Hello folks,
I would like to share my disappointment and concerns about Bluesky and the AT Protocol, and hear your thoughts on this. I welcome your thoughtful and insightful input.
I have been an early Bluesky user since around 2023. Like everyone else, I felt a small sense of “hope” in the idea of an open social network and an open protocol after more than a decade of decline in social media, as we all tried to run away from algorithms, advertising, misinformation, and all the other forms of digital waste created by fascist big tech companies.
That was “the ideal”, at least.
Open social networks and open protocols gave us a sense of “hope” for greater freedom, decentralization, and regaining control, at least to some extent.
However, after spending time across the AT Protocol network and Bluesky, and using several platforms built on it, I realized an ironic reality.
This openness is not truly freer or more controllable. In the end, it only seems to be a different form of control.
I do not deny that the AT Protocol communities are still growing strongly, are vibrant, and have great potential. Things seem “promising”.
But personally, as an ordinary user rather than a technology expert or programmer. I have too many concerns about safety, privacy, and control. To me, it does not feel much different from being trapped inside the ecosystems of big tech social networks.
- Regarding openness
A PDS identity, cool, can be easily used across many platforms.
But everything is open, and everything is indexed.
Even who you block, who blocks you, when you usually use an app, your daily time, what your previous usernames were, etc… and more are all recorded.
This is genuinely dangerous and concerning for users. Malicious people can stalk and harm others. Conflicts in work and daily life can arise across networks of colleagues and friends because everyone can know who blocked whom. Or, it could increase hostility in many different ways between communities, institutions, and countries. Or, simply out of curiosity, anyone can check open information about your account and your activities through third-party indexing tools and apps created to index data on the AT Protocol.
- Regarding PDS management
Having a single PDS shared across the entire ecosystem sounds quite simple and easy to understand.
However, actually understanding it and managing it is far from easy for most ordinary users who know little or nothing about programming or technical systems.
Does this mean that Bluesky and the entire AT Protocol community are ultimately designed only for programmers, developers, engineers, digital experts, and people with technical expertise?
Even knowledgeable users such as artists, teachers, scholars, etc., may not fully understand the technical aspects of using platforms within this protocol.
When we first started using it, we had no idea that ALL of our data was public. Or perhaps we only knew that followers, following, likes, and posts were public.
Then we realized that numerous third-party indexing tools record our behavior and activities — making nearly all of our data publicly accessible.
You could say that as long as we are present on social media or simply on the internet, everything is public.
True.
But at least I know in advance what I choose to make public and what I still have some control over. Here, when joining the AT Protocol, we are completely passive in understanding what is happening to our accounts and data.
We are not programmers, developers, engineers, digital experts, or people with technical expertise who can closely follow the development of the AT Protocol or research it every day.
Clearly, from the beginning, Bluesky and the entire AT Protocol ecosystem have consistently presented themselves as a protocol and a set of communities built for everyone. Yet in the end, both on the surface and beneath the surface, they seem to have been built only for programmers, developers, engineers, digital experts, or technology investors. Even politicians, social media personalities, KOLs, and influencers are migrating from old platforms to spread the same toxic behaviors once again.
If that is the case, then ordinary users once again become the product, the content, and the experiment for an entire community and protocol made up of many different companies, over and over again.
That is truly ironic: a digital spectacle society trapped in an endless loop.
Fediverse graybeards always knew how Bluesky (and Threads) would play out. We know multi-billionaire Jack Dorsey belongs to the big club that you ain’t in.

Yes, it’s similar to Signal and a bunch of stuff out there. The founders of the tech industry are just moving the model from one name to another, disguising it as more progressive and secure, but essentially it’s still the same prison, and we’re just digital prisoners being moved from one prison to another.
it’s similar to Signal
Can you elaborate on this?
You may know or may not know, Brian Acton - the co-founder of WhatsApp, sold WhatsApp to Meta, and then co-founded the Signal Foundation.
He left WhatsApp after they started enshitifying it. Signal is what WhatsApp was supposed to be: a private messenger.
Do you understand the point? Read the comments again.
Yes, it’s similar to Signal and a bunch of stuff out there. The founders of the tech industry are just moving the model from one name to another, disguising it as more progressive and secure, but essentially it’s still the same prison, and we’re just digital prisoners being moved from one prison to another.
He left Whatsapp and created something similar. There’s no guarantee it’s more private, more secure, or won’t be sold again.
There’s no guarantee it’s more private, more secure
The code is opensource. We can independently audit it. There even exists forks, like Molly.
won’t be sold again.
Unlikely imo.
Literally what Bluesky did:

Source: https://xkcd.com/927/Kind of, but that’s what every creator of every protocol in existence did, including ActivityPub. Thats just how stuff gets made. One thing to appreciate about ATproto is that they made the protocol extensible so that you can shape the standard to fit your own needs in a way that other protocols like ActivityPub don’t, at least not as easily. Since the base of ATproto isn’t your home instance but rather your own personal PDS which is just a database, anyone can define a new schema for records on your database and stand up new functionality, like with Standard.site.
This means that you can connect practically anything to ATproto by simply creating records that match the same schema other ATproto apps expect. Like you can connect a simple blog that is just a static site to the “Atmosphere” (ATproto’s term for fediverse) with a simple script that adds a record when you make a new post.
ActivityPub was one of the first and is a W3C (The World Wide Web Consortium (W3C) develops standards and guidelines to help everyone build and enjoy a web based on the principles of accessibility, internationalization, privacy and security) recommendation: https://www.w3.org/TR/activitypub/
No, it wasn’t. ActivityPub is less than 10 years old and was developed as a solution to the fragmented landscape of federation protocols that existed 1-2 decades prior to it. Activitypub is literally the meme
Proof?
From your link:
W3C Candidate Recommendation 22 August 2017
2026-2017 = 9
9<10
Launched November 2010
2026-2010= 16
16>9
The first major public release was released in May 2000
2026-2000=26
26>9
Released in early 2008
2026-2008=18
18>9
OpenMicroBlogging took XMPP/Jabber as a proof-of-concept and created something similar for the purpose of Microblogging.
Ostatus (replaced OpenMicroBlogging, and the influence of ActivityPub)
released March 2010
2026-2010=16
16>9
Ostatus was the precursor to Activitypub and is what Mastodon and other federated social media sites used prior to ActivityPub.
From the very first paragraph of the ActivityPub Wiki:
The creation of a new standard for decentralized social networking was prompted by the complexity of OStatus, the most commonly used protocol at the time. OStatus was built using a multitude of technologies (such as Atom, Salmon, WebSub and WebFinger), a product of the infrastructure used in GNU social (the originator and largest user of the OStatus protocol), which made it difficult to implement the protocol into new software.
Activitypub was built on top of nearly 20 years of existing protocols and was an attempt to make one protocol to rule them all, it is literally the exact thing the xkcd strip is talking about.
This openness is not truly freer or more controllable. In the end, it only seems to be a different form of control.
Even politicians, social media personalities, KOLs, and influencers are migrating from old platforms to spread the same toxic behaviors once again.
reddit’s influence on both lemmy.world and piefed proves that people are still herd-able so long as you use keep reinforcing the narratives that enabled you to herd them in the first place.
they seem to have been built only for programmers, developers, engineers, digital experts, or technology investors.
these are the only people are capable of navigating this impending – and self imposed – world of AI driven panopticons.
In an article written in Japanese, the author points out the differences in maliciousness between Bluesky and other Fediverse services.
For example, while Mastodon administrators can access blocking lists that include federated users, Bluesky’s access is not limited to administrators and is publicly available as a fully public API not found in the official app.
https://clearsky.app/whitehouse-47/blocking/blocked-by
Both Mastodon and Bluesky fail to implement measures such as notifying users of this fact when they make their first reaction, but Bluesky’s particular maliciousness lies in its excessive disclosure of API permissions.
At least I believe Bluesky should have limited its API permissions to the same level as Mastodon.
As mentioned in my post, there are tons of tools and derivative applications that can simply drop in any username/profile and access a full index of publicly available data about that profile/account: frequently used app and usage times, who blocked you, who did you block, your old username, etc… because PDS data is public. That is truly dangerous and concerning.
Bluesky’s particular maliciousness lies in its excessive disclosure of API permissions.
as well as helping to cover for the genocide & ethnic cleansing in palestine.
So a couple things here.
But everything is open, and everything is indexed.
Even who you block, who blocks you, when you usually use an app, your daily time, what your previous usernames were, etc… and more are all recorded.
You really can’t have an open, decentralized social media system without things like this. Privacy was never a promise of the decentralized web because privacy is more or less a result of there being fewer people with keys to the kingdom and you trusting those people not to share your data. But by its very design federation and decentralization protocols need there to be more than one entity with the keys to the kingdom because all the kingdoms have to interact with each other. The only alternative here would be running your own social media service that doesn’t federate with any other à la Truth Social, so you can have total control, but then that wouldn’t be very social or decentralized.
However, actually understanding it and managing it is far from easy for most ordinary users who know little or nothing about programming or technical systems.
Does this mean that Bluesky and the entire AT Protocol community are ultimately designed only for programmers, developers, engineers, digital experts, and people with technical expertise?
No, the opposite. The AT protocol was designed specifically to combat this issue because ActivityPub is so unintuitive and complicated for less technical users. A standard user will pick a PDS service hosted by someone else and unlike with ActivityPub, they really only need the one and can switch between them without losing all their followers and follows with ease.
If I were to sum up your grievances, I would say that your issue is that you don’t like social media and don’t appreciate how social ATproto is, but that’s what it’s designed for. And in fact that’s what Lemmy and Mastodon and all these ActivityPub apps are designed for. It sounds to me like what you want is to just not use social media. Or at the very least, you want a centralized private platform where you can be in total control. Those exist, but ActivityPub and ATproto are antithetical to that goal.
Privacy was never a promise of the decentralized web
I agree with that. I am not looking for privacy on Lemmy. I’m looking for anonymity. I can use a pseudonym which is not publicly tied to me. Could the NSA figure it out? Ofc! But my threat model is big tech automated surveilence. And a little bit too, doxing by unhinged randos. So I want to break that link.
because ActivityPub is so unintuitive and complicated for less technical users.
That, I don’t get tho. I signed up a few months ago. Literally all I had to do was pick a handle & pw, and fill a box asking why I signed up. I think that was to weed out bots. How successfully, IDK. Then I could post to this very group, a few hours later after I got approved.
Reddit was like 1000X harder! I tried and gave up. Got shadow-banned instantly, on my first post. A post to help someone with a computer prob. I posted in good faith! Tried to contribute positively. There are endless stories of ppl signing up and insta shadow ban, or they can’t post without karma, and can’t get karma without posting, and all their posts are hidden. That’s harder to explain to less technical ppl, than, fill out this form, and wait a little bit.
For the mo, lemmy seems nice enough, and was easy to sign up and use. Almost too easy, I’d say. B/c I think it’ll get overrun by bots and info warfare agents eventually.
The irony is that people fled centralised platforms for more control, then discovered that radical openness can create a different kind of lock in. Just because data is portable doesn’t mean privacy is. Protocols optimised for developers don’t automatically produce products ordinary people actually want.
ActivityPub compels you to stand by your words like an adult in the public square. You are not invisible, and you never will be. That is precisely why many people do not speak out online. To express oneself is to expose oneself.
Absolute anonymity belongs to the person who does not speak out.






