Open Social
Key topics
The article discusses the concept of 'Open Social' and the AT Protocol, a decentralized social media protocol, sparking a discussion on its potential, limitations, and comparison to other decentralized social media protocols.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
1h
Peak period
131
0-12h
Avg / period
40
Based on 160 loaded comments
Key moments
- 01Story posted
Sep 26, 2025 at 12:01 PM EDT
3 months ago
Step 01 - 02First comment
Sep 26, 2025 at 1:06 PM EDT
1h after posting
Step 02 - 03Peak activity
131 comments in 0-12h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 30, 2025 at 7:29 PM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
I get that theoretically the two should be similar or even identical in practice, but I feel like the way Bluesky goes so hard at "literally individuals maintain control over their own stuff" is kinda too hard for most, and that Mastodon's "just trust the server" way, which ABSOLUTELY has it's own problems, of course -- is still better, mostly because we have better practice in this style, in the form of good ol email.
>Social aggregation features like notifications, feeds, and search are non-negotiable in modern social products.
Conceptually, Mastodon is a bunch of copies of the same webapp emailing each other. There is no realtime global aggregation across the network so it can only offer a fragmented user experience. While some people might like it, it can't directly compete with closed social products because it doesn't have a full view of the network like they do.
The goal of atproto is enable real competition with closed social products for a broader set of products (e.g. Tangled is like GitHub on atproto, Leaflet is like Medium on atproto, and so on). Because it enables global aggregation, every atproto app has a consistent state of the world. There's no notion of "being on a different instance" and only seeing half the replies, or half the like counts, or other fragmentation artifacts as you have in Mastodon.
I don't think they're really comparable in scope, ambition, or performance characteristics.
My gut is that IT DOES. Put differently, there's presently nothing about TECH of the Mastodon model that prevents building tools that achieve similar "centralized everything" goals on top of Mastodon; only, you know, people and trust, the easiest part </sarcasm>.
Mastodon's probably the best long-term model and it's email that makes me think that.
Mastodon requires a complex decision upfront, which server do I trust, which is analogous to where you create your account on ATProto, but unlike ATProto, doesn't give the tools to seamlessly transition later.
The trust lens I think is a good one. You want to let different users make different tradeoffs in effort without having that leading to a worse experience..
And it seems to me that the more frictionless model is the one that looks like something people are used to; just "sign up with a thing."
That does leave the interconnection to the servers and others, but that may be how it has to be?
Offloading THAT mentally to a different "service" or "account" I think is easier than this all-in-one thing.
Again, I like the IDEA a lot; if you'd presented it to me like in 2000 before a lot of this stuff took off I would have been all about it.
Today? No, I think it's reasonable to offload that to so-and-so-dot-com, each as a separate account. Like the phrase "I have a facebook" always sounds weird to ME, but I think that's "the way."
The server shouldn't need to be specific to mastodon/bluesky networks either
Ghost (the blogging platform) is kind of a peek into this — you can host your microblogging account there and interact with other activity pub networks like mastodon
this is the promise of the activitypub standard, anyone that uses the standard can interact with anyone else using the standard...
And once you go to the site, your browser will remember it anyway so you don't need to type the monstrosity.
Or is it a really bad idea™?
so to offer it for free means somebody has to subsidize it. letsencrypt can operate because big companies with lots of money want their ads to be delivered without being intercepted by an ISP. what's the motivation for anybody to subsidize free domains?
Supporting DNS all up should be possible but organizing the other decentralized services (compute, storage) is the hard part
The decentralized services need not be attached to some blockchain due to the resource constraints. But there are examples like Filecoin and such.
I guarantee you I can store and make available over DNS the less than 1 KiB of data for less than a penny a year.
Instead of free, charge a flat $1, put it in long term US treasuries at 5% / TIPS at 2.5% and you’ve covered your hosting costs forever. The principle will never need to be touched.
This is basically where did:plc comes in, for atproto. https://web.plc.directory/ provides free ID numbers. For example, mine is https://plc.directory/did:plc:3danwc67lo7obz2fmdg6jxcr .
Your domain then uses a txt record to indicate that you want it to be associated with that particular did:plc.
If you drop the TLD part though, you can do whatever you want with any domain you want, up to and including handing out free subdomains to anyone who asks. As usual, though, if you try to do this, the dark internet will make you regret it as one day, quite suddenly, you'd find you were hosting the DNS of some massive scam email or other, or any of who-can-even-enumerate ways of making you sorry you put this service up because of their abuse of it. Just like anyone can make a URL redirector, and many people even use it as a sort of "learn this language project" but if you actually put it up online you will rapidly regret it.
It's a bummer and I'm not celebrating this fact, but, yeah, it's not something you want to do.
DNS is not a sybil resistance mechanism
Special networks can do as they like, but then they won't be DNS.
Facebook sued the operator (Dutch company called Freenom) for facilitating phishing and now we can't have that anymore.
You're essentially talking about IPv6 addresses.
Interestingly, most residential ISPs these days already issue your home network an IPv6 /64 or better! But they (sadly) just firewall off use of most ports that residential users have no purpose for — on my own network, even if I configure my router to allocate each machine on the network a public-routable IPv6 address, the only port the network (not the router!) is willing to allow non-established incoming flows to is 22/tcp.
But even if they worked, they'd still be ephemeral. At best, even if your ISP keeps the allocation the same, you'd lose it if/when you switch ISPs. (Similar problem to ISP email addresses.)
The real key here, would be if someone was freely giving out tiny slices of IPv6 https://en.wikipedia.org/wiki/Provider-independent_address_s... to individuals; and there were hosting providers / residential ISPs willing to add BGP routes in their ASN for these tiny prefixes. Then you could have a stable and portable and free IPv6 address for life. (It's certainly possible in theory, just not built yet — similar to how LetsEncrypt was "certainly possible in theory, just not built yet" until it was built.)
---
That being said, if you really want this to be DNS (not sure why; if it's not a short memorable name [and thus inherently competed over by typosquatters], then DNS is the wrong tool for the job), then you could do what systems like ngrok do, but directly serving those dynamic records as domains under its own gTLD, rather than serving them as subdomains under a domain. Maybe with each domain getting its own DNS zone and everything. That'd certainly be neat.
Note that way back when, the .me ccTLD sort of did this — they gave away .me "domains" for "free"; but with all web traffic on those "free" domains being intermediated by their L7 reverse-proxy servers, where they'd inject ads into any delivered HTML pages.
https://github.com/topics/free-domains
Another thing, the thing that you mention is really similar to how tor onion links work... Except they offer encryption and prevents MITM/any other ways while still having your ip hidden.
Another idea which I use sometimes is to use something like cloudflare tunnels or ssh forwarding with things like serveo.net or any ssh based remote forwarding in general like pinggy or even ngrok.
If you are using this in some internal thing, I can also suggest something like piping server which I really like and I want to build something like a web browser tor-onion links esque but on top of piping server, its really really cool
https://github.com/nwtgck/piping-server
https://en.wikipedia.org/wiki/OpenSocial
It was a complete disaster
Apparently I wrote about it a fair bit back then, mostly noting how confusing it all was: https://simonwillison.net/tags/opensocial/
If the answer is that most people should just make a bluesky account, that defeats the whole purpose because then everyone will still be on one or two large providers.
There isn’t such a thing as “Bluesky getting federated” — that doesn’t on its own mean anything. In Mastodon world, “getting federated” means many copies of the same webapp emailing each other. In atproto, you don’t create many copies of the same app. Instead, it’s shaped like the web — individual users can host their data in different places, and apps aggregate over that data. There’s no point in having many copies of the same app.
The BGS server you’re referring to is the “relay” mentioned in the article. Running your own relay is possible (Blacksky does it, as mentioned in the article). It costs about $30/mo with the current traffic. However, note that a relay is very dumb (it’s just a retransmitter of signed JSON over websocket). It’s cool that anyone can run one but by itself this isn’t a vanity metric to chase. We’ll probably see more independent relays but usually someone would run one for a reason — to insulate a company or a community from upstream failures, or maybe to censor things (in repressive governments).
This also completely misunderstands the architecture. Things don't hinge on the relays at all and they don't act as routers.
If I'm going to delete my Facebook/Instagram account then why am I trying to pick up a new drug to replace it?
I think many people find social media useful. If you aren't one of those people, fair enough. But not everyone is angry and addicted all the time.
I'm not going to claim that social media can't have negative consequences for young people, lots of things do. But the hyperbole behind the discourse makes it obvious there is also a moral panic at work. In every case, technology is blamed for a failure of society's responsibility to educate and raise children properly.
There is not a whole lot of scientific evidence for it being good from what I understand.
I would also argue that if you broaden the definition of social media too far you’re not really talking about social media anymore. Calling your friends on Signal isn’t “social media.”
And the definition of social media is broad. I would argue Signal is social media. It lets you form social networks, chat and share different kinds of media. That's all social media is. Social media is more than Twitter, Facebook and TikTok. And I have trouble with the argument that being able to form social networks and share different kind of media is somehow ontologically evil. There are hundreds of social media platforms around the world and countless apps integrating social features, but only a few American platforms seem to be a problem. So maybe it isn't "social media," maybe it's American culture and Silicon Valley capitalism.
The addiction loops, surveillance, data mining, radicalization through algorithms promoting extremist content, etc. aren't fundamental to what social media is, they're aspects of how specific social media platforms have been implemented. It is possible to have social media without all of those negative externalities.
The Bsky team regularly highlights other apps, custom feeds, and moderation choice
The end user just sees they can subscribe to a moderation list that hides any post labelled as "Beans", or that they can have a feed next to their Discover feed that's an endless stream of people getting ligma'd.
Or that they can use their account to log into a seemingly unrelated site.
That’s also why it frames the benefits in the concrete way that shows up in the products — like products being able to riff on each other’s data.
My audience for this article is slightly technical so I put some focus on the technical parts. I don’t try to avoid mentioning the “protocol” for the same reason why teaching to make websites involves mentioning HTTP.
I 100% agree with you though and that’s important for broader communication. What people care about are good products.
I'm a bit concerned that the open web only won because of first mover advantage. What gives me hope is OSS winning.
I'd love to see something like atproto win though. It's clear that a major issue with social media is network effects preventing better apps from becoming popular.
One thing ATProto does is enable real competition in social apps, assuming they all run on the atproto fabric. One of the core hopes is that we can get everyone over to something like atproto once, to get them out of the silos, such that this is there last time they have to "move" their social network
Oh how times have changed. . .
On one side I find these ideas extremely compelling. This is aligned with the Indie web body of work, that pictures anyone having a personal website of their own content and ownership over that. And this page an article are beautifully put together.
On the other hand, we haven’t really seen a lot of developers adopting these standards for their own projects (like using this for their personal website or open source project). Nor from casual users (including people who make their own blogs and websites).
I am deeply concerned about the apathy people have towards the idea of ownership, openness and interoperability. It gives the idea that people just want to be fed TikTok and Instagram reels.
I respect the vision and the work. Will personally see if we can use this for our work. But I wonder how we make this into something that’s not just a micro niche hobby.
One never knows, but for sure it won't happen when we do nothing.
There are several protocol components you can run independently, each filling a different role and having different complexity levels
If you mean the PDS, not sure if it is simpler than the unknown point you are looking to compare against. Bsky did just announce that you can migrate back to their PDS hosting to make trying out alternatives a one-way trip
I know we can do all this by just posting to Bluesky. But I want to give usernames, host the data on our end, and I’d prefer using the protocol but not be directly associated or dependent on Bluesky.
1. Run the PDS, many people who would not group themselves with technical folks do this. (data hosting, handles)
2. Use or create an alternative client app, depending on if you want to intermingle Bsky data
3. Relay, moderation, algorithms. If you want to divest completely from Bluesky, there is more to run. If you build your own lexicon, you have to do all the moderation and algorithms, among the many other things.
There are also a couple of discord channels and even a server for PDS self-hosters
https://discord.atprotocol.dev
Can you expand on this feeling? Why is it deeply concerning? Why should people care about the abstract concept of data ownership? People were totally fine when they had zero ownership or agency over media and they were fed TV, books, movies, radio, etc. Most people do just want that, their primary motivation to engage with media is just to be entertained in that moment.
Now that they have places where they can publish stuff and their friends and family and maybe even some other people might see it, why should they care that they don't "own" their Instagram post, whatever that means?
No I think it's predicated on creating a product that people like to use. That's the Step 1 that OSS zealots miss when they focus entirely on these niche lofty ideals. I highly doubt the average Instagram user is yearning for - or would even be enticed by - a version of that same experience that has a lower exit cost.
That's the problem with these Twitter clones. "It's just like Twitter, but RESPECTS your data ownership" is not compelling. Just create a freaking compelling and original user experience (the actual hard part that made the big platforms successful) and secretly do whatever you want on the back end.
The entire value of a social media platform is in the network. Accumulating and maintaining one is the actual hard part that made the big players successful.
None of these platforms started with a network. They weren't cooked up by evil investors and MBAs looking for a rent-extraction scheme. Nor were they designed by a committee of philosophical experts saying "oh we'll just copy their thing and make it more esoteric and confusing so that maybe one day we can aggregate content from 14 competing Twitter-like platforms and you can switch between them whenever you like!" They were started largely by kids goofing around and making fun things for people.
Your question:
> why should they care that they don't "own" their Instagram post, whatever that means?
From the article:
> The web Alice created—who she follows, what she likes, what she has posted—is trapped in a box that’s owned by somebody else. To leave it is to leave it behind. On an individual level, it might not be a huge deal. However, collectively, the net effect is that social platforms—at first, gradually, and then suddenly—turn their backs on their users. If you can’t leave without losing something important, the platform has no incentives to respect you as a user.
Your question:
> can you give examples of good and bad incentive structures in this context?
From the article:
> Maybe the app gets squeezed by investors, and every third post is an ad. Maybe it gets bought by a congolomerate that wanted to get rid of competition, and is now on life support. Maybe it runs out of funding, and your content goes down in two days. Maybe the founders get acquihired—an exciting new chapter. Maybe the app was bought by some guy, and now you’re slowly getting cooked by the algorithm.
> Luckily, web’s decentralized design avoids this. Because it’s easy to walk away, hosting providers are forced to compete, and hosting is now a commodity.
I think you’re right that the average person doesn’t care so much as they just want to be entertained or reach a large network, but apathy is not an argument in favor of the status quo.
At this point my argument is that the ability to switch providers is not a major concern to most users of these platforms. I don't want a generic social media hosting provider. I want the Facebook experience, or the Instagram experience, or the Twitter experience. I'm happy to be in the garden and on the rails because it's easy and tightly curated. I don't want some Frankenstein amalgamation of data from all these things. I don't want to shoehorn my Instagram world into something else.
And yet, I don't lament that 10-15 years of my online life have "vanished" - I was an ignorant little snot back then, and actually, am VERY glad they HAVE vanished. And thankfully I've generally used aliases / usernames instead of my actual name in most places (other than the usenet posts that were from my university account) so that wayback can't be used against me easily. Heck - I wish I could assert/enforce a "right to be forgotten" (vanish) on some websites. Rarely have I wished (especially in this current administration) that I was MORE visible / persistent online.
People that really want to preserve and archive their content find a way to do it and manage it separately. I have all the pictures that I've posted to Instagram. I have anything I've written that I cared enough to keep. If and when IG dies or I move onto the next thing, am I really going to want to meaningfully preserve and transfer the specific contents of that walled garden somewhere else? Maybe. I can definitely see the value, but it doesn't seem super compelling to me yet.
There is something to be said for the uniquely curated walled gardens and the centralized trust and organization and opinions they bring. When I started an Instagram account, I didn't want to transfer my Facebook world, it's a new world with a fresh start. I didn't want the same friends, the same voice for myself, etc. I certainly wouldn't have wanted to dig through all of that to figure out what made sense to carry over.
Disagree. The punk phenomenon was largely about reclaiming that ownership and agency over cultural output, and it was massive in the 70s/80s/90s. The early web was very punk in attitude, with people basically self-publishing. Even in the '00s, there was still a clear distinction between "corporate" portals and grassroots.
This phenomenon where even creatives and intellectuals are Just Fine with playing in someone else's heavily-tweaked, hyper-monetized sandbox, is a new development.
But there's a lot of work developing on that front, and the next 6-12 months will be super exciting to watch.
The longer story is that most people don't understand that ATProto is more than just Bluesky, and the usecases are wayyyyyy broader. That's going to take more time to play out in the market.
Basically our thing would give that ecosystem the ability to have personal pages that can look like Patreon, YouTube, Instagram and others
I’d prefer running our own thing separate from bluesky. We’d give people something like username.page.app and they’d make posts there. If people wanna follow on bluesky they can, and we provide a username that’s just the url.
I know we can do all this by just posting to Bluesky. But I want to give usernames, host the data on our end, and I’d prefer using the protocol but not be directly associated or dependent on Bluesky.
I know we can do all this by just posting to Bluesky. But I want to give usernames, host the data on our end, and I’d prefer using the protocol but not be directly associated or dependent on Bluesky.
> or dependent on Bluesky.
If you want to take this to an extreme, and are uncomfortable with how did:plc has not yet moved into its own org, then you'd want to also run your own plc server, etc. The problem with doing this is:
> If people wanna follow on bluesky they can
You lose this. Because you're now not running on the main atproto system, but instead a fully parallel one of your own.
Anyway, you could start on this by running a PDS via the reference implementation here: https://github.com/bluesky-social/pds and then building your own appview (application).
You could also take a look at Blacksky's implementation https://github.com/blacksky-algorithms/rsky and if you end up using it, consider throwing them a few dollars. Alternative implementations are super important!
We already built our own platform independently from Bluesky, so we have a timeline in the wrong post and everything. I’m just trying to give our users into opera ability. So that when they make a post on our platform, people can also follow your Bluesky and see on their timeline. Am I correct to assume then that we would not require our own app view?
> Am I correct to assume then that we would not require our own app view?
Well, given that you have built a platform, and you then want to interact with the atproto eocsystem, that means you'd be making your platform an appview, in a sense. An appview is just a service that reads the underlying data from the network and does something useful with it.
Can you also do one for NOSTR?
The functioning is similar, albeit there is no need for hosting user data since it can be sent to multiple relays and live reachable to others from there.
Thanks in advance.
Quite a lot of food for thought today. Thank you for that.
In theory additional dids could come into existence too, those are just the two that blueksy supports at the moment.
It’s worth noting that PLC can’t fake your data because each edit is recursively signed. So you can verify a chain of updates. However, PLC can in theory deny you service or ignore your updates.
Also someone from Nostr made a tool that let you upload image files and encode them (split into parts) into plc directory records…
> Your goal here is to make the best YOUTUBE videos possible. That’s the number one goal of this production company. It’s not to make the best produced videos. Not to make the funniest videos. Not to make the best looking videos. Not the highest quality videos.. It’s to make the best YOUTUBE videos possible.
When I glance at the Bevy discussion link you shared, my reaction is:
> Your goal here is to make the best GITHUB OPEN SOURCE game engine possible. It's not to make the most performant game engine. Not to make the game engine that powers the best games. Not to make the best looking graphics in a game engine. Not the highest quality game engine or game editing experience. It's to make the best GITHUB OPEN SOURCE game engine.
That sounds awful if applied to Bevy, and seems you misunderstand what "Mr. Beast" is trying to say.
They're not saying make the best game engine, but make the game engine that would do best by GitHub-popular metrics, which is absolutely the wrong way to go.
I hope they continue to simply make the best game engine available, as before, and ignore useful metrics or focusing on where it's hosted.
Bevy is still incomplete as an engine. AFAIK there's only one commercially successful game made with it, Tiny Glade, and it doesn't even use Bevy's renderer but a custom one.
Yet the Bevy developers distract the project with essays and debates about the politics of their federated social media presence. You don't need that to build a game engine, but you do to build a "GITHUB OPEN SOURCE" game engine. I don't think there's anything inherently wrong with it, but that's clearly the focus here.
Yes, but the misunderstanding I'm trying to point out is that Mr Beast is not trying to create something of value, they're trying to create something that works well on a specific platform.
In the Bevy analogy, that would be creating a GitHub project that gets the most stars, regardless of how useful or well the engine itself is working.
I'm instead saying the same thing as you, they should continue focusing on building the greatest engine, regardless of the platform for hosting the project.
If Bevy were to follow Mr Beasts advice, they'd focus on flashy demos, engaging READMEs and so on, to increase the success on the platform itself, instead of focusing on the engine itself, which from following their direction almost since inception, they're doing a pretty good job with already.
For another thing, even if there aren't any other specific effects that are desired, there still might be some that are specifically not wanted, and avoiding those might be important. Mr. Beast is a exactly the type of example that demonstrates this point; by focusing on making the "best" YouTube content as measured purely by popularity, he's done all sort of things that someone might very understandably want to avoid. I agree that he's not confusing, but that's not the issue with him. He's extremely transparent in how little he cares about whether what he does actually helps anyone other than himself (or if he hurts other people in the process of helping himself). I suspect this is quite different from the mentality of most open source developers, who are putting in personal time and effort towards contributing to something that realistically has little likelihood of direct personal benefits for those involved. What you're perceiving as a lack of focus comes across to me as having the humility and thoughtfulness to try to look at the big picture and understand one's actions in the context of a larger environment that isn't improved in the long term by pursuing a single narrow goal to the exclusion of literally everything else.
Of course I understand these are different things. Bevy is not at all competing with Unity.
Because Bevy is trying to be best GITHUB OPEN SOURCE game engine. I’m just trying to be a little jocular about how… you know, I didn’t say unfocused, but surely it seems a little silly to write 3000 words in response to a community worried about which open source social media federation protocols to adopt. That giant thread IS the product, it makes perfect sense from the POV that Bevy is trying to be the best OPEN SOURCE GITHUB GAME ENGINE, in the same way that Mr Beast is making the best YOUTUBE videos or Egyptology professors are making the best EGYPTOLOGY writing or painters are making the best PERSONALLY MEANINGFUL FINE ART or whatever. I like Bevy!
You're the only one saying this. No one else, including the person working on the project that you originally responded to, have claimed this is their sole goal to the inclusion of everything else. It's hard to tell if you think they literally don't care about anything else but are choosing their actions poorly, or if you think that they have the wrong priorities and should change them, or if you just didn't really stop to consider that maybe your assumption about what you're saying they're trying to do is incorrect and haven't read what I'm saying closely enough to understand that no number of examples of other things that happen to fit what you're saying is relevant if you aren't able to establish why anyone else should agree that it applies here in the first place.
Unity and Unreal also have billions of dollars in funding
I agree, but why not also apply the same logic to the other two communication platforms you are using (Discord and GitHub)?
Aside, this infuriates me - "here's our open source project/website, join our Discord!" (even Lemmy instances). sigh
One point I disagree on that's also mentioned in the replies: I don't think a global state should be seen as necessary or even desirable. Sure, it helps people who optimize for clicks/likes/attention as a business model But that shouldn't be the only concern. Having some degree of uncertainty around the global state can help reinforce a healthy skepticism towards what you're seeing in general. The 'correct' global number of upvotes on a post, or the majority of what has been said about a subject might still be manipulated to the point of being essentially fake. Optimizing for virality is not desirable if you think of the platform as a public good. Think about what it has done for the centralized platforms, and the consequences it's had in the real world.
This is why Bluesky could never have "private likes" in the same way Twitter or ActivityPub does—every AppView needs to track the like counts of every post in the network manually. It's a huge hassle! I just don't see this architecture winning out in the long term, when compared to the AP feed-subscription architecture.
Actually, this was how AP was originally designed as well—it was just that the most popular early implementations took shortcuts to remove that functionality to fit them into their existing architecture. This is a direct consequence of the fact that the biggest AP implementations when it was initially adopted were descendants of older OStatus social networks, and not built to be "ActivityPub-native" from the ground up.https://atproto.com/articles/atproto-for-distsys-engineers
Lost me right there. Open source is the infrastructure that powers closed cloud. None of the openness makes it to the end user. It only benefits highly technical users and businesses.
Open source was made irrelevant (to non-technical users) by the shift to services and cloud.
228 more comments available on Hacker News