shazow pfp
shazow
@shazow.eth
How can open social protocols fail us? I put together an analysis comparing several specific failure modes between Farcaster, Bluesky, and Mastodon. Please let me know if any of the protocol descriptions could be presented more fairly! https://shazow.net/posts/open-social-2025/
6 replies
9 recasts
32 reactions
Dan Romero pfp
Dan Romero
@dwr.eth
nice write up Is the PLC sovereign right now? I thought it was placeholder / controlled by the core team.
1 reply
0 recast
2 reactions
shazow pfp
shazow
@shazow.eth
1 reply
0 recast
1 reaction
Dan Romero pfp
Dan Romero
@dwr.eth
Seems much more centralized than Farcaster is today (our smart contracts don't have admin keys that can change the data)
2 replies
0 recast
0 reaction
boscolo.eth pfp
boscolo.eth
@boscolo.eth
for the example you site, the same is true for PLC. You have to have the keypair that created the DID:plc to update the DID:plc.
1 reply
0 recast
1 reaction
Dan Romero pfp
Dan Romero
@dwr.eth
Who runs the server for the PLC
1 reply
0 recast
0 reaction
boscolo.eth pfp
boscolo.eth
@boscolo.eth
why does that matter for the example you sited? Once you have a DID it's cryptography that defines how valid it is.
1 reply
0 recast
0 reaction
horsefacts đźš‚ pfp
horsefacts đźš‚
@horsefacts.eth
Can I inspect the PLC code? Is it possible for a human to change it? How would I tell if they did? Can they change anything or are they constrained? What happens if the web service is unavailable? How redundant is it? Who pays the bill to keep it running? A smart contract seems better on all of these dimensions.
3 replies
0 recast
1 reaction
shazow pfp
shazow
@shazow.eth
The output of the directory is "self verifying" state transitions. Think of it like a centralized DA and sequencing. The infra that consumes it checks that signatures match up for the state transitions (eg key A signs over permission to key B). The main failure mode is same as DA/sequencer disappearing, would need social coordination to move to another DA/sequencer. https://warpcast.com/shazow.eth/0xfeba2af0
2 replies
0 recast
2 reactions
Dan Romero pfp
Dan Romero
@dwr.eth
What happens if the server is unplugged.
1 reply
0 recast
0 reaction
shazow pfp
shazow
@shazow.eth
"The main failure mode is same as DA/sequencer disappearing, would need social coordination to move to another DA/sequencer." There is lots of third party infra that has snapshots to operate (and integrity can be verified), plus ownership could be re-asserted from the PDS side too if the PLC is entirely disappeared for some reason. (Not saying this better than onchain! It's basically the best it can be without being onchain, and moving onchain would be very easy.)
1 reply
0 recast
1 reaction
Dan Romero pfp
Dan Romero
@dwr.eth
Where can I get access to the private key for the PLC? What % of users back it up? What happens if Bluesky app and PLC go down?
2 replies
0 recast
0 reaction
shazow pfp
shazow
@shazow.eth
1. I believe you started with a custodied private key and sign over some permission to a new private key that you hold. 2. Not sure, rn it's coupled to running your own PDS but it's not a design constraint, could have key management live in the app or onchain or whatever. 3. What I wrote in my article:
1 reply
0 recast
0 reaction
Dan Romero pfp
Dan Romero
@dwr.eth
Cool. I'd point out that 100% of Warpcast users have a user-controlled key, many in a Passkey. A custodied private key that <1% of users has backed up is effectively a centralized auth token. Practical reality matters! :)
1 reply
0 recast
0 reaction
shazow pfp
shazow
@shazow.eth
Agree! I'll dig in more at the state of Bluesky and think about adding another note about this. It's totally fixable but I suspect "not a priority rn" as they say. đź« 
0 reply
0 recast
2 reactions