[taion]

One thing I’m curious about here is how BlueSky can credibly commit to only use the open portions of the protocol. BlueSky appears to be de facto quite centralized – given that, it seems like there’s no technical reason why first-party BlueSky clients have to be ATProto clients. Obviously it would be a major betrayal of user trust to do so any time in the near-to-medium-term future, but it seems like the de facto decentralization of ActivityPub gives stronger guardrails here.

[charcircuit]

What are first party BlueSky clients? Do you mean that a first party relay and PDS could communicate over a different protocol. I don't really understand what you are worried about. 2 activitypub clients could talk to each other over a protocol that is not activitypub.

[steveklabnik]

I mean, the code for everything is open source. It's credible because they're doing it. If they started changing to not do it, people would notice, very quickly.

[taion]

That makes sense. So first they have to go closed-source before that attack vector is even feasible, and doing so would be sufficient on its own to raise alarms.