Conversation

Notices

1. Embed this notice
   Mario Zechner (badlogic@mastodon.gamedev.place)'s status on Tuesday, 17-Oct-2023 11:52:50 JST Mario Zechner

   The past two nights I wrote a "thread reader app" for BlueSky.

   https://skyview.social

   Oh boy. The protocol is absolutely insane. RPC galore, responses are only partially typed. The docs are pretty much useless.

   But the "funniest" part is this: there's no privacy. And I don't mean missing DMs.

   All your posts are available through API endpoints. Without any authentication. By design.

   The "invite-only" thing may have you think otherwise.

   Here are my last 100 posts.

   https://bsky.social/xrpc/com.atproto.repo.listRecords?repo=badlogic.bsky.social&collection=app.bsky.feed.post

   • Pleroma-tan likes this.
   • HistoPol (#HP) 🏴 🇺🇸 🏴 repeated this.
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Tuesday, 17-Oct-2023 18:54:39 JST Sexy Moon

     in reply to
     @badlogic your posts are marked as public on bluesky, they said there are only public posts on bluesky right now. the limitations are only because it's still in active development not intrinsic, if there was more then one server then obviously your posts would be readable by everyone without an app since it would be decentralized. mastodon has an unauthenticated feed for all public user posts as well. none of this is better or worse.
     eris likes this.
   • Embed this notice
     Mario Zechner (badlogic@mastodon.gamedev.place)'s status on Tuesday, 17-Oct-2023 18:54:41 JST Mario Zechner

     in reply to

     For all its faults, Mastodon is the better platform for people who care about having control over their data. It's definitely not perfect in that regard either, but at least it tries.

     Also, it has GIFs and videos and polls. Based on BlueSky's dev velocity, they'll have that sometime 2032.

   • Embed this notice
     Mario Zechner (badlogic@mastodon.gamedev.place)'s status on Tuesday, 17-Oct-2023 18:54:42 JST Mario Zechner

     in reply to

     Quite a few people sure were surprised to learn that all their posts can be read without a BlueSky account. Especially those who fled Xitter to be a bit more sheltered from harassers and nazis.

     Welp.

     HistoPol (#HP) 🏴 🇺🇸 🏴 repeated this.
   • Embed this notice
     Herbi :coffefied: (herbi@mstdn.social)'s status on Tuesday, 17-Oct-2023 18:55:39 JST Herbi :coffefied:

     in reply to

     @badlogic When I sent my first post I received a warning similar to “Your posts are public” the faq also confirmed this.

     “Bluesky is a public social network. Think of your posts as blog posts – anyone on the web can see them, even those without an invite code. An invite code simply grants access to the service we’re running that lets you publish a post yourself. (Developers familiar with the API can view all posts regardless of whether they have an account themselves.)”

     https://web.archive.org/web20230523205354/https://blueskyweb.xyz/blog/5-19-2023-user-faq

     Sexy Moon likes this.
   • Embed this notice
     Inventor (inventor@linuxrocks.online)'s status on Tuesday, 17-Oct-2023 18:56:39 JST Inventor

     in reply to

     • Erik Moeller

     @eloquence

     Hello?
     https://social.coop/@eloquence.rss

     Sexy Moon likes this.
   • Embed this notice
     Erik Moeller (eloquence@social.coop)'s status on Tuesday, 17-Oct-2023 18:56:40 JST Erik Moeller

     in reply to

     • Inventor

     @inventor

     How exactly does it fence them off though if all those posts can be freely mirrored and crawled anyway?

   • Embed this notice
     Inventor (inventor@linuxrocks.online)'s status on Tuesday, 17-Oct-2023 18:56:42 JST Inventor

     in reply to

     • Erik Moeller

     @eloquence @badlogic

     It's not cosmetic, it's a way of fencing off bad actors.

   • Embed this notice
     Erik Moeller (eloquence@social.coop)'s status on Tuesday, 17-Oct-2023 18:56:43 JST Erik Moeller

     in reply to

     @badlogic

     https://firesky.tv/ has been running a searchable live stream for a few months. It's bizarre to me that they're not making it clearer that the login wall is purely cosmetic.

   • Embed this notice
     eris (eris@akko.disqordia.space)'s status on Tuesday, 17-Oct-2023 18:57:29 JST eris

     in reply to

     • Sexy Moon
     @Moon @badlogic the struggle with a lot of it though is it's gonna be impossible to retroactively apply sensible changes that should've been there in the first place. Like how blocking didn't remove a follower because there's no authenticated following. Dumb team sometimes
     Sexy Moon likes this.
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Tuesday, 17-Oct-2023 19:02:17 JST Sexy Moon

     in reply to

     • eris
     @eris @badlogic I believe that was deliberate but at least yeah that is unintuitive and should be made clear. with regard to public posts being publicly available, should be obvious especially when the major selling point is (eventually) decentralized.
     eris likes this.
   • Embed this notice
      (mint@ryona.agency)'s status on Tuesday, 17-Oct-2023 19:30:37 JST 

     in reply to

     • Pawlicker
     @badlogic cc @PurpCat
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     Pleroma-tan (kirby@lab.nyanide.com)'s status on Wednesday, 18-Oct-2023 03:18:14 JST Pleroma-tan

     in reply to
     @badlogic Another amazing win for bluesky!!!!!!!!! The developers are so competent
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     Iska (iska@catposter.club)'s status on Wednesday, 18-Oct-2023 03:28:12 JST Iska

     in reply to

     • Sexy Moon
     • eris

     @eris@akko.disqordia.space @Moon@shitposter.club @badlogic@mastodon.gamedev.place
     okay but
     bluesky alt frontend when

     eris likes this.
   • Embed this notice
     HistoPol (#HP) 🏴 🇺🇸 🏴 (histopol@mastodon.social)'s status on Wednesday, 18-Oct-2023 08:43:46 JST HistoPol (#HP) 🏴 🇺🇸 🏴

     in reply to

     @badlogic

     #Bluesky =User is a publicly available product:

     "But the "funniest" part is this: there's no privacy. And I don't mean missing DMs.

     All your posts are available through API endpoints. Without any authentication. By design."

     https://mastodon.gamedev.place/@badlogic/111246798083590676

   • Embed this notice
     HistoPol (#HP) 🏴 🇺🇸 🏴 (histopol@mastodon.social)'s status on Thursday, 19-Oct-2023 16:18:42 JST HistoPol (#HP) 🏴 🇺🇸 🏴

     in reply to

     Nicht nur massive #Sicherheitslücke bei #Bluesky (alias #Twitter20):

     ALLE Posts sind grundsätzlich ÖFFENTLICH, wenn man über die offizielle Schnittstelle darauf zugreift!

     Via @badlogic

     https://mastodon.gamedev.place/@badlogic/111246798083590676

   • Embed this notice
     HistoPol (#HP) 🏴 🇺🇸 🏴 (histopol@mastodon.social)'s status on Thursday, 19-Oct-2023 20:20:55 JST HistoPol (#HP) 🏴 🇺🇸 🏴

     in reply to

     • z428

     @z428

     Das meinte ich mit "*nicht nur* eine Sicherheitslücke"
     @badlogic

   • Embed this notice
     z428 (z428@loma.ml)'s status on Thursday, 19-Oct-2023 20:20:57 JST z428

     in reply to

     • HistoPol (#HP) 🏴 🇺🇸 🏴
     @HistoPol Ist das wirklich eine "Sicherheitslücke" oder by-design? Soweit ich sehe, ist in Bluesky nirgendwo darauf hingewiesen, dass dort irgendetwas "privat" ist - die Posts haben keine Möglichkeit, Reichweiten oder Zugriffe einzugrenzen, und DM gibt es explizit noch nicht... 🙂
     @badlogic
     HistoPol (#HP) 🏴 🇺🇸 🏴 repeated this.
   • Embed this notice
     Mario Zechner (badlogic@mastodon.gamedev.place)'s status on Thursday, 19-Oct-2023 20:21:08 JST Mario Zechner

     in reply to

     • z428
     • HistoPol (#HP) 🏴 🇺🇸 🏴

     @z428 @HistoPol by design