Who Owns Your ATProto Identity? Hint: It's Probably Not You
Key takeaways
- After writing my previous article about Bluesky s centralization risks, I got into the weeds on how the PDS (Personal Data Server) works.
- The PDS also holds your rotation key, which controls your identity.
- Your PDS operator can post as you, like things as you, follow people as you, and it would be cryptographically indistinguishable from your real activity.
After writing my previous article about Bluesky s centralization risks, I got into the weeds on how the PDS (Personal Data Server) works. The more I looked at it, the worse it got. I was originally worried about Bluesky going rogue and deleting accounts or locking people in. It s actually the least scary thing your PDS operator can do to you.
Your PDS holds your signing key. It signs every commit to your repository. Every post, every like, every follow, everything. The PDS also holds your rotation key, which controls your identity. It can change your signing key, change which PDS your account points to, basically take full ownership of your DID (your permanent decentralized identifier on ATProto).
Your PDS operator can post as you, like things as you, follow people as you, and it would be cryptographically indistinguishable from your real activity. The signatures are valid. The commits are properly formed. As far as the protocol is concerned, you did it.