[throwawaymobule]

Those are set by the site requesting the login though.

I believe what they are referring to is custom permissions set by the person logging in, regardless of what the app itself requested.

e.g. login, disable all writes, all attempted repo writes using that oauth token fail.

[verdverm]

It sounds more like they are referring to the prior atproto transition:* scope that had no restrictions, which was horrible, re: every app needs a new account

Today, apps can limit the permissions they request during login. I don't see the dynamic, assuming they mean something where during approval you can deselect options, as a horrible situation. That's something very few apps do even outside of atproto.

[jFriedensreich]

No I am talking about users not being able to change the app permissions. App developers are not the ones to set my permissions, they can reccomend what their apps could need but any platform not giving users final say cannot be taken seriously.

[verdverm]

You must not use very many apps, or must have a ton of accounts. Plenty of apps taken seriously that don't have this dynamic feature. (speaking generally, not specific to atproto)

[jFriedensreich]

Not aware of many apps that force oauth and don't allow email signup... The only exception some github centric apps that request too much and then are mostly let down by github not getting their auth screens up to standards for years, but who is surprised there. I just don't try those unless i already trust the company and really need to.

But all that aside i think a protocol aiming to liberate users and be an open app platform cannot be held to the same standards as corporate garbage that we don't expect to behave differently. Atproto needs to show some commitment to the values of putting users first, its so close.

[verdverm]

> Atproto needs to show some commitment to the values of putting users first, its so close.

I think the Bluesky domination and recent "funding" from Bain Capital move it away from these goals. I've left the app and ecosystem. "user" growth is negative and they are misleading about how many "accounts" there are.

The hero holds the lies: https://atproto.com/

To get to the widely cited 43M "users" you have to count DIDs (accounts, not users) and include takedown and deleted...

[jFriedensreich]

Im somewhat in the middle. I see great things coming out of atmosphere and people who really mean well and do great work. But there are some of these significant gaps that are not addressed in what i think would be the appropriate manner. So far i don't assume too much ill will and instead consider they have many of these topics that matter to different people. If these are still unaddressed when the teams work on seemingly way less important topics is when we should really hear alarm bells. Not related but arc/ browser company using firebase without export and user access to their data was ok as long as it was an experiment in next gen browser UX, but when they started making haptic feedback for the slider to set your colour scheme, while not giving users a way to access their own spaces data was clear it was game over. ATproto is just an experiment no one should build serious things on until there are proper access controls and more importantly an independent European provider for plc.directory etc. and its provable to work without US company mercy.