What is the value of a social network? What is the value of a decentralized social network? And why is it that for some, the only acceptable and moral kind of technology is the kind nobody can own?
There's been a flurry of excellent writing about the rise of Bluesky and its technical details. Much of the debate conversation focuses on the differences between ATProto, Bluesky's underlying protocol, and ActivityPub, the open specification that powers Mastodon and the rest of the Fediverse. I'm fascinated by both protocols, but also by the phenomenon of social media in general. And I think the reactions I'm observing in my little corner of the internet—the freedom-first, open-source, privacy-über-alles corner—reveal and challenge a lot of core conceits.
In Part 1 of this...I dunno, treatise? we'll get the basic questions out of the way.
The Bluesky Questions
Is Bluesky open source? Not meaningfully.
I don't want to get too bogged down in the rather complicated architecture of Bluesky, but we do need to distinguish between the Bluesky app—the thing that looks like Twitter—and the underlying protocol, known as the Authenticated Transfer Protocol, or ATProto. So which of these is "open source?"
It gets a little messy.
The Bluesky client, the site at bsky.app and the thing on your phone, is absolutely open source. You can dive into it here. It's a fairly standard React Native app. It is super rad that an open source app has rocketed to the top of app store charts; that is a legitimate win. Ultimately though, this client is uninformative about the nature of Bluesky. As a client, it's reaching out to a server for all of its data. This is where things really get confusing, because didn't I just say the protocol was open?
ATProto is—the reference implementation anyway—but the Bluesky implementation is not. The frontend React app being open demonstrates how to build a client to interact with an AppView, but not the AppView itself. If I can't know how the decisions are made for me, what good is the source code for the client, especially when I can see the same thing with browser developer tools?
Consider the getSuggestions endpoint of the app.bsky.actor domain. This is the API endpoint that returns recommended follows to Bluesky users. Do we know how it works? Absolutely not, because we don't have access to Bluesky's implementation of the schema.
I have no idea how these recommendations are made for me. I can guess, but I am not allowed to know.
Meanwhile, all of Mastodon is open source—as are Misskey, Pleroma, Friendica, Pixelfed, PeerTube, Funkwhale...I could go on, but you get the point. The Fediverse ecosystem is replete with fully open, attestable code. You don't have to trust the developers; you can see the code with your own eyes.
Whether that makes one "better" than another is an entirely other question, and speaks to your value sets. We'll get to that.
Is Bluesky decentralized? No it is not.
There are a lot of big dreams in the ATProto roadmap, including higher degrees of decentralization. So one day it may be possible to create an alternative ATProto network that federates horizontally with Bluesky (more on that later), but currently the Bluesky network and the underlying protocol are effectively in the control of Bluesky PBC. As the authors above have noted, the costs associated with running your own Relay to aggregate data across the "Atmosphere" are prohibitive, since the Relay needs to process the entirety of the data flowing through Bluesky, also known as the "firehose." These costs are only increasing. Nifty projects like Jetstream lighten the load for some projects, but not Relays.
Oh also, there are components of the app that are protocol-independent, like Direct Messages. These are not part of ATProto, and also are not encrypted. This, again, is on the roadmap, but not current state. Bluesky owns your DMs, and can read them.
In fairness, it's early days for Bluesky, and Jay Graber et al have been quite clear about their intentions for ATProto and further opening up the ecosystem. Whether you believe that or not seems to come down to your skepticism around Bluesky's origins, the nature of capitalism, etc. There's a lot of misinformation about control and ownership of the company flying around, which I won't give voice to here. Are they a corporation? Yes. Are they funded by folks with gross ties? Yes. I don't know if those two things by themselves are permanently damning. Maybe they are for you. I will judge Bluesky on their actions, not guilt by proxy association.
Is Bluesky federated? Depends what you mean.
In Christine Lemmer-Webber's Bluesky Thread related to her blog post linked at the top, the company's CTO and lead developer Paul Frazee had this to say:
I tend to think of atproto as a federalist republic (like the US) and activitypub as a confederation (like the EU). Both have pros & cons, and I want both to thrive and give redundancy to each other
Paul is getting at something important: I think a lot of folks conflate "federation" and "decentralization." Indeed, the easiest-to-access definitions of "Fediverse" focus on decentralization.
From fediverse.to:
The fediverse is a collection of community-owned, ad-free, decentralised, and privacy-centric social networks.
From fediverse.info:
The Fediverse (a portmanteau of "federation" and "universe") is an ensemble of federated (i.e. interconnected) servers that are used for web publishing (i.e. social networking, microblogging, blogging, or websites) and file hosting, but which, while independently hosted, can communicate with each other.
And the Mastodon Home Page:
Each Mastodon server is a completely independent entity, able to interoperate with others to form one global social network.
To read this, decentralization and independence would appear to be required for federation. This is not so. Federation is about uniting disparate parties while honoring their individuality. It's a compact, an agreement. The Latin origin is fidere: to trust. Trust, not distrust, is the lifeblood of federation.
As ever, Star Trek points the way. The United Federation of Planets is, well, united. Under one flag. Many worlds, but a single government that distributes resources and provides for common protections. And while Starfleet exists, each world continues to operate as it likes, provided those activities are in keeping with Federation law.
So Bluesky does take multiple PDSes (which can be self-hosted) and unites them under a single banner, also known as an AppView, also known as Bluesky. It is a vertical unification into a single entity. This meets a common definition of federation, although this remains mostly academic, since a vanishingly small number of people will host their own Bluesky data.
The Fediverse employs a much different usage of "federation." For Mastodon et al, federation is a horizontal unification by means of a standard language, and mutual trust among entities. Here the EU—especially the Eurozone—works pretty well as an analog (so do the Articles of Confederation that predate the US Constitution, which, yikes!). Among members, there is self-governance with broad agreements, and a common form of exchange. For the Eurozone, that exchange is the Euro. For the Fediverse, that would be the ActivityPub specification.
Which form of federation is better? Both have advantages, and different ultimate goals. Both have identified unity, safety, and self-determination as values to uphold, but have placed different priorities on each. The Fediverse favors self-determination over unity, while Bluesky chose the opposite. In both cases, they contend their choice is the best for safety.
"Safety from what?" is a fair question.
If you grew up in Philadelphia, you know this Ben Franklin quote by heart:
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
It has become a libertarian mantra. It has also, I think, inspired many denizens of the Fediverse. Let's leave aside the fact that the quote was actually in defense of government power, the common interpretation favors individual liberty over central control that distributes safety as a service, whether in the form of military protection, social services, or content moderation.
The Fediverse sees central control as "temporary safety" (and only for some), while in the long run, central control of anything is an inherent threat. What happens when the central control goes bad? This question lies at the heart of so many positions in not just the Fediverse community, but the open source software community at large. This is especially true for marginalized people who came to the Fediverse seeking refuge from abuse and harassment in more mainstream spaces. The ability to block threats and maintain an exit route is of paramount importance to them.
Bluesky's threat model is more about bad actors in the network, and protecting users from them. Secondarily, they want the protocol to empower a spread of the network, but the first attention is to user safety. That's not an ignoble goal, and one that the Fediverse famously struggles with. There's a reason so many Black folks have found Fedi hostile and decided to abandon it.
But what if Bluesky really does go evil? Or fold, or something else? The infrastructure is hosted in the United States. What if the US goes (more) evil, and requires access to Bluesky's servers? How do you feel about vertical federation now? Meanwhile, most anyone can run a Mastodon or other ActivityPub service at reasonable cost. And the servers can reside anywhere. Yeah, the networking is more complicated and the moderation is wholly volunteer-based, but its decentralization makes it oppression resistant.
In times like these, oppression resistance is something you might want in your tools and platforms.
Now that we have the basic questions covered, we need to address why none of this matters. Or well, it matters to the nerd elite, but not the average user. And contrary to the nerd elite's consensus, it's the average user's opinion and experience, not their our own, that drives change.
We'll do that in Part 2.