Get the latest tech news
This website is hosted on Bluesky
Well, not this one. But this one is! How? Let’s take a closer look at Bluesky and the AT Protocol that underpins it. Note: I communicated with the Bluesky team prior to the publishing of this post. While the functionality described is not the intended use of the application, it is known behavior and does not constitue a vulnerability disclosure process. My main motivation for reaching out to them was because I like the folks and don’t want to make their lives harder.
Blobs are typically larger unstructured data, such as media assets, that may be uploaded by a user, but are exposed via a record referencing them. That being said, if a service like Bluesky is running PDS instances on behalf of users, this effectively equates to free (albiet unreliable) arbiratry file hosting, which has implications beyond just racking up large storage and egress data fees. Traditional social platforms can place more restrictions on blobs at time of upload because there is a limited set of valid content.
Or read this on Hacker News
/cdn.vox-cdn.com/uploads/chorus_asset/file/25749943/VRG_illo_Kristen_Radtke_bluesky_winning.jpg)