"Kinda" and "Soon", the soon part is that interactions with the site are signed by a key thats usually held for you by your PDS (Personal Data Server), this month we are opening things up more so you can run your own PDS, and thus use your own keys.
The Kinda part is that your identity by default is backed by a DID that delegates authority to specific keypairs. The keypair that your PDS uses to sign is included in there automatically, but on account creation you can currently set a backup keypair that allows you to manually sign identity operations.
I realize this may already be on the roadmap for after open federation, but I would love some sort of "bluesky for the truly paranoid (affectionate)" guide that explained soup to nuts how to participate in the network by running your own PDS and using did:web for identity. An answer to the question: I don't trust plc.directory for my identity and I don't trust the bsky.social PDS to host my data but I want to participate — how do I do that?
I have probably the least understanding of how this part of the protocol operates. Part of that has to do with the new (to me) concepts and the rest is open federation not being in place. I think something like this would be really useful and would prove your bonafides to others that Bluesky PBC is serious about being billionaire-proof.
The most straightforward way to fully use the network without trusting us at all would be to have your identity backed by a did:web, and run your own PDS. From there your posts will be indexed by our appView and you can see them in the app.
If you still don't trust our AppView to show you the right thing, you can definitely run your own (its a little hefty and requires indexing the whole network).
Beyond that, if you don't trust our relay to feed your AppView, you can run your own and have it scrape all the PDSs (the endpoints for this are open on each individual PDS).
At that point the app experience for you should be roughly equivalent (depending on how you choose to apply moderation actions) without using any of our infrastructure. You would still be able to interact with everyone, all your followers can still see your posts, and no normal users would notice you werent on the same servers as them.
Love it. A "choose your own adventure" depending on how much you distrust Bluesky PBC :)
My only feedback would be: I'd love to read a real deep dive on just bringing in your own did:web and using a custom PDS. The DIY AppView and/or Relay is super interesting, but that more straightforward concept of "you own your identity and you own your data" is such a powerful hook that I'd love to be able to share something straight from the docs.bsky.app domain on how to do it.
currently we support ed25519 and secp256k1 for signing, adding more key types isnt terribly hard, but does require coordination (everyone has to support it otherwise posts signed with that key type won't get propagated)
The Kinda part is that your identity by default is backed by a DID that delegates authority to specific keypairs. The keypair that your PDS uses to sign is included in there automatically, but on account creation you can currently set a backup keypair that allows you to manually sign identity operations.