谁拥有你的 ATProto 身份？提示：很可能不是你

谁拥有你的 ATProto 身份？提示：很可能不是你
Who Owns Your ATProto Identity? Hint: It's Probably Not You

原始链接: https://kevinak.se/blog/who-actually-owns-your-atproto-identity-hint-its-probably-not-you

作者认为，Bluesky 的底层协议 ATProto 因个人数据服务器（PDS）管理用户身份的方式而存在重大安全风险。由于 PDS 持有用户的私钥及轮换密钥，服务器运营商对用户身份拥有完全控制权。这造成了一个极高风险的漏洞：运营商可以在整个 ATProto 生态系统（包括代码库、博客平台和社交信息流）中通过加密手段伪装成用户。与传统平台（如推特封号仅限于平台本身）不同，被入侵或恶意运作的 PDS 可以彻底“抹杀”用户在所有集成应用中的身份，并引发供应链攻击。尽管该协议旨在实现去中心化，但目前仍依赖于用户对 PDS 提供商的盲目信任。作者指出，该系统以牺牲用户真正的自主权为代价，换取了外包密钥管理的便利性。为降低这些风险，作者呼吁将“自主控制”的轮换密钥设为账户创建时的强制默认选项，而非可选设置。作者警告称，如果不进行这些改进，整个生态系统的安全性将依然脆弱不堪，导致第三方运营商掌握的权力甚至超过了传统的中心化平台。

这篇 Hacker News 的讨论围绕文章《谁拥有你的 ATProto 身份？》展开，引发了关于 AT Protocol（Bluesky）中心化风险的辩论。核心观点包括： * **所有权困境：** 一些人认为用户并不担心第三方控制（类似于他们对 GitHub 的依赖），而另一些人则警告称，中心化仍然是一个根本性的陷阱。 * **潜在解决方案：** 评论者讨论了通过自托管个人数据服务器（PDS）来重获自主权。也有人提议通过区块链进行去中心化身份管理，但批评者质疑了密钥恢复的可行性，以及非金融网络中缺乏参与激励的问题。 * **协议对比：** 讨论强调了 ATProto 与联邦宇宙（Fediverse）之间的权衡，指出虽然联邦宇宙提供了去中心化，但却饱受碎片化和资金不稳定的困扰。 * **Bluesky 的现状：** 参与者对该平台的健康状况争论不休，一些人以用户增长停滞作为其失败的证据，而另一些人则为该协议持续的开发和技术活跃度进行了辩护。归根结底，共识在于：尽管 ATProto 为社交媒体提供了一种新模式，但用户对潜在的中心化风险以及此类去中心化身份协议的长期可持续性仍持谨慎态度。

原文

After writing my previous article about Bluesky's centralization risks, I got into the weeds on how the PDS (Personal Data Server) works. The more I looked at it, the worse it got. I was originally worried about Bluesky going rogue and deleting accounts or locking people in. It's actually the least scary thing your PDS operator can do to you.

They can be you

Your PDS holds your signing key. It signs every commit to your repository. Every post, every like, every follow, everything. The PDS also holds your rotation key, which controls your identity. It can change your signing key, change which PDS your account points to, basically take full ownership of your DID (your permanent decentralized identifier on ATProto).

Your PDS operator can post as you, like things as you, follow people as you, and it would be cryptographically indistinguishable from your real activity. The signatures are valid. The commits are properly formed. As far as the protocol is concerned, you did it.

With a traditional platform, the blast radius is scoped. If Twitter's database admins wanted to post as you, they could mess with your tweets. Bad, but contained.

On ATProto, your PDS doesn't just store your Bluesky posts. It stores everything. Your git activity on Tangled (a git collaboration platform built on ATProto), your social interactions on Grain, your writing on Leaflet, whatever comes next. Every new ATProto app writes to the same repo, signed by the same key, controlled by the same operator. So whoever runs your PDS can impersonate you across every application in the ecosystem.

Say a popular third-party PDS host signs up a few thousand developers. The operator now holds the signing keys for every single one of those accounts. They could post inflammatory takes from well-known developer accounts. Grant themselves push access to repositories on Tangled, opening the door to supply chain attacks. Publish blog posts on Leaflet. All of it signed, all of it valid, all of it indistinguishable from the real thing. Across every ATProto app, not just one.

And it works the other way too. If you do something your PDS operator doesn't like, they can kill your identity. Not just your Bluesky account. Your ability to post, commit, publish, or interact across every ATProto app. On a traditional platform, getting banned from Twitter doesn't touch your GitHub. Here, one operator's decision can lock you out of the entire ecosystem. Your data might still exist in backups or on the firehose, but your identity is dead. You can't use it anymore.

It's not the data, it's the keys

The repo data itself isn't the issue. It's all public anyway, broadcast on the firehose (ATProto's real-time data stream) for anyone to crawl. Compromise a relay (the service that aggregates and rebroadcasts network data) and you get a copy of public data you could already access. Compromise a PDS and you get the ability to act as every user hosted on it.

An attacker, a state actor with a warrant, or a rogue employee doesn't just get read access. They get the signing keys to create new activity and the rotation keys to lock users out of their own identities. One signing key, every app. And every new ATProto app that launches adds another surface where a compromised key can do damage.

The system trades convenience for sovereignty. I get why. Key management is hard, and most users will never want to deal with it. But the consequence is that the entire system's security rests on trusting your PDS operator, and that makes it brittle. One compromised or malicious operator and every account on that PDS is exposed, across every app.

What should change

You can enroll a self-controlled rotation key with higher priority than your PDS's key. If you do this, your PDS can still sign things as you, but at least it can't lock you out of your own identity. You could rotate the signing key, point your DID at a new PDS, and move on. But it's not the default, so the vast majority of users will never do it.

This should change. Backup rotation key enrollment should be part of the default account creation flow. It should be built into the clients, not just the API. Users should have a clear way to audit what their PDS has signed on their behalf. And the ATProto docs should spell out what it actually means that your PDS holds your keys, because right now most users have no idea.

ATProto asks you to put more of your digital life under a single identity, hand the keys to that identity to someone else, and trust that they'll be good. The protocol's decentralization promises are real at the architectural level. But at the key management level, it's a level of trust that would make even a centralized platform blush.