I see a growing issue with the current way people interact with the internet. I don't mean picking what social media to use or using the right browser, I mean the way we access our online accounts.
You've probably seen, and likely used buttons like these to log into different websites:
It's called Single Sign On (SSO), and it's very convenient. Instead of managing a million different accounts for every website you use, we can use accounts that we already have and instead use those to log in, an obvious and easy solution. There does come a catch: by doing so, you now have multiple websites that rely on your Google, Twitter, Github, etc. account to be able to access that site.
There is also a horrible lack of proper moderation on these sites. For example, users on all of these sites are constantly falling victim to mass reports and get their accounts suspended or removed for days at a time. This creates the following problem: relying on single sign on leaves you vulnerable to losing access to all of your frequently visited sites. This is one such case:
Because this person used their Github account as their identity, getting banned on Github meant losing access to ALL accounts that relied on that single log in, creating a single point of failure. This single point of failure becomes even worse with the reality that these sites do not have proper moderation, an issue that plagues most, if not all, social media. This combination of issues turns your internet accounts into a house of cards, that you may be adding to every time you decide to log in using one of those buttons.
The solution to this problem shouldn't be to just go back to having a million accounts, nor to supplement those million accounts with a password manager (though you really should be using one). Single Sign On isn't the villain here, it's the account provider. Google, Twitter, Github are all proven to be too incompetent to be managing your online identity. The real solution is to use SSO with a provider that is actually trustworthy.
Bluesky's Solution
The people behind Bluesky propose this: you should be able to own not only your online identity, but your data as well. When you log into Bluesky, you're probably used to seeing this screen:
You probably didn't think twice about the "Bluesky Social" hosting provider. You're logging into Bluesky, so "Bluesky Social" makes sense. However, there is more to this. The "hosting provider" is essentially who owns your account. When you created your account on Bluesky, your new account now exists in one of Bluesky's data servers. However, Bluesky does allow alternate Hosting Providers to exist and sign into Bluesky. I run my own data server and this is what my login page looks like:
Since I am my own hosting provider, I put pds.minito.dev instead. This means that my data and identity are under my own control. Even if Bluesky were to ban me, my data and identity remain untouched, and I can continue to use other sites that I have used this SSO to log in with.
You, however, shouldn't need to concern yourself with running a hosting provider just to access funny Bluesky skeets. I like to picture a world where data servers like these can be community owned, where trust is local. Running these servers for a large number of people can be pretty cheap, if even a small number of people pitch in.
There is a growing number of websites that let you log in using your Bluesky account (leaflet.pub being one of them):
I hope even more sites implement a Bluesky SSO, as I feel more secure with this than any other account I use, by a large margin. I firmly believe that, as tech companies become more and more unruly, we need to be more concerned with protecting ourselves, both physically and digitally.
Conclusion
I feel it's very important that people are aware of this. Even if you don't currently feel threatened by the impact a company like Google could have on your life, you should be at least aware that a single rogue agent, human or bot, could restrict your access to all of your accounts that you feel ownership over. If you are concerned, then please support these new technologies that want you and your data to be safe and in your control.