> The fact that the PDS in practice owns your identity
replyThis is incorrect.
1. a PDS stores data, it does not own the identity.
2. Your identity is controlled by a DID, of which most users use DID:PLC.
3. This means the PLC directory controls who owns the identity.
4. Users can upload their own keys into the directory to ensure they have control.
5. At this point, the threat vector is "PLC directory lies", which is why there are transparency logs and independent mirrors.
Nope. When I’m talking about identity I’m speaking strictly of the keys that sign your messages and the pub key derived from it. In every other cryptographic system that is your identity. It is absolutely correct that the PDS has complete control over your keys when it comes to 99.99% of users. I challenge you to prove the opposite.
reply> When I’m talking about identity I’m speaking strictly of the keys that sign your messages and the pub key derived from it.
replyMe too.
> I challenge you to prove the opposite.
Where are your rotation and signing keys stored? Who can access them? Talking here about the majority case.
replyThere are two kinds of people.
reply1. People who have no idea what decentralized is.
2. People who would try to figure exactly how decentralized something is.
If you are the latter, you would instantly question the data model of Bluesky and of Mastodon as well. If you are the former then that just sounds like a buzzword.