment, and getting relays from a few instances. I see a constant flow of new stuff but I can also easily leave and do other things, because Mastodon isn't designed to maximize engagement and addiction. I don't feel a constant need to post or comment or chase endorphins. The scale is just fine for me.
You can stick your head in the sand if you want and hope the year-long freefall stops rather than consider there might be a problem. It's what I've come to expect.
How many of them are gonna stick around once their instance goes offline, or the admin does something crazy (which isn't impossible considering how many of these are ran as personal/fun projects by geeks rather than actual businesses), or their instance gets into a feud with the others and results in defederation?
All of this is overhead. It's overhead that can be managed, or you can pay someone to manage it for you, but it's still overhead and extra problems that just don't exist when you can instead sign up for Instagram or Twitter and call it a day.
I personally haven't experienced any of the "overhead" of Mastodon that you're mentioning, and making seem far more common than it is, but Mastodon seems far more stable than Twitter as a platform and a community at the moment.
And sure, some people might not like it, and that's fine. There are and will always be alternatives. But anything is better than Twitter.
If you prefer Bluesky, that's fine. Competition is good.
Decentralization literally means "not centralized". If you have a single centralized entity serving all your messages through a set of centralized servers, it makes the setup what?
> Because of the way most people set up their apps, almost all Matrix users and ~all Signal users are using a centralized app under this definition.
Yes, they do, and it's centralized. What exactly makes you think otherwise?
Regular consumers hate this because they don't know what they're getting into, and it feels like the social media equivalent of a crypto scam where you're invited to buy a coin, any coin. It was probably intended to resemble arriving at college during rush week and pick a social/activity club to join, except you have to pick a server without any real way to browse around and understand what differentiates them.
And that gives me access to the entire service? Or just bits and pieces of it? And how do I find other services? Asking around? Who's seeing my data if I sign up on another server? What are the anonymous operators of said server doing with my password and email? How do I message someone from another server? Are those messages secure at all?
Decentralized works for motivated parties. It does not work for the masses.
If you have zero knowledge and don't care Mastodon functions exactly like Twitter. If you care more, you can invest time, host your own server, do what you want, that's optional.
If decentralized systems don't work it's amazing that my grandfather is able to send emails every day. Which is btw the exact equivalent to Mastodon. You don't care you sign up for Gmail, if you do, run a server out of your basement.
That’s simply not true. Even as a technical user I sometimes stumble over things like not being able to follow an account after being linked to their servers web site. “Wait, why am I logged ou– oh, this isn’t my server.”
Nope. Just pointing out the downfalls of decentralized, and the fact that compromising with some centralization (as Bluesky is doing) is a better way for most people.