I don’t really like the use of a strawman to argument against in the article. I don’t care that it has a name and looks like an owl. It’s still a strawman, and it’s rather condescending.
Getting back to the whole PDS bit, I don’t really get the importance, given our current scenarios. We are protecting against the enshittification of communication mediums that people use on a regular basis, by giving them a chance to jump ship and move to somewhere else. Or to somehow prevent the enshittification from happening in the first place.
That’s it. Don’t add to this massive scope creep, by inventing other goals.
While the app is centralized, the data isn’t completely centralized. In ATProto your data is written to your own PDS ( Personal Data Server ), and that PDS can be hosted by anyone. So if the app goes down, you can still have your data on your PDS.
What good is this PDS when the app goes down? Let’s say that Bluesky gets bought out and everybody wants to get rid of it. You have your own PDS, fine. You find this cool new ATProto-compatible service that a lot of people are jumping on.
Problem: Your PDS is useless. It’s not like you can link these disconnected replies in your data stream to the new service. Not everybody in the reply chain moved over, or they didn’t move over at the same time as you. What the hell in this PDS is actually useful to a new service? Start time? Number of replies? Block lists that no longer apply? And this new service is actually going to trust all of those numbers? Fuck no! Never trust user data!
Well, if Omnivore was an ATProto app, and they shut down their server, all of the users would still have their data on their PDS in a standardized format. At that point, any other developers can come in and run another app, or even the same app if it was Open Source like omnivore, and access all of the existing data already on your PDS when you login.
No! Wrong! Try again! Your data is just your data. Conversations have relationships. Relationships have links. Disconnected data points are fucking useless!
When somebody lets you “Login with ATProto”, unlike the “Login with Google” button, it actually lets you login with your very own PDS.
Oh, great… we’ve introduced login poisoning potential. Yes, trust this random user that they authenticated properly with a session token. I did not see the word “security” once in this article, which makes me think they haven’t even considered it.
The “Login with Google” button has been so useful and yet so horrible for the freedom of the web. Why does google get to be the gatekeeper to all of our web logins?
Because Google at least understands session security and login practices. What’s the one absolute law on the internet that OWASP hammers home over and over again?
Never trust user input!
You can’t decentralize authentication to such a degree that it’s personalized. There has to be a semi-centralized authority. With Lemmy, it’s the Lemmy instance that we choose.
Gah, there is so much wrong here that I don’t feel like trying to comment on every single point here. This article is trying to answer the wrong questions and literally using a strawman to pretend that they know what the public is asking about.
Nebula is a gated community for YouTubers who have already made it. They have no avenue for adding more users, like the wealth of good indie YouTubers that are up and coming, and they don’t even seem to want to add to their own curated list themselves. Their community has been stagnated for years. All they have done is forced their current membership to constantly advertise for them on YouTube.
Nebula is not the answer and never will be. I don’t even see a point in going there, because I already have these same channels on YouTube.