Bluesky's Gift of Gab

19 Jun, 2025

In 2019, an "alt-tech" microblogging platform named Gab replaced their old, derelict PHP codebase with a combination of Mastodon and a brand-new frontend that was designed to appear more like Twitter and also make decentralized microblogging look more appealing to the 50-year old normies that used the website or something. After building their new stack and migrating all of their old data to it, they decided to leave support for the Fediverse on... to own the libs? Doesn't matter. Either way, it didn't go well.

The federation (despite being imported from Mastodon, which Fediverse server software typically had to conform to if they wanted proper federation) was being actively broken by its moronic developers, both third-party Mastodon clients and major instances blocked Gab preemptively and was ridiculed by those that didn't block it, initially by free speech instances before spreading to the other servers as the antics got better:

After this unmitigated disaster, Gab shut down their federation after less than a year of activity by blaming trolls, however its busted code still sent messages out periodically for months afterwards. This wasn't the first time a new service joined the Fediverse in a really stupid way, however it set a new bar for how badly you can mess things up.

But could such an event happen again... on another network?

I think that Bluesky (and its larger network under the AT Protocol) has been long overdue for such an event to occur; where a previously insular service with values that directly contradict the values of a network's majority population begins to federate with them, causing a very funny ruckus.

The Layers

I've always found it odd that people describe Bluesky as though it was designed solely to build an echo chamber for leftoids and liberals, and how it's gonna die like Right Now because there aren't any Rational Voices and the statistics are dropping (they stopped dropping BTW) or something. Anyone that's looked into how its protocol works will know that this is the exact opposite. You don't even have to read the AT Protocol specifications, they describe how moderation and speech is meant to be treated across the protocol in the documentation for Bluesky's API.

A diagram depicting two layers passing through a "Curation and Moderation" filter. The top layer is titled "Reach layer" and described as "Flexible, scalable", while the bottom layer is titled "Speech layer" and is described as "Distributed, locked open".

It's very clear that the protocol was meant to accommodate for every type of voice, not just mainstream lib voices like it is right now. Why else would Jack Dorsey, an ardent Bitcoin libertarian specifically choose other cryptocurrency guys to build out a protocol for Twitter? Relatively few¹ seem to remember this, as though Bluesky spawned out of the aether with 30 million unnamed #Resistance libs behind it. The protocol is very much designed for anyone to use and have control over their own platform... at least in theory.

Bluesky Trust and Safety

I sincerely believe that Bluesky's moderation is exactly how it was in "Old Twitter" (2016-2022), where it tries to be as diplomatically neutral as it can, catering for anyone with any normally rule violating views or blue checks if they are popular or real-world-relevant enough to get the company into trouble if they ever get banned for expressing such views. There are people out there that believe that the auto-bans that occur sometimes when creating a new account are because you dare to have one of the Undesirable opinions and were also never seen before on the internet... somehow.²

I don't believe that this is the case, specifically because Bluesky's moderation is even more lenient to the blue checks! Any "just asking questions" digital journalist hack fraud can easily be protected by the Trust & Safety team by having a Substack or general platform, mainstream or not.³ If you want to know why the two systems are so similar, it's because they are RAN BY THE SAME PERSON. Granted, he was only the co-head of Trust & Safety at Twitter but his tenure goes from 2019 to 2023, which is roughly half of the period that I've defined for the specific form of moderation that was in place at Twitter. I don't find it strange to believe that he was hired by Bluesky specifically to guide its moderation practices towards acting more like Old Twitter's, and that it wasn't just a coincidence that he worked at Twitter before getting hired by Bluesky.

How to get nuked by Bluesky

To most users outside of the small 0.01% that have launched their own Personal Data Server (PDS),⁴ they are controlled entirely by Bluesky moderation. You can't do anything about it besides begging for an appeal request through their totally legit "moderation@blueskyweb.xyz" email address.⁵

If you are one of those lucky few that set up a PDS, you are free to do as you please... almost. While Bluesky can't just take down your account and wipe its data whenever it wants to, they can definitely enforce it through other means. You see, a PDS is one part of the protocol's network. It is the second most-important part of the network, only behind the AppView. The AppView is the real gatekeeper, enforcing moderation actions as a backup if it can't apply it directly.

There are three types of ways that Bluesky can block third-party content from being accessed by other people on Bluesky:⁶

Relay Bans, which are rare and are used solely for blocking PDSes that are made solely for network spam or posting 'p. Supposedly. There's no public moderation log on the default relay implementation, so you just have to assume that the Bluesky moderators aren't doing otherwise (as far as I know this hasn't happened yet). Somewhat easy to bypass, simply point your PDS to synchronize with another relay that crawls the full network. Or set your own up if you want to fundraise four million dollars
Labeler Bans, which apply takedowns to content using the Bluesky Moderation Service labeler (or region-specific onces if a country requests a takedown of some content). These are typically done using the "!hide" labels, which block the content from being loaded on clients that have the labeler enabled.⁷ These are comically easy to bypass by just using a custom client without enforced labelers, so these are used in combination with...
AppView Bans, which are the same thing as the labeler bans but enforced by the app itself. This is essentially a shadowban for third-party PDSes, preventing any unaware user from seeing your content. You cannot load such material without manually going to the user's PDS and fetching it yourself. You would also be losing a lot of context through this bypass as you won't be able to fetch likes, reposts, replies, etc. without a custom tool that provides all backlinks to the banned content cough. Theoretically. Nobody's tried to build a bypass for these types of bans yet, because there's a simpler solution:

Deploying a new AppView

On a theoretical level, you should be able to deploy a new AppView easily. All of the source code is open for anyone to poke at and deploy, so you should be able to just load a Docker container or two and get it running... right?

A list of services that the reference AppView depends on to be equivalentish to the official instance

Based on this list, you need:

The AppView for the Bluesky API itself
The directory for the main DID type accounts use if you don't want to rely on the main one or use only did:web
The dataplane (included in the AppView)
The image resizing service (included in the AppView)
The push notification service that I couldn't trace down but I am assuming is also included in the AppView
An optional AppView state synchronization service
The full-text search service
The moderation service if you want to link your AppView to a labeler

Seems a bit complicated.

An Impasse

This is it. This is quite literally the only barrier to being able to drop Bluesky services and have an independent platform on the AT Protocol. Are there any alternative AppViews that you can run? Yes. But they're not finished. Can you even use a custom AppView with a client? Kind of? This also isn't even including the DM system, which as far as I know is a private service that you can't get the source code for.

So what do you do? Do you try to fork the Bluesky client and make it fetch records from the PDS and their associated backlinks? Only post through WhiteWind? Build your own service through the protocol designed specifically to bypass the AppView?

Get to the point already

You can establish user-defined moderation on Bluesky by building your own stack, that's been well-known for a while and this is the goal that developers have been trying to reach since federation was first opened. When it gets achieved (which it already has, sort of), ATproto developers will celebrate and tinker with it for a while before setting it up on their servers and moving on. But who will be the first non-developer user of this system?

I predict that within the next 12 months, someone will try to build a free speech version of Bluesky that is independent from Bluesky's infrastructure, fully federating with the rest of the network and able to build an active userbase. It doesn't matter whether it's explicitly for trolling purposes or not, it'll still be able to stand up on its own. This will be the "Gift of Gab", a user-defined platform where anyone can see anything they want and say anything they want on Bluesky without consequence. It might get nuked by Bluesky moderation but it won't matter because they won't see the effects unless they choose to do so.

Is this nonsensical? Probably. I'm really tired now and I don't think I am fully cognizant of what I'm writing or how pretentious it is but I will attest that someone will try to do this. That's the whole point of this thought process.

Footnotes

Outside of nerds that actively track the happenings of decentralized protocols, of course.↩
Even though this managed to sneak through. Don't Ask Questions.↩
These guys also typically cause a significant amount of drama on Bluesky, so if you want to do a little bit of trolling, open a Substack and get some paying subscribers. It works every time.↩
This is basically a web server that hosts all of your content. They're trivial to launch, especially if you aren't planning to host anything else on the same server as it.↩
They still haven't changed this and it's been over a year since they bought the "bsky.social" domain. Can someone over there wake up and fix it, please?↩
Excluding the Relay ban, these do not affect your ability to use other applications with your ATproto account, however if they try to access any Bluesky content through the official AppView they'll be unable to get it (theoretically).↩
There's also the "!warn" label which adds a warning to a piece of content but otherwise lets you go through.↩

#bluesky #communities #moderation #social media