Backdating posts opens up a world of social engineering scams. You can create an account that appears to have predicted a lot of past events, sports scores, or stock prices with timestamps prior to those events occurring. The scam is to create an account that appears to have great stock advice or sports betting predictions and then charge people for it.
[1]: https://bsky.app/profile/bluemigrate.com/post/3lc3r4fqen62l
I’m cackling over here. How have I never heard this when people talk about blue sky?
<troll> The definition of dictionary is just "Words about words" (source: Urban Dictionary), so I'd say that Urban Dictionary qualifies. </troll>
"sky tweet" is also a stupid name since a tweet is already the name for a post on a very specific platform.
Though in practice I think "skeet" was a bit of a fad to be provocative, and most people just call them tweets, even on bluesky.
Go on, tell us what you think an "actual dictionary" is.
I don't think it's important. What is important is using a sane environment. X is completely crazy.
https://katharinabrunner.de/2024/02/archiving-websites-the-i...
https://x.com/paulmcgorrery/status/1178561480385421312 (Dyno Nobel Inc v Orica Explosives Technology Pty Ltd (no 2) [2019] FCA 1552)
https://www.michbar.org/journal/Details/Old-websites-seldom-...
https://www.lexisnexis.com/community/insights/legal/b/though...
Twitter posts are only available to authenticated users, and the API is really quite expensive now - that was one of the many reasons people have wanted to move off it!
You can also link Twitter to Bluesky with either OAuth, or a Twitter post with a Bluesky challenge to prove you have control of the account.
[0] https://bsky.app/profile/lul4.bsky.social/post/3kgaesbxs7f25
(if you work for bsky please don't add a flag to that, it's my favorite party trick)
Some of my favourite backdated posts are from the years 1776 and 1.
You can do whatever you want with the the software. It's right here: https://github.com/bluesky-social
You cannot do whatever you want on someone else's hosted website. They don't allow you to delete other users and edit other people's posts because everyone agrees that would make it useless.
The whole thing with Bluesky and decentralized protocols is no server can enforce special rules.
Sure, they could come up with something that says "our PDS will not accept backdated events", but they will not be able to stop someone else to set up a server that does that without any issue.
You would need some form of distributed consensus mechanism, but then you either end up with some exclusive club to implement Paxos or you will need some blockchain-y solution, no?
Then can we drop the pretense that ATProto is actually usable without Bluesky's AppView? [0]
> posts on the Bluesky app itself have valid dates
Who's to say what is a "valid date" in a decentralized system that (in theory) does not have a central authority nor depends on a consensus mechanism?
You do still get the benefits of being able to interoperate between different apps that may not know each other exist without the disadvantages of having server-specific namespaces, which is of course the point.
“A valid date” would be determined by said server (BlueSky’s or yours). You could choose to write a server that enforces consistent dates or one that does not, and the definition of a valid date would be different per AppView.
I acknowledge the other way of doing it which ActivityPub uses has some benefits as well.
There is no "goodwill". Bluesky's plan (from day one!) has been to create something that could have been used by Twitter to keep them as the gatekeeper of the data while removing them from any liability for custody. They know that their moat is on their expensive indexer and they will not take any measure that gives this power to end users.
Without strong and deliberate efforts to maintain a culture of openness and freedom, IT is a heartless cager of men.
That said, the PDS is effectively also your private key custodian. Most people who aren't nerds are happy to let Bluesky PBC manage their keys. But if that's your threat model, you should absolutely move to a self-managed PDS.
The protocol also actually allows you to manage your keys differently. You could in theory have a "read-only" PDS, and generate all your posts locally using a local key (conceptually much closer to a crypto wallet.)
In that scenario, the validity of posts as originating from a known identity is extremely strong.
The PLC registry supports an override key for adversarial migrations, which was our chosen alternative
I'll look into the registry override too, maybe I can hack something together around that.
There's ways around it... the identity mechanism supports multiple keys so you could have a backup in escrow.
But most people don't want to worry about key management at that level. Hell, I know exactly how everything works, and key management still scares me. The consequences of a mistake are huge.
Edit: or we could backup the key.
The fact it's a subkey means that you are also able to rotate the key that the PDS has access to and modify your repo back to pre-defaced state if need be.
Imagine if Github worked this way, then I wouldn't have to worry about storing my ssh keys on my local machine. Imagine the possibilities if Github could pull my repo instead of me having to go through all that darned trouble of pushing it.
https://arstechnica.com/gaming/2022/02/how-to-become-a-fake-...
I welcome the blank slate that Bluesky provides.
Though… it occurs to me that my cursed "cleverness" may have followed me to HN.
HN is kind of a bad habit, but it's just a forum to me, I don't follow people, people aren't following me, I don't need to be signup up in order to find out what's going on in municipal government, it's just discourse about common interests if that's what I want. I can get a weekly digest and I know that's quite enough if that's the relationship I want to have with it, and everyone sees the same content.
I have tens of thousands of tweets (why, oh why) but personally have no desire to move them over. I realize that's important for some people. For me, it's enough to just download the archive and save it somewhere, in case I ever need to reference it again.
Btw do you have any good suggestions for distributed platforms? Would Mastodon be considered a distributed platform?
Personally, I'm eager because it's not just another centralized platform but a sufficiently distributed one. Most of the infrastructure you need for ATProto, you can run yourself today.
Mastodon/ActivityPub is neat too, but personally I don't find it as easy to find interesting stuff there, especially if you try to run your own solo instance and need to make sure you connect to interesting parts of the ActivityPub-net.
Citation needed. Without the AppView and their relays you are left only with your identity and your data, which by itself is not a social media/messaging platform.
I think this[0] was on HN some time ago with good reasoning about bluesky offering a "potentially decentralized enough" while not actually being so.
0: https://dustycloud.org/blog/how-decentralized-is-bluesky/
I have sixteen terabytes mirrored sitting next to my television. It's 2025. Sixteen terabytes is not that much any more.
But rather than the only options being "global megacorp" or "individual", I think people should consider the possibility of medium-sized collective organizations for doing this kind of thing. You could club together to run a PDS. There are more options for organizational scale than "huge" or "atomized".
I agree 100% with you that we probably want mid-scale orgs to run relays and those would be able to run it without issues (I wrote "not so easy" rather than "impossible" :) ) but I think it's significant we haven't seen a single one popping up yet.
But again, the article I linked makes a very good point: Bluesky does not need to actually be decentralized as long as it is a "credible exit" that someone else could in theory run their own Relay/AppView, even if no-one does.
I have a 512GB laptop and a 64GB phone, that's all the local storage I own.
1. There's a contingent that does not like the management of X, so they want to move elsewhere.
2. The technology aspect of it is irrelevant in the decision making, because most people don't understand it.
3. Moreover, a truly free, federated system doesn't alleviate any of their complaints about the platform, because, in that case, they would be unable to effectively quarantine the others.
I don't really care how the platform works so long as the content is the content I want. Nor does 99% of users. And that's the precise reason the centralized platforms are the good ones: that's where people are.
If a truly distributed platform could be created that had the content/people/appearance of the centralized one, then great. I'd want that. But if it would be slightly slower or harder to use, or lack the people/content of a centralized platform then I'm not interested.
Decentralized could be fine for communicating with a _community_ of some kind. But that's not why I'm on X/Bluesky. It's to drink from the firehose of the current times. If something happens in the world I want to see the actual people who drive those events. Read the instant comments of the biggest most famous commenters of the same events.
There's good content there. Distributed is better than centralized, but it doesn't matter if the people I'm interested in talking to and hearing from aren't there.
Having been interested in how people use social communication systems since the BBS era, I'm pretty confident that most people don't really want fully distributed systems, they want a single system with good governance. Because governance is hard work and anarcholibertarianism makes it everyone's problem. However, "Exit, Voice, And Loyalty" applies here: by providing a theoretical Exit option in some sort of decentralization, even if someone never takes that option, they feel a benefit from having the option.
But in general, if you don't understand why people are moving to Bluesky, you probably need to be more in tune with US politics and realize we have a nazi in the white house who also happens to own Twitter.
Except that servers cost money, and internet is not free.
Im all for setting up mesh networks with appropriate protocols that are truly decentralized, but people have to be willing to accept lots of pain points and slowness along the way, which quickly makes people not care.
If it allows polling static pages, then everyone can host their timeline on Github Pages or something. That would be much better decentralized.
Mastodon is server/instance centric and permanently anchors your identity to a given server. On Bluesky, you can use any domain you control DNS for as your handle, since content hosting and identity management are decoupled at the protocol layer.
On top of that, hosting is also decoupled from aggregation/discovery, which allows for things like global search that are intrinsically hard on Mastodon.
What does this mean? I can host my own fediverse instance, and have, three times.
Even the "Client-to-Server" AP spec is written in a way where the "client" does not interact with the outside web, but always initiates every interaction through the outbox hosted by the server.
I'm not saying this just for pedantry. I'm saying this because I actually wrote a server that implements ActivityPub according to the spec [0], and realized that identity portability is not possible unless you deliberately break away from the AP spec.
Nothing says you can't extend an actor to provide for a did: based identity which gets stored wherever you want to. I think the main dev of Mitra[1] is someone that's exploring very strongly in this direction.
How would incompatible servers know to trust a server foo.com to publish posts for an account bar.com? How would they know where to look for bar.com's posts when their users search for it?
We are talking about ActivityPub tying identity to the server. ATProto is designed from the ground to separate user data from your identity (through its Personal Data Servers), so the answer to your question is "many. There are many servers out there."
Bluesky has many issues (and I for one still think it has fundamental flaws that still make me prefer AP), but identity coupling is not one of them.
and then what? i can take my identity and do what with it? change PDS? but bluesky itself shows everyone that i am the same person?
i didn't move the goalposts, i just don't get the distinction everyone is making here with "identity", of course if i prove i own a domain i can verify, but i can do that on mastodon, too, I can add the below to my domain that will checkmark my username on mastodon. I assume if i move servers and want people to follow me, i will just do the same on that server, too; they know it's me because the service says so.
> <a rel="me" href="https://fosstodon.org/@picofarad">Mastodon</a>
that is all i have to do to prove i own that username on that instance - put that on a domain i own and add it to one of the user editable fields on my public profile.
so maybe you understand my confusion. i never received a bluesky invite nor do i want to pay (a couple mentions here of paying for it).
> Verifying your identity on Mastodon is for everyone. Based on open web standards, now and forever free. All you need is a personal website that people recognize you by. When you link to this website from your profile, we will check that the website links back to your profile and show a visual indicator on it. The link on your website can be invisible. The important part is rel="me" which prevents impersonation on websites with user-generated content. You can even use a link tag in the header of the page instead of <a>, but the HTML must be accessible without executing JavaScript.
i can also export all my followers, so when i join a new instance, i can direct message them all and let them know i've moved, and they can see it's the same person because the service says so, because i own the same domain.
If ActivityPub had actually portable identities, you would be able to move instances without losing/moving your handle.
You as an user might have moved servers, but your identity did not.
How can we make an analogy? Let's say that you want to have a domain and you are hosting it on some cheap VPS provider. You just take your data, upload to their server and point the domain to their IP address. Let's say that six months later the cheap VPS goes down and you completely lose access to the server. You want to move. What do you do? You sign up to another VPS provider, upload your data (assuming you have backups) and you simply change the DNS to point to the IP address of the new server.
If you want to do that anything like that with ActivityPub, you can only do it at the server level. If you are a "mere" user on instance mastodon.one you do not own, you are at the mercy of the admin. You can not take "genewitch@mastodon.one" and use it as a handle anywhere else. Conversely, you can not go to mastodon.social and sign up with your own domain or any other method of authentication. The only way they can serve anything for you is if you use the handle they assigned you.
With ATProto, identity is based on DIDs (decentralized identifiers), so you can change your PDS without having to change your identity. You can have a handle under your own control and tell Bluesky to host it for you, and you don't need to ask permission to them in case you change your mind and decide to move elsewhere.
That’s a high bar compared to just registering a domain and updating a DNS record.
Imo that's a complete killer to adoption. The vibe people get from it is that it's always down, they don't care that "oh just switch to another shard" that's too much effort
On the other hand, ask the average social media user to try to do the below tasks on Mastodon/ActivityPub, and you'll quickly see how half-baked and disjointed of a user experience it is.
- Search for posts or a user.
- Interact with a Mastodon post that's on a different instance than the one they're registered to.
- Figure out what to do if one day, they wake up and their instance has shut down.
This was all quite early though and i'm sure i misunderstood things. Just answering the question as i personally perceived Mastodon.
On the non-tech side, i find Bluesky's model for moderation to be really neat. I hope it continues to expand in features/implementations.
https://github.com/bluesky-social/proposals/tree/main/0008-u...
But, now they have network effects; > 30 million users -- that's a big market to build for.
Has a great and free API.
Now, Bluesky has this great API that allows you to do cool automated things on top of it. Twitter had it too, but they decided in the last 2, maybe 3 years, to play with the API so many times that there are no new coding tutorials that use Twitter API as an example. So except social media platforms, there are probably no more tools built on top of Twitter API as they damaged their reputation among developers. And they deserve it being so unfriendly towards developers.
You can't search across instances nor can you (afaik) maintain identity across them.
- If it isn't possible to transfer the video, I'd rather skip them than just posting a thumbnail
- A way to mass-delete posts after a migration if I regret it
- The option to add text (e.g. [Migrated from X]) to each post if it fits
There's probably some sort of blockchain-based time-attestation like [1] that could help but this is beyond the scope of AT and something that probably needs a lot more thought before a serious proposal comes forth.
Who is the "you" here?
Probably someone who started ingesting the firehose
I came to the conclusion that it would make sense to confirm a user's identity on the platform to migrate from (egress) by giving them a random word or sentence for them to post over there, so you can verify that their original profile is really theirs.
I tail the firehose sometimes , filtering for post dates that don’t contain 2025. Bottom line this has been happening since day one and backdated/imported posts were about 1/16th or so of the overall post volume in any random sampling I’ve taken. It’s a lot.
But the few I spot checked , all checked out. The people importing their posts were all mentioning their new bluesky on LinkedIn or Twitter . I haven’t caught a spammer yet. It’s something I look at when I am extremely bored.
It didn't last long - there was some sort of rebellion against them as a service and it turned out they couldn't find a way to make money with it. (Akin to that push service that pushed news to everyones' screensavers, which seemed like a good idea at the time)
This feels like that.
I wonder how long it will last until the door is closed for folks to re-purpose others content in this way?
They would want to port over the content just like someone migrating from Wordpress to Jekyll.
That and people posting screenshots of their own tweets...
https://www.piratewires.com/p/interview-with-jack-dorsey-mik...
(That said, most datetime libraries, in practice, tend to behave very weirdly if you go back a few thousand years, if they'll put up with it at all...)
My main problem with BlueSky is that I get barely any interactions compared to my old Twitter (which also wasn't stellar). It's becoming a tool to listen to a few good devs (which I periodically check on), while trying to ignore all the pr0n, but not a social network I can use.
Building an audience seems way harder.
For example:
(For example, does Bluesky themselves record the timestamp of when they first see a given message, and make this info available, either publicly or with subpoena/warrant?)
Currently not ~~possible~~ that easy, sadly, because the Mastodon spec (which is basically what everyone uses) doesn't have the concept of backdated posts and, more importantly, even if you fudge your server to allow a date in your `Status` when posting[0], it'll still go "oh, this needs sending out to everyone"[1] as if it were a new post and let me tell you, the clients also do not know about backdated posts and things get confused real fast[2].
(I don't think it'd be a huge change to the spec to allow backdated statuses but getting consensus about how that actually works for, e.g., sending out, client handling, etc. would be a lot of work.)
[0] I did this on my Akkoma server to import 15 years of Twitter bot posts.
[1] Sadly my Elixir knowledge didn't extend far enough to be able to figure out how to prevent this for backdated posts.
[2] To the point where I and everyone else had to unsubscribe from the Fedi bot whilst it was doing the backimport.
On the other hand, it could be useful for users who want to maintain a consistent archive of their content across platforms. But the question remains: should platforms allow this kind of timestamp manipulation?
https://typefully.com/blog/import-twitter-to-bluesky#:~:text...