I understand why Bluesky doesn't let anyone create an account just yet, but why don't they make posts publicly visible without needing an account? I think this is important for many news and governmental organizations to take Bluesky more seriously.
There is a pretty active community on Bluesky itself, I think they caught a much smaller, but maybe sustainable boat? I'm liking at least, but the invite-only bullshit is wearing thin.
But would I be alright with it at it's current size/user make-up? Yeah totally. (but I'm also not paying for it...)
Fundraising has a way of escalating until they've given away so much control that they have no choice but to grow. What do you think happens when the $8m runs out and they still haven't found a way to fund it? Twitter took decades to just barely figure it out on the back of a generational crisis that kept a lot of people inside wasting time on social media.
The whole concept of federation is that most of the users are on other people's servers, so an ad-based solution isn't as obvious. They can't count on all those eyeballs being monetizable if they're serious about the AT protocol.
Nowhere, apparently. Twitter number of active users hasn’t taken a hit.
Personally, I believe a lot of people are just sick of social media in general. When Reddit started turning to garbage some 3-4 years back, I started looking for alternatives. Found none. Slowly used it less. By the time the recent drama hit, my usage of it was already almost 0, and dropped to 0. Took a peek at the alternatives, judged them to be a waste of time and attention, and that was it. The niche that Reddit filled is dead for me.
Well, they're still in beta, even notifications weren't working that well up until recently. Plus, being closed off from the non-users might be a marketing thing. A lot of people were hyping it up with invites being seen as very desirable.
Remember Clubhouse? Dead thing, because they didn't open up fast enough (no Android). The momentum is there right now while Twitter is dying. If Bluesky doesn't get this straight within the next few months, I think it'll end up as "just another Mastodon instance" in the minds of people.
I'm pretty certain this is not the reason Clubhouse died out. That format was dead on arrival, and only lived that long because it was artificially kept alive by tech bros and VCs.
However, even X's revised number of 245 million daily active users would still see X lose millions or around 3.7 percent of daily active users from before Musk's acquisition.
Matthew Prince posted a graph from Cloudflare’s ranking of the most popular websites in the world showing Twitter has been in decline since the start of 2023, not long after Elon Musk took over the platform.
So according to their own (suspect) numbers they have a slight decline, according to outsiders they have a heavy decline.
Will it even end up as anything at all? I don't think the userbase of Twitter is equipped to know what Bluesky is in any capacity. Except for the terminally online crowd (i.e., you, me, and everyone else on this website), the word isn't out, the hype isn't building, and no one is talking about it. It won't just be "another Mastodon instance", it may as well not even have existed in the first place.
Locking read-only viewing to a login wall is something Instagram can get away with due to their network effects, but I don't see Bluesky benefiting from it for that much longer.
> Plus, being closed off from the non-users might be a marketing thing. A lot of people were hyping it up with invites being seen as very desirable.
If they can build a small but healthy community first before opening it up, then maybe it will avoid some of the toxicity that other platforms have. People want to be in exclusive clubs, and maybe they will value their membership more this way, leading to more demand from those who are not yet invited.
My guess would be that it's not a high priority and they just haven't gotten around to it yet. I think it was just a week or two ago that they added the ability to change your registered email address.
> I understand why Bluesky doesn't let anyone create an account just yet, but why don't they make posts publicly visible without needing an account?
Keeps the PR impact from trolls lower until they have figured out scale of moderation required. As soon as the service is general-public available, it will get used by CSAM spreaders, Nazis and all other kinds of people you don't want to have on your platform for PR and legal reasons.
Yeah but that instantly raises the scope of any potential troll. It's a difference if something can only be seen by other Bluesky users or if it can be shown around everywhere.
True, but would be a good step to take now before opening up completely. I mean, sooner or later they will need to do it, and they have been taking their sweet time. Maybe their engineers should get back to work instead of posting bullcrap on Bluesky, like that dude pfrazee
What a refreshing footer, lovely project too, happy to see some developer adoption of BlueSky. It's been pretty boring hanging out there, still nowhere near the amount of content Mastodon has.
Hopefully projects like these will bring some attention and legitimacy to the platform
I was wondering about not tracking ip address. If you use a 1-way hash from ip address, that would work right regarding being able to get unique views and not know IP?
According to the response headers at least, nginx is reverse-proxying to an express app. (at least it seems that way from: https://github.com/badlogic/skyview/blob/main/server.ts#L46, but maybe nginx is also configured to serve static files first as well as reverse proxy.)
Without the nginx config, you can't really know what's going on, but at least the express app isn't storing any information beyond what it needs to actually respond. The nginx log probably lists IP addresses so the footer is possibly incorrect.
Not going to be hyper pedantic though, cool stuff @badlogic!
The express app is really only used during local dev. In prod, only the bot part is relevant.
The site is served statically via Nginx, with a log_format that doesn't use any PII in it. That's part of my Docker setup, which is not in the repo, so I guess people have to "trust" me (which is not ideal of course).
The whole thing runs on a Hetzner server, so while I do not log any PII, Hetzner logs at least the IP and keeps that info for a while. So I guess I lied :(
It's still trivial to hash the full set of IPs with a salt appended.
I'd personally just collect IPs with no other details - it's not really invasive in my opinion, and saying you don't collect IPs leaves you open to being wrong when you accidentally leave the web server log enabled.
There's this odd fixation lately on IP Addresses being a very private, very scary thing to see logged, and I'm not sure why.
It's obviously information somewhat linked to you and a geographic location, so de-anonymising possibly but it's also how packets are routed back to you. I don't expect web services to treat my information as public, but I do expect them to at least have an access log privately.
In a way it begs for the most natural state of the web: client only front ends that sync with other clients. Anyone should be able to modify their front end to view the representation of information in any way they want.
Someone has to pay for the creation of the content we all consume each day.
It's one thing for low-level stuff like funny cats and dogs because people do that for the fun of it, but even there someone still has to pay for moderation, hosting, traffic and platform development.
But "high class" stuff like Practical Engineering? That's running some serious budget, impossible to recoup without advertising or other forms of monetisation.
People tend to create content on their own devices. See bloggers, forums, chat rooms. The internet was abundant with natural information from experts due to people sharing what they naturally love.
The third-party ecosystem that Twitter used to have was anything but sad. It was great that you were able to choose what kind of an experience you'd have with the service. This is why I'm hoping that Bluesky will take Twitter's place now that the latter no longer exists.
The ecosystem was great and now it’s gone. Because they were not just clients, they were third-party clients, they were second class citizens. The more second class citizens we have on the web, the worse everyone gets. Because a random crazy billionare du jour can wake up one day and destroy a big chunk of the third-party ecosystem in a single decision.
Do we talk about “alternative” browsers? No, because there (still) is no “official” one, there’s (still) no single governing entity. Just standard protocols anyone is free to implement and join the party. See Mastodon – there is a kind of official web client and a kind of official native app and a kind of official default instance, but everyone is mostly free to do whatever they want. There are many great instances and clients. Not alternative clients – just clients. The difference being that an alternative client can be one day just cut off.
I would argue that one major issue is cost vs revenue vs moderation; that is, a Twitter or Reddit clone is not hard to make, but it's hard and expensive to scale and monetize, and really hard to keep it 'safe', that is, not let it turn into a wretched hive of scum and villany.
Right. I’d say this problem could and should be solved by decentralization. It’s impossible for a single actor to keep up, for a monoculture to stay healthy.
It seems strange to me how BlueSky chose to implement an entirely different protocol when ActivityPub exists. My assumption for this was "for privacy". As in, not being completely public.
Looking at their FAQ, they state that account portability was the main reason, but that doesn't seem right. Given that I have been able to port accounts from instance to instance on the Fediverse.
My last reply to this thread may have not been obvious, but I'm genuinely interested on the reasons why.
Anyhow, this project is interesting and I do hope more people use it to share their stuff. Have come across various links and I don't want to create yet another account for social media. As another sibling said, wish this was easier to do. But it isn't the fault of this project.
I had a few late night conversations with the Bluesky devs last year at dweb. As others have mentioned, they care a lot about being able to move your entire account. It’s also very important to them that people can have millions of followers, and have the platform still perform well at that scale. That’s not an easy thing to do.
I can’t remember the details, but I’m pretty sure activitypub is missing a bunch of core technical capabilities that they needed to make it work well.
They’re certainly aware of activitypub. Christina (the author of activitypub) was at dweb too giving talks on Scheme and whatever her latest mad science was that year.
From my small personal perspective as someone who worked with ActivityPub a bit (side project), it's kind of an inefficient mess, no thanks to semantic web and JSON-LD (which, sure, it doesn't really need the full brunt of, iirc).
Porting accounts is very much not well supported. You can move the account but moving the messages/followers/following and other data is very much hit and miss. The protocol doesn't support that part. Bluesky's protocol has built in support for porting the entire account including all the data. It's protocol is also better suited for it.
Obtuse? It’s still in private beta. If it’s obtuse, that’s by design. They need time to figure out how the protocol should work before other implementations exist. Once an ecosystem of clients and servers appears, it will become very hard to change core details of the protocol.
Mastodon very much supports moving followers/following. Not all others do, but the mechanism is well established. It does not yet support moving posts (it supports exporting them, but there's no import mechanism short of an admin manually doing a database import), but there's nothing that makes adding that technically difficult - it's down to coming to agreement about how to do it.
That Bluesky in theory supports it is pretty irrelevant until they open up federation.
In general, mastodon servers (well behaved ones at least) are kind of vouching for the timestamps of all the messages they host.
If a user transfers their account over, with an archive of posts, and uploads them to a server saying 'trust me, bro, I totally posted all this stuff last year'... they're dumping a bunch of posts into that server's feed whose timestamps can't be vouched for.
There might be mechanisms for a server to pull in the timestamps from the original host server, or to recognize the posts as having been streamed over previously... but uploading post archives is definitely a 'high trust' action for a server to take on behalf of a user.
As long as the old server is up, the timestamps are readily available. In the exports, the posts are signed with the users private key. Either way, the new instance can validate what the original instance said about the posts, and put up a banner saying "migrated from...", "date according to ...".
There are some edge cases to consider, such as how well various software will deal with an activity showing up on a url different to the one it was created at, but the date thing is largely a red herring.
> As long as the old server is up, the timestamps are readily available
But among the scenarios we have to expect for users wanting to migrate an account from system A to system B in the fediverse are ones where the user’s departure from the original server is not amicable, or voluntary. And, yes, where the source server has just blown up and vanished.
> In the exports, the posts are signed with the users private key.
This refers to the full archives you can export from within Mastodon of your own activity.
There is every reason to make it easier for people to have always-up-to-date backups of their data because the current process means people need to actively think about it. That is a valid concern (and it really annoys me that Mastodon does not include the post signatures in the JSON served up by the API too, which would make it far easier to keep an up-to-date archive; there's no real reason not to). But as long as* the user has an up to date export, and as long as the other instance has seen your public key before or can otherwise verify it with a truster party, the authenticity of that data can be verified. It's not ideal, but it's an option.
Improving on this would also be easy, and I strongly think that once someone adds an import, the other side of that coin really is to push to ensure signatures for posts are included in the API output, and e.g. encourage apps to opt to let users keep a full copy of their signed posts (that part of the design of Bluesky is one I like) offline. I also do think that the Bluesky choice of ensuring the user has access to a recovery key is good, and would love to see something like that added for ActivityPub as well - with or without Mastodon core devs agreeing. It doesn't solve everything, and you'd still be limited until/unless major instances buy in, so, sure, it's possible and maybe even likely that there will be a time period when Bluesky does better than Mastodon on it. Then again once they turn on federation, that might well get Mastodon devs to take this more seriously.
The protocol trivially supports it given there is already a mechanism to indicate you're moving, and all your posts are accessible,and can be pulled down by the new server, or can be extracted from the downloadable (signed) export. So it boils down to willingness or priorities, not the protocol.
Posts are linked with accounts and blasting old posts out as if they are new is not practical in a federated network, and since Mastodon doesn’t support backfilling (and likely never will) it’s just not going to happen. This isn’t even getting in to the logistics of redirecting replies and likes/boosts. The GitHub issue for it has been open since 2019.
There's no need to post old posts out "as if they are new". They just need to be hosted by the new server, and returned as part of the right collections when someone requests those collections. They do not need to be sent out at all, because they are not new.
Posts are "linked" with accounts in the sence that the actor id contains a URI, and if served up from a new address, that actor id can end up pointing to a location that does no longer exist. But Mastodon also stores the signature of the posts. So a simple solution to this is to also include signed assertions about the transfer of an account, and serve up the signature with the posts, and optionally perhaps wrap the whole thing in a "local" "Announce" activity which would mitigate some compatibility issues with clients that might object to an object being included in a collection with actor id's from a different domain.
This is not a complicated problem to solve, and one entirely orthogonal to the protocol, which just sets out a very simple framework for the distribution of activities and defines a basic set of activities. There's nothing in the protocol which even requires protocol changes for this.
> and since Mastodon doesn’t support backfilling
Mastodon backfills all kinds of things. There are just limits on it that would need to be eased, and limits on what of that it will serve up unauthenticated. Then these objects would need to be imported. This is a very soft barrier to poke at since Mastodon already has code dedicated to processing posts from other instances, just not anything specific to migration.
> (and likely never will) it’s just not going to happen.
Mastodon also "likely never would" support quote posts not that long ago, and yet I see quote posts all the time, and can quote post myself as well.
There are multiple forks of Mastodon, and many other pieces of Fediverse software, and if/when the demand is significant enough people will sooner or later make this happen. To make it more concrete, my girlfriend is involved in setting up a service running various Fediverse software, and I can guarantee you from first hand knowledge that it will at some point add support for migrating posts to Mastodon whether or not the core devs want to. No protocol changes required, and in fact most of the work can be done outside of Mastodon entirely with only minor tweaks to Mastodon itself. Have you looked at the code? I have.
> This isn’t even getting in to the logistics of redirecting replies and likes/boosts.
You don't need to. You're unnecessarily overcomplicating things. You can obtain those when doing an import, and you can accept that either the original server will redirect them, or it won't. Currently they won't. It's not by any means a disaster if new boosts or replies for an old post using the original actor URI disappears into the ether - what matters by far the most to people is that they are still there in their timelines. Frankly, I'd be willing to bet - it certainly applies for my old posts from before I moved to my own instance - that to most people it's irrelevant whether the posts are accessible via ActivityPub at all, as long as they're still visible in their timeline on the web.
They've in the past raised some concerns about what it means that an old post re-surfaces on a new URL, signed by an old instance and it does make sense to do some thinking about exactly how to handle that. One option is to have the instance sign it, and drop the old actor id etc. from it, but then it will seem like it's originated from that instance to anyone who pulls it. So it's just a little bit of a hassle to work through the edge cases.
The fact that the biggest ActivityPub app doesn't consider bringing your own domain to an instance hosted by someone else as a critical ASAP feature gives me pause.
ActivityPub—along with its lesser known counterpart LitePub that focuses on transience and privacy—makes creating a minimum viable “account for social media” approximately as easy as serving a few static JSON files from your domain[0], though there are nice minimal servers with more features[1], too.
There’s also psky.app, but it’s generally just annoying having to edit the link before sharing, especially on mobile. I wish Bluesky would just stop login-walling links, it’s all public anyway.
Great to see Bluesky getting some love from the devs, is such a nice platform 'till now. Looks like a meeting of all the best people after their escape from other poisoned platforms.
In that both are "microblogging" social networks, yes. The official app feels much like the Twitter app. And all the important user facing concepts are the same. Posts, reposts, quote posts and replies all work the same.
Then you also have custom feeds in addition to the built in feeds. So people will make things like language specific feeds, feeds to follow a group of people (e.g. politicians), etc.
Then there is a whole federated protocol, ATProto [1], underneath that has some interesting properties that also solves some of the issue faced with scalability and portability in the Fediverse protocol.
Better wait until it's federated, because it'll likely change a lot in meantime. Why bother getting used to an unstable WIP with uncertain future?
It was important to get in early on Twitter, it was centralized so people wanted to squat usernames, but Bluesky is decentralized so that's not a thing. I bet most people who beg for Bluesky invites just resell them, as accounts are otherwise completely worthless as soon as beta is over and federation rolls out.
Same, I lost interest in it when it had my attention. Yes, I'm aware I can consume BlueSky in other apps. I've largely moved away from participatory social media apps after Twitter's demise. I am starting to see more activity on my Threads app pick up which wasn't there initially...so far the feed is fairly reasonable and the addition of voice-clips is intriguing.
Sure, AT protocol I agree. But Bluesky Social the practical entity as it stands today is a single, closed off instance, managed by a for-profit company. So I think it's still fair to say bluesky (but maybe not every piece comprising the production instance) is both proprietary and centralized. You can't run your own server, you may never be able to, and if you can it may never be allowed to connect with the "official" server, much like with Signal.
