Wasn’t thinking “recovery” necessarily, but rather fully new account. The old account wouldn’t have “lost” anything, those backlinks are still there. Which doesn’t sound catastrophic. It’ll teach me to take better care of my keys next time :)
I also wasn’t precise :) I meant updates as in updates to the state (of the tree). The communication cost is prolly O(1).
Wouldn’t the network, social graph, etc all be still there, public, just not usable/mutable anymore? Not sure it’s quite the same as email/SIM which are more about private comms.
Oh I see! :) Not familiar with MST myself but fwiw, if an update to it is expensive, there are better alternatives that are not expensive.
I don’t use iCloud and don’t think it’s too much to ask from a user to try and be in control of their digital lives, taking responsibility.
Besides, if the key is lost, so what, create a new user/identity :)
What other keys are there beside the signing key and the recovery key? Held by the server: signing key. What about the recovery key? Would it be possible for the server, acting maliciously, to use my recovery key too?
I understand where you’re coming from with that but feel it’s lot to ask from a user. I could just hold the keys here in the app on my device.
Sounds good and reasonable.
Are the indexers kinda like PDSs in that they have all the data but don’t have the delegated authority to sign user’s posts?
I’d personally prefer a model where that wasn’t needed but fair enough :)
3. would be roughly the same as bsky.social PDS is now or a self hosted PDS (could host friends` data too)
1. Agreed this is a challenge
2. What do you mean by “mst”? Probably not super heavy to apply the updates and close to “set the latest state to msg X”.
3. Definitely, some kind of network cache or replicator node(s) would be needed
What are the complexities you’d face with cryptographic structures? As far as I can tell based on the documentation, they should all be possible to do client side.
Key management is definitely a challenge. I’ve been recently thinking it through the analogy of password managers. A signing key is like a password. Which feels it could work at least from UX perspective.
Was gonna ask about the recovery key. Is there a way to access it on my device? Is it also stored on the PDS?
That’s good to hear. I’d prefer using that model but can understand that many probably wouldn’t or it’d be too much hassle. I like my keys (authority in this case) personal and on my device :)
I’m sure it is complicated. What are the biggest challenges or limitations for this? The ephemeral nature of mobile clients?
That’d be really cool. And do I understand correctly that then PDS run by me and bsky.social would sync? Or would the PDS run by me need to be indexed separately by the indexers used for this app?
Ok, that’s helpful. So one could think of the DID document as a sort of access control definition?
Where are the private keys stored? On the device the app is installed on?
That was the overview section of the documentation at https://atproto.com/guides/overview It seems to me the overall construction of the network is simple and powerful and that’s great.
Freedom of speech, not freedom of reach. I like it!
Although, given the above re. Personal Data Servers, does it mean that the PDS can, in fact, prevent me speaking? Or pretend to be me and say (=sign) something on my behalf?
This is great! Surely we all have more than enough of space on our phones to store our feeds and photos. With this, Bluesky is like a distributed storage across all its users.
And who is the Personal Data Server in this case? Is it Bluesky the org? Is it my phone from which I’m writing this from?
Wait, the signing key, which iiuc is “me” here, is stored *on* the Personal Data Server? Does that in practice mean that my *private key* is stored on the server? Please let me be mistaken.
This is the important bit for any web app, network or protocol:
Reading https://atproto.com/docs which is pretty helpful so far and explains the concepts clearly on high level
I like it.
Please let the tech be worth it 🤞
Hello friend