ATProto Permissioned Data Proposal Draft
danabramov
35 points
4 comments
June 23, 2026
Related Discussions
Found 5 related stories in 122.4ms across 11,417 title embeddings via pgvector HNSW
- At Protocol: Building the Social Internet resiros · 78 pts · April 29, 2026 · 57% similar
- I'm betting on ATProto speckx · 101 pts · March 30, 2026 · 51% similar
- Who owns your ATProto identity? kevinak · 163 pts · June 21, 2026 · 50% similar
- Cirrus: ATProto Personal Data Server That Runs on Cloudflare Workers gurjeet · 12 pts · June 20, 2026 · 49% similar
- AWS Bedrock to require sharing data with Anthropic for Mythos and future models TomAnthony · 401 pts · June 10, 2026 · 47% similar
Discussion Highlights (3 comments)
danabramov
Rendered Markdown: https://github.com/bluesky-social/proposals/blob/permissione... Note this is an early draft and will likely change, as PR description says.
pzmarzly
That would enable private repos on https://tangled.org/ , right?
skybrian
The proposed system would have centralized permission-checking (by the "space host", as authorized by the "space authority") and distributed storage (in each user's PDS). But applications would likely keep a full replica of all the user data in the space: > Permissioned data sync is functionally similar to public atproto. Applications build views by pulling repos from their hosts. The major difference is that there is no relay to provide a collated firehose of data for the network as permissioned repositories are by their nature non-rebroadcastable. An application pulls directly from each repo host and is responsible for keeping its own copy in sync. So it seems like the PDS wouldn't normally be doing all that much. It might seem more efficient to remove the PDS from the design? Except that it does mean you don't need to export your user data from an application. Instead, you already have a full copy of the data in your PDS. I wish Google Photos made syncing all my photos to backup storage this easy and automatic! It also makes migrating the space to a different app easier. But who controls the migration depends on what kind of app it is. If it's single-user then the user is also the "space authority" and they can switch to a different app whenever they want. For a multi-user space, the "space authority" is someone else. In order for this system to make sense, you need a PDS host and at least one application that you trust, and ideally they would be independent. It doesn't do anything in particular to prevent misuse of your data by your PDS host or an app, but it does ensure that you have a separate copy of anything you upload, and you can migrate to a different app. Maybe compare with phone number portability or switching to a different domain name registrar. (Incidentally, I might have posted this comment on Bluesky, but at 1795 characters it's far too large to post there.)