Here we spot wild Bardfinn Bluesky activities.
Be valid and ping ! bardfinn for something worthwhile or create a new thread.
/h/bardfanns
BardWatch
She/Her
Anti-Hate-Brigade
3mo ago
(text post)
89 thread views
#324717
earned 56 coins from votes
Reported by:
- BushWasRight : BIPOC
Bard spotting on Bluesky 11 December 2024 
- 16
- 6
Jump in the discussion.
No email address required.
Ms. Penny Oaken, SkyWitch (@skywitches.net):
I have a tech question —
How does BlueSky create the — wait
atproto.com/specs/crypto...
Ms. Penny Oaken, SkyWitch (@skywitches.net):
How does BlueSky create the ECDSA signing & encryption keys?
Are these expensive, one-time (or very infrequent) key generations, or are these being generated relatively inexpensively on the fly by i.e. SSL acceleration silicon / cloud GPUs?
Ms. Penny Oaken, SkyWitch (@skywitches.net):
Setting aside the question of "But third parties could still see metadata network graphs (follows, likes, reposts)",
What I am wondering is,
How computationally (and thus financially) expensive would it be to use ECDSA encryption to swap ephemeral keys between parties
Ms. Penny Oaken, SkyWitch (@skywitches.net):
ATProto is built to be extended
How viable or how infeasible is the scenario where an account's bio/photos/text content is encrypted, the keys to that distributed to select others, to defeat drive-by screenshot / drop-in driven harassment
Ms. Penny Oaken, SkyWitch (@skywitches.net):
Would this be a viable "private account" option or is this making an account with 20k followers 20k times heavier on what might be the most computationally expensive feature of the service
Ms. Penny Oaken, SkyWitch (@skywitches.net):
Alice requests a keyswap from Carol
Carol approves the request
Infrastructure uses ECDSA & maybe some perfect forward secrecy to trade some PRNG / TRNG OTPs, held by each client / web session
… okay I'm seeing a difficulty. For every person let into the circle, that's a potential breach of the key
Ms. Penny Oaken, SkyWitch (@skywitches.net):
Because this isn't one-to-one, it's one-to-many (to-the-power-of), key management quickly becomes a problem, in that all recipients have to be disclosed the same key.
And there's ways to handle that with ACLs, but then we're at "why not just use Signal for that use case"
Ms. Penny Oaken, SkyWitch (@skywitches.net):
I had this idea bouncing around in the back of my head as a potential valueadd that bluesky premium might offer. From long before the current situation. This was just me finally having the impetus to rubberduck.
Jump in the discussion.
No email address required.
Boris (@bmann.ca):
Yes this is possible. My last company designed a private encrypted file system github.com/wnfs-wg
It uses a skip ratchet
Ms. Penny Oaken, SkyWitch (@skywitches.net):
This is novel stuff to me; my knowledge of pkm is circa 2001 era with a bit of "here's why pgp's web of trust is infeasible"
Time for me to start reading a lot
Thank you
Boris (@bmann.ca):
In which case, add @soatok.bsky.social's write up to your list.
Jump in the discussion.
No email address required.
More options
Context
Jesse (@misctakes.com):
I don't know anything about all this but is there a way that one could basically make a microblogging interface on top of Signal?
Ms. Penny Oaken, SkyWitch (@skywitches.net):
It already exists on Signal, but is a feature they call "Stories" and requires (at least, in the ios app) taking a photo or video.
support.signal.org/hc/en-us/art...
Ms. Penny Oaken, SkyWitch (@skywitches.net):
Well, that page says it can just be text, but my ios client was demanding a photo
Jump in the discussion.
No email address required.
Jesse (@misctakes.com):
Ah yeah I forgot about that! So there's a proof of concept there. Seems like combining that with the social graph here could be a viable path?
Ms. Penny Oaken, SkyWitch (@skywitches.net):
"In Theory". I recall last year reading threads in which the devs were telling people to use i.e. Signal for DMs because they were not up to the task of providing the same level of trust assurance / security assurance that Signal offers \ implementing that complexity of coding
Ms. Penny Oaken, SkyWitch (@skywitches.net):
We have DMs now — but IIRC they're not ATProto, but a separate chat message function
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context