First Impressions of Bluesky's Brand New iOS App


Created when Jack Dorsey was CEO of Twitter, Bluesky is a kind of social network reimagined as an open protocol, called AT Protocol.

An app for iOS was released this week, giving the public the first taste of what the developers — who at some point in the past emancipated themselves from Twitter — are up to.

For now, access to Bluesky is by limited invitation only. I got one and now tell you what this “blue sky” alternative to Twitter is like.

Bluesky’s app is a sort of Twitter reduced to the bare minimum needed for the basic social networking experience.

In some areas, such as the welcome screen, it is evident that it is a half-baked thing at this point, still lacking the polish that is expected from finished, ready for the general public apps.

After registration, which, I repeat, only works for those who have an invitation, what is revealed is a pretty forgettable social networking experience along the lines of Twitter:

As for content, the first few hours of Bluesky presented me with lots of posts and “RTs” from Jay Graber, CEO of Bluesky, posts from Brazilians, and pictures of the blue sky.

A word about protocols

An important detail of Bluesky is the username. Mine, for example, became The part after the first period is a domain.

Yes, you have seen this: it is a similar structure to Mastodon, which is based on another open/decentralized protocol, ActivityPub.

Like Mastodon, you will be able to install Bluesky on different servers and the user will have power over their data, to migrate to another server/instance leaving nothing behind.

Bluesky CEO Jay Graber, in announcing the “private beta” program, listed the features the team intends to highlight in the coming months:

The goal of the Bluskey app is more to be a proof of concept than anything else.

In announcing Bluesky’s private beta, Graber said that:

We expect the app to serve as a reference client for developers to learn how to build on atproto, as well as a landing place for users to see how a decentralized social app can be pleasant to use, customizable, performant, and safe.

The mastodon in the room

All this would be revolutionary if we didn’t already have Mastodon. The promises of both ActivityPub and AT Protocol are very similar, and ActivityPub has the advantage of being a de facto standard and not being owned by a private company.

Bluesky’s app is rudimentary, but functional. Even though it works differently, it reminds a lot of Domus, the one based on Nostr, another open protocol.

It is too soon to say what Bluesky is about. The first impression is… ok? Congratulations, that’s a nice you have there, but why someone would choose it over Mastodon/ActivityPub, or even over Twitter, is the big question still unanswered.

Click here to download Bluesky for iOS. To get on the waiting list for an invite, just leave your email address on the official site.

With (Far) Fewer Followers, Mastodon Generates More Engagement Than Twitter. Why?


A recurring comment from people who post stuff on the internet and give Mastodon/fediverse a try is the (high) engagement and reach they get there.

Even with much smaller audiences than at Twitter, posts usually get more likes, “boosts” (RTs), and clicks. How can that be?

Wall Street Journal tech columnist Christopher Mims has a good hypothesis:

To me, the answer is pretty simple: Twitter tries to aggregate as much attention as possible around stuff that goes mega-viral.

There are only so many minutes in the day. So for stuff to “blow up big” necessitates that most of the rest of the posts from people we might actually want to hear from must go unseen.

The logic of the fediverse is to deliver the content that someone asked to receive, as in following other people, without an opaque filter (the “algorithm”) in between.

This logic pulverises the attention distribution — less viral content that gets on TV and even your grandma knows about it, more small, organic content spreading across the web in niches. More diversity, more inclusion, more chances for more people to be heard.

Discuss @ Hacker News.

A Brief Introduction to Nostr


“A milestone for open protocols…” This is how Jack Dorsey, co-founder and former CEO of Twitter, announced the arrival of the Damus app, a Nostr protocol client, in the App Store/iOS.

Nostr has generated buzz in developer groups, bitcoin addicts, and a crowd very suspicious of their own shadows. The reason: Nostr brings an alternative to commercial social media that, in the words of its creators, would be “truly censorship-resistant.”

But Nostr isn’t a new social network. Nostr is a protocol, something more like the web (HTTP/S) and email (IMAP/SMTP) than Twitter or Instagram.

In practice, Nostr is a foundation on which developers build applications. Its main differentiator is the authentication system, based on cryptographic keys. Experts praise the simplicity of the protocol, which in theory facilitates the development of apps.

(Hold my hand and come with me because now things get a little weirder).

To create a profile/an identity in Nostr, you need to enter or create a pair of keys:

Both keys are jumbles of letters and numbers. It is like that code from Nintendo’s virtual network, only (much) worse.

Want to follow me on Nostr? Search for npub1wa406lmdvfctavg3qgwauwrg228ylvskcyj0prfh48e0xwv6aensyv5n87.

Yeah, I know.

Three screenshots of different screens of Damus app for iOS.

With your private key, you can log into any app and feel at home with your content and connections.

Another difference of Nostr to conventional social networks is that the structure is based on “relays,” as if they were “nodes” in a peer-to-peer network.

“[Relays] allow Nostr clients to send them messages, and they may (or may not) store those messages and broadcast those messages to all other connected clients,” says, a good interactive Nostr tutorial.

In you can see the active relays in real time and details such as latency and country of origin. At the time of writing this there are 282 active relays worldwide.

I created my profile in the Damus app and then logged into Iris, a web application (see my profile). And… it works!

When I logged into Iris, I could see the system communicating with the relays — my posts didn’t appear immediately. In one corner of the screen of both apps, Iris and Damus, you can see the number of connected relays.

A screenshot of Iris, a web app for Nostr.

Both apps are very reminiscent of Twitter, with a timeline, posting box, and direct messages, which here are encrypted end-to-end.

It doesn’t have to be this way, however. Being a protocol, Nostr allows the creation of very different apps on top of it.

On this site and in this list are different apps based on the protocol, such as Jester, a chess game, and Alby, a bitcoin wallet.

Nostr is a kind of “end-of-the-world protocol,” designed for extreme situations where absolute mistrust reigns between those involved — users, relays, and app providers.

If in Twitter you have to trust Twitter, and in Mastodon, the administrator of your instance/server, none of this is necessary in Nostr. The protocol is truly decentralized and its using, although connected, is independent of other parties.

Even the identity verification system, called NIP-05, is independent of external validations. It is done based on DNS records.

To the creators and promoters of Nostr, the great appeal is an almost full resistance to “censorship”. We know where this conversation is taking us, and… it’s not a good place.

Despite the support of influential people in the industry, like Jack Dorsey, Nostr sounds at the moment like something too complex for mass adoption — far more complex than Mastodon, for example — and without much appeal to normal people who just want to have a laugh on Twitter and look at pictures of celebrities, food, and friends on Instagram.

Much of the complexity lies in the pair of keys thing. Which is not new; This is a recurrent thing among those who work with servers and development. Although they have many advantages, it’s risky and difficult to understand for those who are not in the business.

It is no wonder that commercial apps often use abstractions, such as login and password, to make it easier for more people to use them. If people can’t keep passwords, imagine a kilometer-long pair of cryptographic keys?

My bet? It might work, but it will be niche, like other creative little protocols that pop up from time to time, such as Gemini, an alternative to the web that looks like the web of the 1990s.

When Social Media Moderation Becomes Our Responsibility


Being in the fediverse today is a familiar and weird experience at the same time.

On the surface, it’s all very similar to Twitter and other social networks. Yes, the system for following/finding someone is kind of clunky and there are unique features and conventions there, like the “content warning” and the emphasis on image descriptions. These details are quickly learned, though.

Things can get (and do) more complex.

Time and again, differences emerge between instances (themselves, a difficult concept to explain) and groups of users, such as long-time users and newcomers coming from Twitter. And although the power dynamics are good, better than those of commercial alternatives — decentralized, with distributed power — this doesn’t mean that the architecture is ready or does not need adjustments, improvements.

One obvious, long due is to give more transparency to instance blocking.

Instances, or communities, have the power to block each other. And they, or most of them, make use of this power. Which is great: the social network Gab, that one for white supremacists? It’s Mastodon under the hood, which doesn’t mean much because almost all other instances preventively block it.

So far, so good. The problem is that reporting these blocks is right now at the discretion of the instance administrator. There is no way for anyone to know about the blocks done on their behalf, nor about the blocks of other instances to theirs.

And, at the very least, Mastodon should notify members involved in cross-instance lockouts. This helps users to be aware of the administration’s actions and make informed decisions to stay or migrate instances. (Migration is a smooth process and you don’t lose followers by doing it.)

A practical example. In late 2022, Brazilian instances blocked another, called Ursal. Some administrators, such as Donte’s and Bantu’s (both in Portuguese), published posts justifying the decision. We cannot tolerate certain abuses, and we are all grown ups with limited time. The omission of the administration of one instance requires the administration of other instances to moderate other members about basic civility practices. This isn’t sustainable, and it’s also pretty lame.

Nothing wrong with blocking instances with bad admins. The problem is that I only found out about the blocking when it was already in effect. The account for my Portuguese-written blog was at Donte and, as much as I now agree with the admin’s decision and praise his hard work, this decision affected the relationship I had with people at Ursal, who, like me, were not aware of the troubles of Ursal admin. We were taken by surprise with the breakdown.

When I migrated my blog’s account to its own instance, re-establishing contact with Ursal, someone from Donte questioned me:

Is Ursal blocked on Donte? I had followers and followed people from there. Does this mean that our communication is no longer possible?

Yes, it means exactly that.

A global and automatic notification system would avoid this kind of unpleasant surprise. There’s nothing like that on Mastodon roadmap, although a (great) feature suggestion was made on GitHub two years ago.

Nevertheless, despite everything, the decentralized fediverse/Mastodon model has been better than Twitter’s centralized one. If on Elon Musk’s network the abuses run wild and are only stopped at the threshold of absurdity (if ever), here on the other side, with ordinary people in charge, dialoguing, playing politics, making mistakes and learning, and trying to get it right, the environment in general is more harmonious, more pleasant.

Rushes like this involving Ursal are inevitable. We are, after all, people trying to find a common denominator to live together in an environment where communication is limited, one to many, unnatural. With patience and good will, however, we will go far.

Was this Brazilian major app bypassing Apple's location privacy on iOS?


One of the biggest Brazilian apps/startups, iFood, was peeking at iOS users location when it should’ve not.

A reader of Manual do Usuário (my Portuguese-written blog) noticed the glitch/bug while using iOS 16.2.

iFood, Brazilian largest food delivering app evaluated at USD 5.4 billion, was accessing his location when not open/in use, bypassing an iOS setting that restrict an app’s access to certain phone’s features. Even when the reader completely denied location access to it, iFood’s app continued to access his phone’s location.

Two screenshots showing iFood accessing iPhone location even when denied to do so.

We got intrigued: how was iFood getting away with this?

An educated guess was revealed by iOS 16.3 release notes, launched on January 23th. Apple mentions a security issue in Maps in that “an app may be able to bypass Privacy preferences”. It’s CVE-2023-23503, submitted by an anonymous researcher and, so far, “reserved” in CVE’s system — which means details are pending to be published.

The reader who noticed iFood’s misbehavior said that afterwards, he reseted his iPhone and that apparently solved the issue. He promptly updated to iOS 16.3 as soon it was released. So far, he haven’t notice anything unusual.

I contacted iFood’s press team to get a word about this issue. They received my request, asked for more details, but haven’t provided a statement so far. When they reply, I’ll update this post.

Update (February 1st, 17h35): iFood just sent a statement. Here it goes (my translation):

iFood reinforces that data security is a priority in its business and in the relationship with consumers, deliverers, and restaurants. The data collected is used only for the purposes set out in our Privacy Statement.

In this case, after careful analysis by the technology team, no code was identified in the iFood application that allows access to the user’s location without authorization, but even so, the company remains available to clarify any questions on the subject or any alleged failure, in order to contribute to bringing more security to the platform.

Present in over 1,700 cities in Brazil and a reference in online delivery, iFood constantly invests in security, technology and monitoring to identify and correct possible flaws and continuous improvement of the application.

My Job at Risk, Thanks to ChatGPT


A few centuries later, I feel today what British craftsmen and small producers must have felt when they saw the first machines arrive and the first factories open during the Industrial Revolution.

A new technology, generative artificial intelligences (AI), poses a threat to intellectual jobs that until recently — about five years ago — seemed safe in the face of overwhelming labor automation.

Not anymore. AIs such as ChatGPT, the LLM (large language model) type, are capable of generating coherent original texts from short prompts written by humans.

Like all revolutionary technology, it seems like magic. And it is no coincidence that I return to the same topic in less than two months. ChatGPT was launched five days after I published that first column.

Instead of spending a few hours on research, writing and editing to publish this text, for example, I could have asked ChatGPT to write something about the threat of AIs to those in the writing business. Very meta — and tired; I will spare you that.

The result would not be the same, but it would probably be “good enough”. We know, not from today, that “good enough” is often… good enough for a lot of people. And being cheaper and faster to produce, it is hard to resist.

Today, generative AIs are still a kind of curiosity, a topic for dazzled texts on LinkedIn, creative tests, experimental solutions. The potential, however, is there, wide open.

Microsoft, one of the main backers of OpenAI, the company behind the most advanced AIs (besides ChatGPT, it also owns DALL-E 2, GPT-3, and Codex), announced last week that it’s offering OpenAI services in its cloud solution and already offers features based on them in some commercial products, such as Github Copilot and Microsoft Designer. Rumors suggest that ChatGPT will soon arrive in Bing and productivity applications (Word, Excel, PowerPoint, etc.).

In journalism and writing for the web, the potential is explosive.

For years, some newsrooms, such as the Associated Press, have been using robots to produce simple texts, such as news on company balance sheets and sports results.

With the new generative AIs, this practice changes levels. Until now, the texts written by robots were sort of a logical, understandable “script”: take this data and put it into a template. With ChatGPT, however, the robot seems to gain imagination and the logic gets lost in complex and opaque algorithms.

The result is also of a different magnitude. ChatGPT creates arguments, detects consensus, discovers controversies. Although lacking awareness, it simulates one. It is “good enough.”

CNet, a US publication covering technology, began testing such an AI last year in the worst possible way: with little transparency.

Someone found out, and under scrutiny, basic errors were discovered in the nearly 80 published robotic texts. A widespread failure: of the AI and of the human being (supposedly) responsible for checking and editing the artificial text.

These are mistakes that perhaps the next version of GPT will not make. The pace is breakneck.

In the journalism domain generative AIs may not be ready for production, but in other less demanding ones they already do very well, thank you: quick responses to emails, answers to search engine queries, social network posts, top-of-funnel content for institutional blogs.

You don’t have to do much research to come across dozens of startups trying to get ahead in this new gold rush — trying to sell shovels to the prospectors who, in the end, will be using them to dig the graves of their own jobs and those of others.

When these AIs are good enough, job openings are reduced and the assignments of those left over change. From writers and editors, for example, we all become “robot babysitters”, correcting blatant (for humans) errors that may slip by in the artificial text and that we, of course, manage to catch. (Because if there is one thing we are good at, it is failing; even in this the AI reproduces us.)

Soon, my routine will gain one more demand: to prove myself flesh and blood in a purely digital environment, full of “rivals” who do not sweat, get tired, get sick, and have no mood swings. We are playing in the opponent’s camp. It is an inglorious struggle.

Unlike the 18th century British Luddites, I don’t even have a machine to wreck. The generative AIs that threaten my craft exist in the cloud, that ethereal concept, mere euphemism for “big computers in controlled warehouses far away from us”. No gunfights against robots that look like Arnold Schwarzenegger, forget about it. The machine revolution will be discreet.

And unlike what the best utopias predicted, we won’t even be able to dedicate ourselves to the arts, because generative AIs also already produce illustrations, paintings and photos. They even win contests.

Perhaps our fate, the fate of humanity, is that we will all become Simpsons grandpas screaming against the cloud. What a pathetic end.

« Previous 3 of 8 Next »