Bluesky launching RSS feeds is a direct result of Bluesky not being a distributed protocol. Yes, I know, it's aiming to be federated. But there are fundamental issues with the protocol they decided to go with that is keeping them from creating a social network that actually has self-authenticating posts.
And all of this starts with their DIDs being a substring of the hash of your first post? It just doesn't make sense. In these kinds of systems you hash the data and sign the hash, then you can send a message that can be authenticated anywhere.
And thus, RSS is one answer I guess.
No one ever asked for an RSS feed of a Scuttlebot log back before that network was scuttled. Why? because you could authenticate the sender and the posts on your own computer.
While individual posts are not self-authenticating (largely because it makes deletion much more complicated) all of a users posts are in a merkle-tree that it itself self-authenticating. A Post and the merkle-proof to the root its a complete verifiable entity.
Our community can have the best of both worlds here. We can have the users sign their posts with a keypair on their own computer, and allow faux delete, and authenticate a merkle-tree back to the root.
Delete can't be real because someone will always have their phone out there ready to screenshot your post.
Imagine the @ protocol was
```<ed25519 Public Key><Signature>```
and that opened to
```
<timestamp><ed25519 Public Key><Previous Post Hash><Data Hash>
```
And the previous post hash could point to a post before a delete if we consider deletes to be real.
The hashes are used to lookup the post content, which we could also send with the message for the sake of convenience.
For key rotation we just need to sign a message pointing to our new keypair, no federated servers required! "My new key is EVxe89AeRwmTT0hfrT7sHe0wAuzvH9Yvg9TFUgqPh4M="
The fact that someone can screenshot something does not make deletion not real. Deletion is still valuable for many threat models and day-to-day situations humans run into.
As someone working on a p2p app that has done a lot of user research, I see it as a really good sign when a federated/p2p systems prioritize deletion, because I know based on my own research that it's something users care about and ask for.
100% agree with you. You can allow the illusion of a delete, and also allow messages to be signed using a keypair. When you build the merkle tree you stop linking to the deleted post and link to the next best non-deleted post.
BUT, if the content is already out there in a distributed system then you have to expect all of the nodes to respect your delete and not optimize for it.
And all of this starts with their DIDs being a substring of the hash of your first post? It just doesn't make sense. In these kinds of systems you hash the data and sign the hash, then you can send a message that can be authenticated anywhere.
And thus, RSS is one answer I guess.
No one ever asked for an RSS feed of a Scuttlebot log back before that network was scuttled. Why? because you could authenticate the sender and the posts on your own computer.