this post was submitted on 01 Sep 2024
754 points (97.4% liked)

Technology

58134 readers
4466 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
754
Bluesky has gained a million new users in the last three days. (www.theverge.com)
submitted 2 weeks ago by [email protected] to c/[email protected]
171 comments fedilink hide all child comments
 

Bluesky has gained a million new users in the last three days.

The platform posted about the milestone this afternoon, which it crossed after Brazilian Supreme Court Justice Alexandre de Moraes ordered a ban on Elon Musk’s X yesterday as part of an ongoing feud with the platform.

Apparently, enough are headed to Bluesky to drive its iOS app to the top of the Brazilian App Store, as TechCrunch writes.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 2 weeks ago (1 children)

But what if the server that holds the cryptographic keys is suddenly gone? Then what?

Or does Bluesky use client-held keys? I just think client-held private keys is probably too complicated for most people to realistically and safely use.

[–] [email protected] 1 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

I assume you hold your own cryptographic keys, but I'm not actually sure how that works. Your client needs access to them to make posts, and it wouldn't make sense for the server to hold your private key, since that would mean the owner of your instance could make posts as you.

I haven't actually signed up to BlueSky to figure this out yet.

Edit: So it looks like users are authenticated using https://github.com/did-method-plc/did-method-plc But the keys are stored on the server, with an option to view your key for backup and migration. That does mean a certain level of trust with your instance, but you can self-host if that's a concern. A malicious host at least can't prevent you from rotating your keys and leaving (unless of course they steal your account entirely by rotating your keys themselves)

[–] [email protected] 1 points 2 weeks ago (1 children)

it wouldn’t make sense for the server to hold your private key, since that would mean the owner of your instance could make posts as you.

I mean, this is quite normal and common for all traditional social media (or any site really) you sign up for. It's what most ActivityPub instances do too, though there's nothing in ActivityPub that requires the server to hold the private key. It could in principle be held by the client but I don't believe there is any implementation that does that currently.

[–] [email protected] 1 points 2 weeks ago

Yeah, this is just me tacking on extra features I'd like. My security-minded programmer brain can't help but think of all the edge-cases. It's something that is suddenly possible with distributed social media that never was before.