Be Wary of Bluesky

Source: Hacker News

In 2023, Bluesky’s CTO Paul Frazee was asked what would happen if Bluesky ever turned against its users. His answer:
“it would look something like this: bluesky has gone evil. there’s a new alternative called freesky that people are rushing to. I’m switching to freesky”

That’s the same argument people made about Twitter. “If it goes bad, we’ll just leave.” We know how that played out.

The promise

Bluesky is built on ATProto, an open protocol. The pitch is simple: your data is yours, your identity is yours, and if you don’t like what Bluesky is doing, you can take everything and leave. Apps like Tangled (git hosting), Grain (photos), and Leaflet (publishing) all plug into the same protocol. One account, many apps, no lock‑in.

It sounds great. But look closer.

Where your data actually lives

When you use any ATProto app, it writes data to your Personal Data Server (PDS)—your Bluesky posts, your Tangled issues, your Leaflet publications, your Grain photos. All of it goes to the same place.

For almost every user, that place is a server run by Bluesky.

You can self‑host a PDS, but almost nobody does. Bluesky’s PDS works out of the box with every app—zero setup, zero maintenance. Self‑hosting means running a server, keeping it online, and gaining nothing in return.

Migration tools exist; you can move your account to a self‑hosted PDS for as little as $5 /month. Bluesky has made this easier over time and even supports moving back. However, this only works if you act before the door closes. If an acquirer disables exports, the tools are moot. History shows that almost nobody takes proactive steps to protect their data.

The flywheel

Every new ATProto app makes the problem worse, not better. Each app tells you “sign in with your Bluesky account,” which really means “write more data to Bluesky’s servers.” The more apps that launch, the more users depend on Bluesky’s infrastructure, and the less reason anyone has to leave.

The protocol doesn’t distribute value across the network; it concentrates it. Developers build features on top of Bluesky’s infrastructure for free, making it more indispensable with every app that ships.

Bluesky can claim the moral high ground: “We’re open! We’re decentralized! You can leave whenever you want!” Meanwhile, the switching cost rises daily.

The chokepoints

Bluesky controls almost every critical layer:

• The Relay – All data flows through it. Bluesky runs the dominant relay. Whoever controls the relay controls what gets seen, hidden, or deprioritized. Third parties can run their own, but without users, it matters little.
• The AppView – Assembles timelines, threads, and notifications. Bluesky runs the main one. If it goes down or turns hostile, every dependent client breaks.
• The DID Directory – Your ATProto identity resolves through a centralized directory run by Bluesky. They’ve called it a “placeholder” since 2023 and said they plan to decentralize it, but no timeline exists.

At every layer, the answer is “anyone can run their own,” yet almost nobody does.

The Gmail problem

Email is an open, federated protocol. Anyone can run a mail server, but in practice running your own is painful, so most people use Gmail. The protocol being “open” didn’t prevent centralization.

ATProto might be worse. With email, each app connects to your server. With ATProto, each new app adds more data to the same centralized PDS. The open protocol becomes a centralization flywheel.

What happens in an acquisition

If someone buys Bluesky, they now control:

• The PDS for nearly every user
• The main relay
• The main AppView
• The DID directory that resolves every identity

They could disable data export, cut off third‑party apps, shut down federation, insert ads, shadow‑ban users, or deprioritize content. The blast radius isn’t just Bluesky the social network; it’s every app in the ecosystem—your git issues on Tangled, your posts on Leaflet, your photos on Grain—all stored on infrastructure now controlled by the acquirer.

The protocol says you can leave, but the company that just paid billions for the network has no incentive to let you.

Closing thoughts

I like Bluesky. I use Bluesky. The team seems to genuinely care.

But every counter‑argument to the concerns above rests on the same foundation: technically, users can leave; technically, you can self‑host; technically, you can run your own relay. The capability exists at every layer, yet people don’t do these things—never with email, RSS, XMPP, or any protocol. The default wins. Always.

And then there’s the money. You don’t raise $120 M at a $700 M valuation to run a public utility. Those investors need a return, which comes from monetizing users, getting acquired, or going public. All three create pressure to consolidate control, not distribute it. A truly decentralized network where users can freely leave is worth less to an acquirer than one where they can’t.

The Public Benefit Corporation (PBC) structure is supposed to be the safeguard, but PBC obligations are vague and untested in court. When $120 M in VC money is on one side of the balance, guess which way it tips.

The protocol can’t save you from incentives.