I was right about ATProto key management

Summary

So, a while ago, I wrote a post called “Key Management, ATProto, and Decentralization” in which I complained about ATProto’s approach to decentralization. Since then, Blacksky has spun up an AppView, which makes it theoretically possible to have an actually decentralized experience on Bluesky. This was my line in the sand, stated many times; I would make an account when and only when it was possible to do so without using anything running on Bluesky-the-company’s hardware. So, today, I tried that. Let’s walk through the process: Set up the PDS software on a server I control. Because I use NixOS, this was basically trivial. Create a did:web. This means creating a public-private keypair; I initially tried following this tutorial from Mai Lapyst, but it’s very out of date, and doesn’t include a critical step, as we’ll see. With that did:web, upload the did.json document to my webserver and set the appropriate DNS entries. Easy enough, except that I also had to set the CORS header for the did.json. Create an account on my shiny new PDS. I was able to get an invite and create an account, but it was in the “deactivated” status, and I couldn’t activate it. It was very frustrating, because I was making requests manually with curl and reading the error outcomes in the PDS’s logs on my server. Oh, and by the way, none of this is documented. Sure, the individual endpoints are - kind of - but the only place the whole process is collected in one place is in the comments to this GitHub issue… which is closed as WONTFIX. Seek help in the ATProto Touchers Discord server, and at their advice delete the account (foreshadowing!). Start over and re-create everything from scratch, finally noticing the comment line in the comment on the closed GitHub issue telling me to replace the public key in my DID with the public key from getRecommendedDidCredentials. The documentation for that endpoint, by the way, reads in full: Describe the credentials that should be included in the DID doc of an...