All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

ATProto's Key Architecture Gives PDS Operators Full Control Over User Identity and Impersonation Capabilities

By

kevinak

6d ago· 5 min readenInsight
technologycustom: digital identity & securitycustom: decentralized protocols

Summary

This article critically examines ATProto (the protocol behind Bluesky) and reveals that Personal Data Server (PDS) operators hold users' signing and rotation keys, giving them full control to impersonate users across the entire ecosystem. The author argues this centralization risk is far more dangerous than previously thought, as PDS operators can change signing keys, control identity, and potentially lock users out or impersonate them across all ATProto-based apps.

Source

Hacker NewsATProto's Key Architecture Gives PDS Operators Full Control Over User Identity and Impersonation Capabilitieskevinak.se

Key quotes

· 3 pulled
Your PDS holds your signing key. It signs every commit to your repository. Every post, every like, every follow, everything.
The PDS also holds your rotation key, which controls your identity. It can change your signing key, change which P
ATProto gives your PDS operator full control of your signing and rotation keys, letting them impersonate you across every app in the ecosystem or kill
Snippet from the RSS feed
ATProto gives your PDS operator full control of your signing and rotation keys, letting them impersonate you across every app in the ecosystem or kill

You might also wanna read

Tranquil PDS: A Personal Data Server for the AT Protocol

This article introduces a Personal Data Server (PDS) built for the AT Protocol, the federated protocol powering Bluesky, Tangled, and other

tangled.sh·1mo ago

How ATproto's Protocol Design Prevents Platform Enshittification

The article discusses ATproto (the AT Protocol), which powers Bluesky, as a technological solution to prevent platform "enshittification" —

techdirt.com·26d ago

Psono: An Open-Source, Self-Hosted Password Manager for Teams Seeking Data Sovereignty

Psono is an open-source, self-hosted password manager that encrypts all vault data client-side before it reaches the server, offering organi

undercodetesting.com·4h ago

How to Self-Host a Bluesky Personal Data Server on Ubuntu VPS

This article provides a step-by-step technical guide for self-hosting a Bluesky Personal Data Server (PDS) on an Ubuntu VPS. It explains wha

blog.radwebhosting.com·27d ago

localpds: A DIY Project for Self-Hosting Your Bluesky PDS Locally

A work-in-progress project called localpds that enables users to host their own Personal Data Server (PDS) locally on their own hardware, cu

tangled.sh·18d ago

Federated Compliance Control: A Security Architecture for Multi-Cluster Kubernetes Environments

This paper presents Federated Compliance Control (FCC), a security architecture designed to address the fragmentation of identity, policy en

philarchive.org·25d ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.