Not only are they not end-to-end encrypted, Bluesky's DMs seem like they're entirely centralized. From their 2024 roadmap:
> We looked closely at alternatives like linking to external services, re-using an existing protocol like Matrix, or rushing out on-protocol encrypted DMs, but ultimately decided to launch a basic centralized system to take the time pressure off our team and make our user community happy.
It's a stop-gap because people want DMs and implementing them correctly (decentralized, e2e encrypted, etc.) is non-trivial. Rushing e2e encryption is not a good idea (and no, you can't just slap on matrix/signal and call it a day).
The alternatives are to:
1. Wait a bit longer for something half-baked that appears to meet the goals (i.e., something you're going to regret but will be unable to replace).
2. Wait even longer for something perfect.
By making the protocol centralized and stupid-simple, it's also stupid-simple to replace in when everyone is done painting the perfect bikeshed.
In my experience, temporary fixes are more likely to "stick" the better they are at addressing the problem. The fact that nobody is satisfied with this fix is a good sign.
They did, which is why it seems like a relevant example to your question. They shipped centralized, and have already replaced the centralized service they shipped with a decentralized service.
> They can monetise content that didn't originate on their platform.
They have been doing it for years.
> It shifts regulators attention from them to closed platforms like X.
It doesn't. Threads is just as closed (despite integrating an open protocol), and is still subject to the same scrutiny and provisions as the rest of Meta's products.
> They can leverage their advantages e.g. ad serving, safety to push competitors into niches.
So, let me get it straight. Facebook gained so much from adopting a decentralized protocol so they will inevitably move in the same direction that:
- they will use it to remain the only centralized service?
- they will use it to do the same thing they do before (serve ads, collect user data etc.) but somehow will be absolved of regulations and scrutiny?
Facebook messenger is not completely decentralized, but it is E2E encrypted now after years of struggle with governments and UX. It's definitely possible to move centralized systems to be more decentralized.
It's an example of somebody replacing a centralized protocol with a more decentralized one. It's also one of the biggest direct messaging platforms in the world with E2E encryption.
That depends on your definition of decentralization. Because of the way most people set up their apps, almost all Matrix users and ~all Signal users are using a centralized app under this definition.
> That depends on your definition of decentralization.
Decentralization literally means "not centralized". If you have a single centralized entity serving all your messages through a set of centralized servers, it makes the setup what?
> Because of the way most people set up their apps, almost all Matrix users and ~all Signal users are using a centralized app under this definition.
Yes, they do, and it's centralized. What exactly makes you think otherwise?
e2e encryption is a net loss for a lot of use cases. Particularly, most DMs are spam in my experience.
Spam prevention is much harder if the server can't see the message. Spam reporting can be done with sufficient effort, but stopping the known spam from reaching the user in the first place is impossible (the closest you can get is a client-side scan before actually showing the message to the user, which requires downloading the whole message just to show "number of incoming messages" indicator or else having the indicator lie).
And of course, E2EE is a lie if you're visiting a website anyway.
It is my understanding that many E2EE chat systems won't actually E2EE your initial message to someone you aren't already mutual in-app contacts with.
Either E2EE is something you "upgrade" an existing conversation into (only after both sides consent to the conversation); or E2EE is something that only inherently establishes once both sides have sent one-another a message; or E2EE is something you can only enable before you start a conversation, if you already have the other person's public key (which you only get when you request to add them as a contact, and they accept.)
I think schemes like this balance privacy with spam-prevention quite well: privacy-conscious people can explicitly add each-other before either person says anything / can send intentional small-talk as pairing messages; while everyone else gets the benefit of a central spam-filter sitting between them and messages from strangers.
Except they'll never replace it because they'll be too busy making some other feature stupid simple by centralizing it and we'll be back to centralized social media.
I feel for them, because even if they (and weirdos like us on this site) value decentralization and other related values the average customer just DOES NOT CARE. They're trying to compete with other platforms without this handicap and very people people are willing to give them any "credit" for it
I'm a little bit sympathetic, but they've also kinda tried to have it both ways. They spent ages inventing a new protocol for decentralized microblogging, and then ages more before you could actually use a server other than theirs. But DMs is now where they don't want to spend the time up front to do it the right way?
To be fair, they’re a tiny team with a ton of things on their roadmap and limited time to do it all. It seems they’re taking it slow on core stuff that they really need to get right, because it can’t be changed later, while adopting pragmatic solutions for things that users want now and which can be swapped out for better implementations in future.
From using Bluesky it feels like the goal is to build a social media experience that’s as decentralized as possible without sacrificing the user experience.
So, they want the experience to be like Twitter for the users that don’t care about decentralization, but to be backed by something like ATProto underneath for those who care.
I’d say Mastodon is more “the entire point is that it’s decentralized”. Bluesky it’s a major point, but not the entire point.
Yea, especially when their rational is DMs are the most asked for feature.
Build a good enough version now, and then tackle the end to end encrypted fully decentralized version. The cheap version can give them the breathing room to build the better version.
>Bluesky it’s a major point, but not the entire point.
And I'd say that was the right tradeoff to make. Mastodon is only marginally more useful than IRC at this point, and is completely useless to the average person. I as a developer have yet to even figure out how it's supposed to work. And no, I'm not going to spend hours digging through docs.
>Mastodon is only marginally more useful than IRC at this point, and is completely useless to the average person. I as a developer have yet to even figure out how it's supposed to work.
I don't know how you define "average person" but plenty of people who aren't developers are on Mastodon.
This argument that Mastodon is "too complicated" is perennial, despite the obvious evidence to the contrary in the growth of its adoption. It's particularly weird to keep seeing it on a forum full of people who think compiling software from source and working in arcane terminals is trivial.
You can just sign up for an instance like any other website (or multiple.) Or you can pay any number of hosts for an instance of your own (I use masto.host, $9.00/mo.) Or just run the activitypub plugin in Wordpress and your Wordpress is now also a Mastodon node.
It's been on a steady downward slide for the last year, from almost 2m during The Exodus to about 900k active users now. People sign up, but most don't stick around. I also can't help but notice my own timeline has slowed to a crawl, and it's mostly the same few people. It's not vibrant and busy like it used to be.
Aggressive growth and addictive velocity are cancerous, let it reach a healthy equilibrium. Slow can be good, too.
I'm following ~500 people at the moment, and getting relays from a few instances. I see a constant flow of new stuff but I can also easily leave and do other things, because Mastodon isn't designed to maximize engagement and addiction. I don't feel a constant need to post or comment or chase endorphins. The scale is just fine for me.
I was on there when it was just Mastodon.social. It was more vibrant then, and it's been more vibrant in recent memory, before it rocketed to 2m users and started falling. Something is different, and it's not good. I think people who've been there are getting fed up with problems no one seems to care about years on (even people like me who kept giving it chances and pushing for change), and new people are going somewhere else instead of trying Mastodon.
You can stick your head in the sand if you want and hope the year-long freefall stops rather than consider there might be a problem. It's what I've come to expect.
> plenty of people who aren't developers are on Mastodon
How many of them are gonna stick around once their instance goes offline, or the admin does something crazy (which isn't impossible considering how many of these are ran as personal/fun projects by geeks rather than actual businesses), or their instance gets into a feud with the others and results in defederation?
All of this is overhead. It's overhead that can be managed, or you can pay someone to manage it for you, but it's still overhead and extra problems that just don't exist when you can instead sign up for Instagram or Twitter and call it a day.
My person in deity the standard you're defending is the lunatic dumpster fire that is Twitter, where Elon just decides shit at random like "likes are private now" and "you can just pay for a checkmark" or "I'm unbanning all the nazis lol."
I personally haven't experienced any of the "overhead" of Mastodon that you're mentioning, and making seem far more common than it is, but Mastodon seems far more stable than Twitter as a platform and a community at the moment.
And sure, some people might not like it, and that's fine. There are and will always be alternatives. But anything is better than Twitter.
>I as a developer have yet to even figure out how it's supposed to work
You go to https://joinmastodon.org/, click on "join" (or pick another server if you are adventurous), fill in your username and email and you're good to go.
Why do people invent fictional horror stories about a service that's at this point functionally as easy to use as any bog standard website?
You go to https://joinmastodon.org/, click on "join" (or pick another server if you are adventurous)
Regular consumers hate this because they don't know what they're getting into, and it feels like the social media equivalent of a crypto scam where you're invited to buy a coin, any coin. It was probably intended to resemble arriving at college during rush week and pick a social/activity club to join, except you have to pick a server without any real way to browse around and understand what differentiates them.
heck, I'm not a regular user, and I find it annoying to pick a server without knowing what the vibe is. I want to lurk without any transaction costs before I sign up for something
You can see posts on any server to "find out what the vibe is" without registering. For example: https://fosstodon.org/public/local. What are the transactional costs here?
>You go to https://joinmastodon.org/, click on "join" (or pick another server if you are adventurous), fill in your username and email and you're good to go.
And that gives me access to the entire service? Or just bits and pieces of it? And how do I find other services? Asking around? Who's seeing my data if I sign up on another server? What are the anonymous operators of said server doing with my password and email? How do I message someone from another server? Are those messages secure at all?
Decentralized works for motivated parties. It does not work for the masses.
Yes, it gives you access to the entire service, you don't need to find anything. Messages and accounts in Mastodon are visible across the network. The operators of almost all instances aren't anonmyous, the address of the default server operators is literally listed on the about page.
If you have zero knowledge and don't care Mastodon functions exactly like Twitter. If you care more, you can invest time, host your own server, do what you want, that's optional.
If decentralized systems don't work it's amazing that my grandfather is able to send emails every day. Which is btw the exact equivalent to Mastodon. You don't care you sign up for Gmail, if you do, run a server out of your basement.
> If you have zero knowledge and don't care Mastodon functions exactly like Twitter.
That’s simply not true. Even as a technical user I sometimes stumble over things like not being able to follow an account after being linked to their servers web site. “Wait, why am I logged ou– oh, this isn’t my server.”
Those questions aren't there, when you sign up it's just like any other service. If you want to do the decentralized thing or wonder 'why do some people have specific domain handles and the like, the information is easy to get, but you could also use it without ever knowing any of that. So very low friction for non-technical users.
> And you know the answer to all those questions for bluesky?
Nope. Just pointing out the downfalls of decentralized, and the fact that compromising with some centralization (as Bluesky is doing) is a better way for most people.
The main issue with other platforms is that the content that exists within are too wild-west. Anime isn't a everybody thing nor are geeky Programming/Linux communities or furry artwork for that matter.
Where do I find TikTok content within Matrix? That's what the current content-matter is.
The corporate apply heavy exploitation; psychology and social exploits to the user. And while the other platforms don't and carry merits such as privacy and the likes; people really just don't care they are being used for systematic learning, being manipulated because some peer is influencing them.
Companies pay large amount of money in R&D for developing social exploits, all the way down to the background colour of the icon of the app. A platform has to have a gimmick to catch. Privacy, decentralized isn't it.
These foundations don't have corp money to pay for content producers, influencers and so you then end up with dwellings of niches which can turn urk at best.
Decentralization is a solution for establishing a saner, fail-safe governance structure (or we can call it "billionaire-proof"), not the problem to be solved by itself. You need to have enough traction to achieve this goal and sometime it might make sense to compromise the decentralized implementation part.
Kind of, sort of, but not so much? They're also targeting people who left Twitter because of the moderation policies, ownership, and/or user base. Among Bluesky users, Twitter migrants easily outnumber decentralization enthusiasts 10 to 1 at this point.
This is spot on. BlueSky and Threads have just become "left-wing Twitter", intentionally in quotes because it's actually a very small subset of users that left to found their own hug-box, due to some irrational hate of Musk, or that people they don't like at the old place are allowed to have opinions again.
Nobody cares about protocols, except maybe the handful of infosec nerds on Mastodon. It's about a middle school-level rearranging of friend groups. A VIP lounge where they only hang out with their own.
There was an exodus of a small subset of users, and BlueSky was there like an abandoned building that was squatted. It being invite-only added to the exclusivity as invites were passed amongst like-minded peers online, further adding to the echo-chamber.
I left Twitter because I got tired of having inflammatory content be shoved in my face without ever actively following any of the people posting it.
Censorship is bad, but amplification of horrible takes is not equivalent the absence of censorship.
The quality of ads (I was using the official client) was also quickly approaching the quality of predatory late-night TV shopping channels (“call NOW to get our ULTRA LINT REMOVER with free shipping!!!”).
His tweets started appearing in my feed at an absurd rate some time after he bought it, and I never followed him.
That’s like my utility company insisting I watch a message from their CEO on all devices they power every once in a while, or the owner of my car dealership calling me every once in a while unprompted to chitchat.
> People dislike Musk out of pure jealousy and try to rationalize it via other means.
I don't think this is true. Most people I hear express that they don't particularly like him, also attribute it to things that made me not like him. The rescuer story, the absurd trolling, the disparaging of specific individuals, the pretending to be for "freedom of speech" until the speech is about him.
This is a person I once thought had the desire and the means to push humanity forward. He's done so much, all of it tainted by, well, being absolutely unhinged.
Are you Elon's friend or relative? Logically, other people's opinions about him shouldn't concern you at all. Yet here you are white knighting someone who's just the CEO of a scaled text messaging app. Why do you care?
Who's talking about "getting upset"? Elon Musk has done a lot of things in his life that slot him into the "bad person, do not like, do not support" category. That's just called forming an opinion. I'm not playing darts with his photograph. I'd prefer to hear as little about or from him as possible, frankly.
It's nice that they are being honest about how the existing thing is not encrypted. Typically what happens with these things is that some entity announces that they have end to end encryption. But it turns out that they mean that end to end encryption is only possible. The user has to compare some ridiculously long number to achieve it and few users actually end up doing that. In most cases they are not even provided with any concepts to allow them to initially make things secure and maintain this security over time.
Didn't the early versions of Skype, which was coded by like 4 guys, do decentralized end-to-end encrypted messaging like 20 years ago? Before MS bought it and removed all the security at the behest of the government[0], I mean.
So two decades later, when we now have so many widely available open source libraries for networking and encryption, that job is somehow too hard for a well-funded organization like Bluesky? That's very sad.
End to end encryption is not a hard problem from a cryptography perspective. It's a hard problem for key management (eg, how do you handle multiple devices?) and recovery (how do you handle someone losing their phone and wanting to recover their previous messages?). Twitter tried this and half-assed it, and Bluesky apparently want to do a better job.
It's not a core feature for their current user base, apparently. I think they care about it more than their users do. They won't be able to implement it at all if they don't have any users.
Doing it in a way that behaves the way people expect is what requires work. It's easy when both people are online at the same time. It becomes more difficult when you want to ensure asynchronous delivery and receipt and which supports people hopping between devices and not losing the conversation history. I can naively think of a way which would be to make them work identically to normal Bluesky posts except they're encrypted with a public-private keypair, but that would leak who is talking to who and how many DMs people are sending and receiving.
Curious if they could simply piggyback on the Signal source code. Lots of folks try to reinvent the wheel these days. Just like protocol buffers reinvented ASN.1 + PER and so-forth. Even the crypto folks at protocol labs opted for the former in place of an established standard.
No. I wrote about this a couple of years ago (https://mjg59.dreamwidth.org/62598.html) and the answer is that while Signal solves the cryptography problem, the other hard problem (ie, everything to do with key management) is still up to whatever's on top of the Signal protocol.
They're not E2E yet, although they plan to introduce this later (and have had a good record so far of adding features incrementally with very few bugs). But you shouldn't be using any social media platform for communications that need to be secure.
Probably a noob question but: why is E2E encryption hard to implement? It took WhatsApp a long time to implement as well. Is there a particular reason?
End to end encryption isn't hard.
End to end encryption for non technical users who might forget their password, is hard.
The trouble isn't the encryption. It's, how do you make it feel seamless without having access to the private keys, and without asking the end user for their private key.
> We looked closely at alternatives like linking to external services, re-using an existing protocol like Matrix, or rushing out on-protocol encrypted DMs, but ultimately decided to launch a basic centralized system to take the time pressure off our team and make our user community happy.
https://docs.bsky.app/blog/2024-protocol-roadmap