Internet Handle
internethandle.orgThe reason new social networks rarely adopt domain-based handles is that usernames are one of the few forms of “currency” they have.
Scarce handles create urgency. People rush to sign up and claim their first name, etc. With domain-based handles, that lever disappears.
It’s one of the most common growth tactics I see by social networks launching on BetaList.
Any time you want to sign up for any "open social" platform, you have to rush to claim your domain name. If someone else got there first, too bad. And that domain name applies to every app using this protocol. So no chance to claim it on another app, ever.
So what, exactly, is the difference between this and internet handles? In fact, isn't this worse?
I suppose the difference is that you only have to rush to claim your domain name (the DNS kind) once and then you get to use it for all "open social" platforms rather than doing that for your username on each platform.
What do you mean every time? You only need one. Plus theres loads of TLDs for different people to have similar names.
I do really enjoy the domain ownership method on bluesky, quick and easy, sorted. But due to the mostly centralized nature there still is a need to rush in there and get your handle on their domain username.bsky.social because still the majority of users believe/recognize the bsky.social handles as 'official'. The nice touch is once you have yours and then switch to your domain Bluesky keeps your previous bsky.social username reserved so you don't have to worry about it.
Another thing with the adoption is we still see tons of major corporate/media/notable entities on there not moving their account to their domain despite having one and it giving them the more obvious "verified" impression. I dunno what's going on in some of those marketing / digital dept's that they aren't jumping to verify on the domains.
Why not take it a step further and get cryptographically proven handle? Instead of relying on global top-to-bottom DNS system?
Because people don't like it if they can't reclaim their handle when their house burns down.
So just keep a passphrase encrypted backup offsite? Just because the tech doesn't do this contingency planning for you doesn't mean it's impossible.
Is this a real suggestion for social media users or just a fun remark on it being possible?
It was a more general remark about decentralized identity. I can't say if the average social media user wants or needs this kind of control over their identity, but I'd much rather have say my DNS tied to a cryptographic credential stored I manage than be delegated to a third party, able to say return a tampered OPENPGP entry to a specific IP without me ever knowing.
I'm pretty sure most people would prefer to be able to recover their DNS in case of catastrophic failure over 100% cryptographic security. The technical aspects of security are never the whole picture.
Or to put it another way: Not being able to recover access is not something most people will accept and if your technical security measures don't consider that they will be worked around. If people need to go through support to recover their DNS more often then support will be used to giving out access to people's account and that will also reduce YOUR actual security.
The point of cryptographic identity is, unless the primitives were fundamentally flawed, there be no way to recover it without the key material. Otherwise it's just another means of access control, like say a passkey or an ssh key, which are convenient but we usually allow some recovery options with.
Yes, it takes hard discipline--which may lapse no matter the level of experience--to setup offsite recovery with true cryptographic secrets, but it is possible. You can say backup a KeePass file to BackBlaze, protected by a 7-word passphrase. Now all you need for recovery is access to BackBlaze (so same as a centralized service) and your memory of the passphrase, with no one but you having access.
I don't know what the stakes are for most social media accounts or websites. But wouldn't it bring some peace of mind if say Graphene's registrar couldn't just press one button to serve malware on grapheneos.org, which you won't detect until you compare the hashes with say Twitter?
I would love for this to work!
Tried atproto and bluesky and left the whole ecosystem because the people who made and maintain bsky are shitty people that I don't want to be associated with.
I agree with the "get your own domain" part. But I'm done with the faux decentralization of bsky and wouldn't bother with the time and maintenance investment in any of the other supposed "social media" schemes like mastodon or nostr.
Just putting up my own social network on my own domain and treating it like a blog. Whatever else social media pretends to be useful for, I'm happy to ignore.
How come ActivityPub gets shit for making people pick a server, but nobody complains about the mythical "average user" who is supposedly incapable of figuring anything out on their own when ATProto services ask them to understand DNS?
(It's because ATProto services targeted at average users are effectively centralized, which means everyone else has to put up with whatever Bluesky says or lose their access to the bulk of the network.)
Bluesky doesn’t ask them to understand DNS, it just gives them a free subdomain to start with. This isn’t very different from how Gmail gives you a gmail.com address. But you can also move it to your own domain later and obviously it’s possible to build user-friendly interfaces for that.
Right, that's exactly my point; Bluesky provides a centralized alternative to using your own domain name. (And moving from a did:plc to something decentralized is no easier than moving from mastodon.social or similar large instance to a smaller one!)
To be clear, I actually think it's a good idea to let people associate their own domains with their accounts, but I find it frustrating that people act like ATProto is the only or first example of open social protocols, as this TFA does.