DEV Community

Kelvin Kariuki
Kelvin Kariuki

Posted on

Developer take on: Who Owns Your ATProto Identity? Hint: It's Probably Not You

#webdev #programming #productivity #tutorial

In the decentralized world of ATProto, you might think your identity is inherently yours. But if your handle ends in .bsky.social, you might be surprised to learn that your digital self is still largely reliant on a single, centralized entity. This article dives into how ATProto identity truly works and empowers you to take full ownership.

Developer Take on: Who Owns Your ATProto Identity? Hint: It's Probably Not You

The promise of decentralized protocols like ATProto (the underlying technology for Bluesky) is radical interoperability and user ownership. No more being locked into a single platform, no more your identity being tied to a corporate database. Or so we're told. While ATProto certainly makes strides in this direction, a common misconception exists around who truly "owns" your identity, especially if you're using a default handle.

Let's unpack the layers of ATProto identity and see why, for many, the answer to "who owns your ATProto identity?" is still "partially a third party."

Understanding ATProto Identity: DIDs and Handles

At its core, an ATProto identity is composed of two main elements:

  1. Decentralized Identifier (DID): This is the immutable, unique identifier for your account, much like a public key. It's prefixed with did:plc: (for DID Portable Lightweight Container, the most common type initially) or did:web: (for DIDs resolved via a web domain). Your DID is the true, unchangeable root of your identity on ATProto.
  2. Handle: This is the human-readable username you use, like @alice.bsky.social or @bob.com. This is the part people see and use to find you. The handle maps to your DID.

The magic (and the potential pitfall) lies in how these two are connected and resolved.

The bsky.social Conundrum

When you sign up for Bluesky, you're typically assigned a handle like @yourname.bsky.social. This is convenient, but it introduces a subtle layer of centralization.

  • Bluesky PBC owns the bsky.social domain. This means that the resolution of your @yourname.bsky.social handle relies on Bluesky's infrastructure.
  • Delegated Trust: While your underlying DID (did:plc:xyz...) remains under your control (meaning you can move your data to another PDS), the human-readable handle points to a domain managed by Bluesky. If Bluesky were to disappear, change policies, or become inaccessible, your

Top comments (0)