Introductions and kick off

bmann.ca · September 25, 2025, 8:02pm

Welcome Travis. We’re doing it this time!!!

angrydutchman.peedee.es · September 27, 2025, 5:40pm

Already posted a few things but figured I’d do the intro as well. Anyway! Hi, I’m Ben, aka the AngryDutchman. Middle-aged (50’s close, so close) devops engineer currently working at a company doing IoT and edge things. I develop in the ancient language of Perl, and in my “copious” spare time I tinker with ATproto things.

I’m interested in the private data part mainly because the past few months we’ve been working on something that resembles the way ATproto works, and my geek heart flutters when I consider the possibility of just using ATproto for this funky IoT/edge/building management thing. The only thing missing is actual private data (private as in, permissioned and encrypted). So that’s why I’ve stuck my nose in

bmann.ca · September 27, 2025, 7:06pm

Welcome!

Encrypted in what way and to support which use cases you are wanting would be useful to write up in a separate thread.

moth11.net · September 29, 2025, 2:36pm

hi i’m rachel!
my app is basically the group chat use case, and i’m personally not soooo interested in the private / permissioned stuff yet, but i think i got half or maybe a quarter of it for free, since i use a hybrid atproto / custom protocol. the app is real-time texting, so the communication happens off of atproto in a bidirectional websocket where the client sends the edits to their message, and atproto is just there if you want for verification of identities & chat history. the normal flow is: given a channel record that you’d like to connect to which has a host field (example.com), you do example.com/xrpc/org.xcvr.actor.resolveChannel?uri=at-uri to get the websocket url. so this xrpc request could require auth, and my thought would be if you’re not logged into the host’s appview, it could give you a challenge and then you post a record with the hash of the (challenge + nonce) to your repo & make the request again with the challenge response uri and nonce (or whatever other mechanism we decide upon to prove ownership of repo + knowledge of challenge token). is there some sort of challenge & response community lexicon? ideally once there are more options for permissioned stuff it wouldn’t get aggregated into the firehose, host appview would just get the challenge response record directly from your pds
nothing special but i figured i should stop by and say hi & add my 2 cents

bmann.ca · September 29, 2025, 2:49pm

Welcome, thank you for sharing!

Everything is going to be “off protocol” until it isn’t - great to have your example.

jauntywk.bsky.social · September 29, 2025, 9:27pm

Greetings fine folk! I’m chiming in to share a use case.

Like many I use structured-tags+markdown MDX for note taking, with ideas or days having their own notes. Ideally I would like to be able to publish notes directly to my PDS as I author them, in a secure fashion. Then at latter points in time, I would like to be able to give decryption keys to select people (out of band is fine for now) or to everyone!

Ideally I’d love it this could be more than an all or nothing proposition. I think Sops tool is a pretty good example of this sort of capability, where individual fields in json or yaml can be encrypted/decrypted. This would need a more structured data than simple MDX, but conceptually is something I want in the toolkit. Ideally, IMO, it works recursively too: one could apply one decryption to a field, and get another structured object which has it’s own mix of encrypted & un-encrypted content, using similar or different keys. GitHub - getsops/sops: Simple and flexible tool for managing secrets

Couple other aspects of this: I’m not super concerned about resolving which keys work with what. For my use case, I’d be happy to have a keyring that tries the various keys I have. It feels like it would leak info I’d rather not leak for encrypted data to in some way identify what key is to be used. Longer term I think it’d be lovely to see a lexicon for associating given keys with decryptable content.

bmann.ca · September 30, 2025, 2:41am

Welcome Jaunty!

I’m committed to doing a write up of the public posts version of this use case! e.g. Obsidian plugin → (notes lexicon) → knowledge graph. Talking to Cosmik / Leaflet about this (I am still a Logseq user, too, but that’s a whole longer discussion!)

I, too, would like the variable privacy / collaboration version – what you describe is pretty much accomplished as an example in Groundmist https://groundmist.xyz

david.frasergo.org · November 14, 2025, 1:19pm

Hi, I’m David, based in Cape Town, South Africa, and working on domain-specific social networks (first use case being a food-focused one with Recipe sharing), being built with atproto and a lot of the bluesky source code base. I’m primarily interested in people being able to share stuff with their network of real-world contacts, without making it public - similar to a Facebook post shared with friends only. Being able to do that in a context that doesn’t require moderation means not having end to end encryption. Being able to manage permissions in a fully distributed system is complex as Paul Frazee’s leaflets outline helpfully.
I’m also secondarily interested in people being able to decide more about the consumption of their data - are they willing for it to appear in other apps/networks/feeds, or given the non-public nature do they want to limit those to ones they trust?

bmann.ca · November 15, 2025, 6:40am

Welcome David, thanks for the intro.

Can you say more about this? It’s also my intuition that we need to ship “classic server private data” that isn’t encrypted and I’d like to understand your point of view here / use cases you’re thinking of.

kjetil.kjernsmo.net · November 20, 2025, 11:01pm

All, I’m catching up here, and though I introduced myself to some of you in Berlin, let me briefly present what I’m thinking in this context.

So, first, I’m not so much thinking in terms of “private”, but rather in “collaboration”, because I think you need a good system for reads and writes in all but trivial cases when you’re putting together a group to do stuff. And social media to me should be all about doing stuff together.

With that in mind, I have some priorities:

Design a system that end-users will be able to use safely. It does not matter if you build a bomb-proof E2EE system if the security usability is terrible, in the extreme case that end-users understand so little of it they all they feel that they can do is to grant all privileges to everyone. Thus, my feeling is that we need to do proper user studies to ensure that we get this right. I’m writing this in my grant proposals.
In the same vein, I’m particularly concerned that the protocol has the primitives it needs to ensure that users aren’t forced to overpermission. I’ll get to my ideas around this once I have managed to catch up to what people have proposed.
Then, with that in mind, the DevX also needs a lot of work. Oh, and yeah, I have a background as one of the editors of the Solid protocol, and fought a losing battle over that for several years.

And then I have things that are not my priorities:

Enterprise use cases. I believe the world isn’t crying out for the concerns of the enterprise, but for where we are doing stuff in our daily lives.
I also believe that if you go to the most extreme of the private data spectrum (“data vault”), you will be forced to make compromises that negatively affect the use cases where data isn’t terribly sensitive, it just isn’t for everyone to look at or modify. That is not to say those use cases aren’t very important, it is just that the really useful things that could make my life so much easier and help me break free from Big Tech isn’t in that area.