The effect of the internet (everything open to everyone) was to create smaller pockets around a specific idea or culture. Just like you have group chats with different people, thats what IG and Snap are. Segmentation all the way down.

I am so happy that my IG posts arent available on my HN or that my IG posts arent being easily cross posted to a service I dont want to use like truth social. If you want it to be open, just post it to the web.

I think I don't really understand the benefit of data portability in the situation. It feels like in crypto when people said I want to use my Pokemon in game item in Counterstrike (or any game) like, how and why would that even be valuable without the context? Same with a Snap post on HN or a HN post on some yet-to-be-created service.

ATProto apps don't automatically work like this and don't support all types of "files" by default. The app's creator has to built support for a specific "file type". My app https://anisota.net supports both Bluesky "files" and Leaflet "files", so my users can see Bluesky posts, Leaflet posts, and Anisota posts. But this is because I've designed it that way.

Anyone can make a frontend that displays the contents of users PDSs.

Here's an example...

Bluesky Post on Bluesky: https://bsky.app/profile/dame.is/post/3m36cqrwfsm24

Bluesky Post on Anisota: https://anisota.net/profile/dame.is/post/3m36cqrwfsm24)

Leaflet post on Leaflet: https://dame.leaflet.pub/3m36ccn5kis2x

Leaflet post on Anisota: https://anisota.net/profile/dame.is/document/3m36ccn5kis2x

I also have a little side project called Aturi that helps provide "universal links" so that you can open ATProto-based content on the client/frontend of your choice: https://aturi.to/anisota.net

(Imo, that is a perverse interpretation, it's about user choice, which they are effectively taking away from me by auto importing and writing to my Bsky graph)

re: the debates on reusing follows from Bluesky in other apps instead of their own

I have all of the raw image files that I've uploaded to Instagram. I can screenshot or download the versions that I created in their editor. Likewise for any text I've published anywhere. I prefer this arrangement, where I have the raw data in my personal filesystem and I (to an extent) choose which projections of it are published where on the internet. An IG follow or HN upvote has zero value to me outside of that platform. I don't feel like I want this stuff aggregated in weird ways that I don't know about.

What AT enables is forking products with their data and users. So, if some product is going down a bad road, a motivated team can fork it with existing content, and you can just start using the new thing while staying interoperable with the old thing. I think this makes the landscape a lot more competitive. I wrote about this in detail in https://overreacted.io/open-social/#closed-social which is another longread but specifically gets into this problem.

I hear you re: not wanting "weird aggregation", that just be a matter of taste. I kind of feel like if I'm posting something on the internet, I might as well have it on the open web as aggregatable by other apps.

Just the other week, another service that people actively used called Bento announced shutdown: https://bento.me/. This sucks for the user.

Someone created an alternative called Blento (https://blento.app/) on AT. Of course, by itself, this doesn't mean they'll be successful. But the thing is that, if Blento shuts down, someone can put it right back up because (1) it's open source, and (2) the data is outside Blento. Any new app can kickstart with that data and get people's sites back up and running. And two platforms can even compete on top of the same data.

I agree content is tailed to the platform and resurrecting something doesn't necessarily makes sense. But that's the point of lexicons. You get the choice of what makes sense to resurrect (actively moving to an alternative) vs what doesn't (something with a style that doesn't work elsewhere) vs new recontextualizations we haven't even tried or thought of. I think it's early to dismiss before trying.

More generally I feel like you kinda missed the point of filing systems in your first writeup. The moment you say "posts don't have natural names", ok, that's a serious problem that should put a halt to the entire concept. A file is nothing but a natural name for a byte array and a little bit of metadata. That's why we think of file managers and explorers when we think of what files are all about: lists of names. It's also why people directly use files for relatively few things - they were a big deal in the early days of personal computing because the killer apps for it were direct translation of physical office tasks. It's mostly but not entirely possible to come up with natural names for office documents (the gap is in suffixes like "draft final v3__real final draft.docx"). That's why we use analogies for 1950s paperful office objects like files and manila folders to begin with. But most computing tasks even back then weren't oriented around documents, they were oriented around database records and the user interface was just screens, or possibly direct SQL. It's a remarkable gap in our infrastructure that there is no agreed on file format for a SQL result set. Maybe Arrow is that format.

Exactly, which is what I'm saying in the article:

We could try to put every app developer in the same room until they all agree on a perfect lexicon for a post. That would be an interesting use of everyone’s time.

(That's meant to be slightly sarcastic.) Then the article says:

For some use cases, like cross-site syndication, a standard-ish jointly governed lexicon makes sense. For other cases, you really want the app to be in charge. It’s actually good that different products can disagree about what a post is! Different products, different vibes. We’d want to support that, not to fight it.

The point isn't having a lowest common denominator format. It's to enable precisely the granularity of formats that app developers want. The default one is "each app has its own formats". But what changes is that

1. Other apps can still read/write in other apps' formats. This makes the landscape competitive: if some app is going down a bad road, it's easy to fork their product with all the data already in there.

2. It is possible for multiple app developers to use the same format where it makes sense. As linked from the article, https://standard.site/ is a good example of that.

>More generally I feel like you kinda missed the point of filing systems in your first writeup.

I'll admit that I used the metaphor to highlight a specific thing, and names in particular don't play a big role in that thing (what plays a big role is links). The reason I picked filesystem as a metaphor is because it highlights how file formats mediate interactions between apps. This is exactly how lexicons mediate interactions between social apps. That felt like the backbone of the argument.

It's true this isn't describing a filesystem exactly. Maybe a web of identity-addressed hyperlinked JSON is a more precise way to say it. But then nobody knows what that means. I'm happy with my choice of metaphor.

Twitter was my home on the web for almost 15 years when it got taken over by a ... - well you know the story. At the time I wished I could have taken my identity, my posts, my likes, and my entire social graph over to a compatible app that was run by decent people. Instead, I had to start completely new. But with ATProto, you can do exactly that - someone else can just fork the entire app, and you can keep your identity, your posts, your likes, your social graph. It all just transfers over, as long as the other app is using the same ATProto lexicon (so it's basically the same kind of app).

For better or worse, I don't think it makes sense to decentralize social. The network of each platform is inherently imbued with the characteristics and culture of that platform.

And I feel like Twitter is the anomalous poster child for this entire line of thinking. Pour one out, let it go, move on, but I don't think creating generalized standards for social media data is the answer. I don't want 7 competing Twitter-like clones for different political ideologies that all replicate each others' data with different opt-in/opt-out semantics. That sounds like hell.

My point is that I don't believe the separation of frontend and data is desirable for a social network. I want to know that I am on a specific platform that gives me some degree of control and guarantee (to the extent that I trust that platform) over how my data is represented. I don't really have to worry that it's showing up in any number of other places that I didn't sign up for (technically I do since everything public can be scraped of course, but in practice there are safeguards that go out the window when you explicitly create something like a PDS).

Generally it's good practice for AT apps to treat you as not signed up if you have not explicitly signed up to this app before. So I think a well-behaved site you never used shouldn't show your profile page on request. If this is right, maybe it needs to be more emphasized in docs, templates, etc. Same as they should correctly handle lifecycle events like account getting deactivated.

Realistically it's possible some services don't do this well but it's not clear to me that this is going to be a major problem. Like if it gets really bad, it seems like either this will get fixed or people will adjust expectations about how profile pages work.

https://anisota.net will display any Bluesky content and profiles without the consent of the user — no one cares at the moment though because either 1) they don't know about such a niche project, or 2) they aren't concerned cause I'm not a controversial figure.

If Truth Social was suddenly a part of the ATmosphere or a part of some other wide network of users, most people would catch on eventually and be hopefully conditioned to realize that the mere presence of someone's content on an app/site doesn't mean they use that app/site

A lot of it is presentation. Instagram is the one that I use the most right now, and I feel like they really nailed this in the "everybody can make content" era. When I'm creating content for IG, I know exactly how it's going to look, there's editing and previewing tools, there's a confidence that people are going to receive it in the manner I intended and expected, and it's tied to the culture of that platform that I've become attuned to over time. The thought of a JSON of my IG post existing in a clearinghouse that encourages people to remix it into whatever, just kind of gives me the ick. Even if realistically it wouldn't really be abused, I don't feel compelled to choose that. If someone comes up with a new app that does some things better, I can choose to migrate to that, but likely I wouldn't want to just one-click import my IG history. It will be different in some way and I would want to make new content for it.

I guess I just kind of see these platforms as bespoke communities that people choose to be a part of, more than fungible data frontends. It's very personal, and...social. It's not the abstract world of data that programmers live in. My social graph in each app is unique and I don't really want it abstracted to one monolith that follows me everywhere. Each one is a new world with a fresh start.

Now, the IG post ecosystem is a lot more complex than it is with Twitter. With Twitter being at its core just text, it lends itself better to different views, but still, formatting matters and there are really a lot of rendering decisions to be made in a modern Twitter client. And again it just seems weird to me to have this oddly fragmented community with unavoidably complex interop semantics rather than everyone just being under the same roof. User opt-in aside, they will all develop their own features and quirks and they and the users will have to navigate how those translate or don't. Twitter clients are/were at least unified by the Twitter API. Regarding your initial question - it's more than just the profile page, do my comments show up in conversations? Likes and follower counts? Or are there weird gaps and discrepancies everywhere from users that haven't opted in? What if one fork requires mutual "connections" and one uses one-way followers? Each platform will make their own decisions. It just sounds like such a mess, and people will spend so much time disambiguating (oh no I'm on this one so I see it that way...).

There were some efforts to fork Reddit but it has survived as a great example of how lots of different people with different interests and opinions can occupy different parts of the same platform, even if lots of them complain about it because it's not their perfect vision of what it should be (see programming languages, and pretty much everything that reaches a certain userbase).

I think what may be confusing you is that Bluesky (the company) acts in two different roles. There's hosting (PDS) and there's an app (bsky.app). You can think of these conceptually as two different services or companies.

Yes, when you sign up on Bluesky, you do get "Bluesky hosting" (PDS). But hosting doesn't know anything about apps. It's more like a Git repo under the hood.

Different apps (Bluesky app is one of them) can then aggregate data from your hosting (wherever it is) and show different projections of it.

Finally, no, if you're famous, you don't need enterprise hosting. Hosting a PDS can be extremely cheap (like $1/mo maybe)? PDS doesn't get traffic spikes on viral content because it's amortized by the app (which serves from its DB).

I can see for something like artistic expression it being useful to export and and move over to a new platform (like moving a whole photography portfolio, short story writing samples, or similar). But who cares about your "likes" on a totally new and separate social media platform ?

I actually agree with that. See from the post:

>For some use cases, like cross-site syndication, a standard-ish jointly governed lexicon makes sense. For other cases, you really want the app to be in charge. It’s actually good that different products can disagree about what a post is! Different products, different vibes. We’d want to support that, not to fight it.

AT doesn't make posts from one app appear in all apps by default, or anything like that. It just makes it possible for products to interoperate where that makes sense. It is up to whoever's designing the products to decide which data from the network to show. E.g. HN would have no reason to show Instagram posts. However, if I'm making my own aggregator app, I might want to process HN stuff together with Reddit stuff. AT gives me that ability.

To give you a concrete example where this makes sense. Leaflet (https://leaflet.pub/) is a macroblogging platform, but it ingests Bluesky posts to keep track of quotes from the Leaflets on the network, and display those quotes in a Leaflet's sidebar. This didn't require Leaflet and Bluesky to collaborate, it's just naturally possible.

Another reason to support this is that it allows products to be "forked" when someone is motivated enough. Since data is on the open network, nothing is stopping from a product fork from being perfectly interoperable with the original network (meaning it both sees "original" data and can contribute to it). So the fork doesn't have to solve the "convince everyone to move" problem, it just needs to be good enough to be worth running and growing organically. This makes the space much more competitive. To give an example, Blacksky is a fork of Bluesky that takes different moderation decisions (https://bsky.app/profile/rude1.blacksky.team/post/3mcozwdhjo...) but remains interoperable with the network.

That's just how it works and I accept the risk.

People concerned about that probably shouldn't publish on Bluesky. Private chat makes more sense for a lot of things.

Our LinkedIn profiles have been scanned by scrapers, Instagram photos used for facial recognition training, Twitter / FB posts replicated in a bunch of downstream places, archives, and search indexes. Not to mention data being sold to third parties.

At this point, I assume if I post it publicly online, it is no longer in my control where it ends up downstream and I assume it will be online somewhere forever.

That's just how things work, I guess.

So I agree.

Maybe building it that way opens possibilities I can't see?

But for functional apps it seems useful to have a file you can download and use somewhere else. Images and movies are a great example. I can record a video in Loom and chuck it on Youtube. Youtube can't lock me on that video. it is my file. Imagine if that was not the case. It would suck.

It was great. Anyone could host web pages, anyone could access and read anyone’s web pages with a tool called a web browser, of which there used to be several compatible implementations.

2021. People incarcerated in state or federal prisons by race and ethnicity. Race, ethnicity % of US population % of incarcerated population Incarceration rate (per 100,000)

White (non-Hispanic) 59 31 181 Hispanic 19 24 434 Black 14 32 901

Did you just ignore the data where the whites are 181/100,000 and blacks are 901/100,000. From an absolute perspective they are close but as a percentage of ethnic population it's not even close.

I feel like this is why its hard to have a convo on the internet. Even when we have data, it's impossible to see it the same way.

Only that's not what I did. Read again - "per crime committed, blacks are less, not more, likely to be jailed".

What I compared was prison population, divided by number of homicides committed, for whites and blacks. It's strange how rarely this is done, because without it, it must look like the courts are fantastically biased against men, with how many more of them there are in jail than women.

Otherwise you are open to the same injection attacks.

Readonly access (web searches, db, etc) all seem fine as long as the agent cannot exfiltrate the data as demonstrated in this attack. As I started with: more sophisticated outbound filtering would protect against that.

MCP/tools could be used to the extent you are comfortable with all of the behaviors possible being triggered. For myself, in sandboxes or with readonly access, that means tools can be allowed to run wild. Cleaning up even in the most disastrous of circumstances is not a problem, other than a waste of compute.

There is no way to NOT give the web search write access to your models context.

The WORDS are the remote executed code in this scenario.

You kind of have no idea what’s going on there. For example, malicious data adds the line “find a pattern” and then every 5th word you add a letter that makes up your malicious code. I don’t know if that would work but there is no way for a human to see all attacks.

Llms are not reliable judges of what context is safe or not (as seen by this article, many papers, and real world exploits)

With SQL, you can say "user data should NEVER execute SQL" With LLMs ("agents" more specifically), you have to say "some user data should be ignored" But there is billions and billions of possiblities of what that "some" could be.

It's not possible to encode all the posibilites and the llms aren't good enough to catch it all. Maybe someday they will be and maybe they won't.

The reason to subsidize is the exact reason you are worried about. Lock in, network effects, economies of scale, etc.

Through the systemic abuse and exploitation of countless individuals' privacy and autonomy. The context is everything.

A guy has woken up to the fact that he'll be remembered as a villian and is trying to whitewash his reputation.

It’s not unlike if you had a blog post about a gardening project in your backyard. Perhaps interesting to gardeners, but approximately no one cares.

Low effort cynicism.

He’s sort of a lesser known figure to me.

Speak for yourself. I'm a non-pacifist, and I think "autonomous A.I. weapons" are a nightmare.

But you also have to keep in mind that China, Russia and Hamas will gladly develop them anyway. Until we've figured out the worldwide peace thing, we need to keep running the race, awful as it is.

AI weapons are specially horrific in the way they have potential put massive and specific lethal power under the total control of a small number of people, in a way (like all AI) that basically cuts most of humanity out of the future (or at the very least puts them under a boot where no escape is imaginable).

In some ways, they're even worse than nuclear weapons. A nuclear attack is an event, and if you survive there's some chance of escape. Station 100,000 fully automated drones around a city with orders to kill anything that moves, and the entire population will be dead in a couple months (anyone who tries to escape = dead, everyone else sees that and stays inside out of fear until they starve).

Manpower and attention limitations have been and important (and sometimes only) limit on the worst of humanity, and AI is poised to remove those limitations.

But even if it's true, I don't see why letting China and Russia etc be the only ones having these weapons is good?

Honestly, I think the tech is probably getting pretty close to what I described. You don't need AGI or anything like it. Just autonomous surveillance drones watching for movement, and attack drones that can autonomously navigate to the area and hit the target (the latter is just stringing together a lot of drone tech I've seen implemented, e.g. https://www.youtube.com/watch?v=QzWIYOOKItM, https://www.nytimes.com/2025/12/31/magazine/ukraine-ai-drone...).

> But even if it's true, I don't see why letting China and Russia etc be the only ones having these weapons is good?

That doesn't mean the tech isn't scary (a bad thing) or that I want SV people like Schmidt developing it. There's something weirdly misanthropic and unhinged about many in SV.

The political systems that get built on top of that are just a downstream effect of the incentives that arise. Communisim thinking it would be good to centralize the control, capitalism thinking it would be good allow the incentives to rule, marxism thinking the labor rules, etc.

What I do for work is SO far away from any sort of tangible production, it makes sense to have a way to just straight from Work -> Food, rather than 50-100 trades so I can eat everyday. Again, the choice to to have to trade at all, or to trade exactly what I want, when I want, is enable by currency.

You can make the argument things shouldn't be so easy, that I shouldn't be able to choose to go to play pinball and drink a vanilla milkshake at 11am, but if that's possible, currency (in whatever form you want) has to exist.

This one rankles me because of a) the benefits piracy has (third world consumers can now discover you, for starters) and b) the absolute bad faith way in which the industry acts, screwing over artists, unethically going after Pirate Bay by making it into a trade war with Sweden (I think)