← All Talks
Presentation Development and Protocol

Community privacy in a decentralized network

Evelyn Osman · @kandake.africa
Sunday, March 29, 2026
11:30 AM – 12:00 PM PT
Performance Theatre
Available in-person & via livestream — Stream 2 (Performance Theatre)

How we can build a community that is on ATproto with content that can be contained to users within their community boundary, a form of privacy without forcing us completely off the protocol. Rather than focusing on how to handle private data with the dimensions of access we will implement a design that functions at the appview allowing any client to see it.

And I have a clicky thing. Can I click? Cool. Okay. So for those of you not aware, North Sky is social. So we're basically a cooperative based in actually established in BC and BC Canada here in Vancouver. So our priority is basically really about building a community for two-spirit, LGBTQI plus people and marginalized identities. I want to focus on the second or sort of emphasis on the second, as I feel over the past year, sort of in pigeonholed into the queer community. Quite a few other things. Like I myself, you know, I'm actually Sudanese American.

Both of my parents are from Sudan, born and raised actually in America and grew up in Washington State, so like nine hours away from here. Yeah, and so if we kind of look at where uh Bluesky, I need to walk up front here, sorry. So kind of look at Bluesky sort of like started sending out invites uh April, May 2023. Over time, you know, we kind of saw a rapid growth, and so now around 45 million users. And it was actually uh beginning of last year when North Sky sort of started to assemble and we kind of found established ourselves.

Um we look at the reason for that, uh there was quite a few issues that sort of happened. Um one of the larger incidents early on was actually when uh A Vita, who was a uh basically a black community organizer, uh sort of discovered that you could create handles with the N-word, um just easily racial slurs. And then Bluesky did not respond to this for multiple weeks. Um developers were sort of like left to bear the burden of actually communicating and kind of trying to explain what's happening. Um users were really confused about what these code changes were, were they trying to hide things, mask things.

It was just sort of a big hot mess. Um later on, then actually uh and a series of issues, the hammer incident, one user basically said, like, hey, I want to hit this person with a hammer, um, that resulted in introducing the feature to actually block people. Um and basically like all throughout all this, we also saw you know a lot of like issues around racism, transphobia, uh discrimination, um and actually, and so a lot of it early on was due to Bluesky not having really TNS as trust and safety as a priority. Um then uh we sort of saw an acceleration of these issues sort of happening as they're able to actually I see it kind of grew their moderation services and hired more people, um, which in a way allowed them to actually do a better job of moderating, but because they didn't actually understand the context of minorities, they actually ended up uh targeting minorities as a consequence of that.

Um then we also saw the Jesse Single incident, uh so basically after Trump was elected, uh a bunch of people moved over to single who's basically a known bad actor, started to sort of um harass people and users sort of panicking about them. And uh over the course of two days, he was like he's basically he was suspended, unsuspended, suspended again, and then unsuspended. Um, and then basically told that well he's screenshotting people and sharing on Twitter, which is actually a separate platform, so we don't target that. We've actually seen a lot of people actually suspended for doing the same things.

Um then uh just after Trump was uh inauguration ceremony, every single uh major social media platform removed all protections for LGPT people, minorities, um basically they they sort of remove them from classification as hate speech. Um so it kind of showed that. Oh, my screen just died. Yes, let me fix that very quickly. Is it back yet? There is. Yeah. Um so it's and so basically then actually over the past year we start increased targeting of uh especially of transgender people during throughout all of this. Um Charlie Kirk incident, everybody's familiar with that. Um the US basically sends a letter to every single major social media platform saying we expect you to handle the Charlie Kick, Charlie Kirk discourse appropriately.

If you do not, we'll revoke your Section 230 status. Section 230 basically says that um social media platforms are common carriers. And so through revoke it, suddenly now you as a social media platform are responsible for whatever your users say. Um and so what we really kind of saw is that every single time is that um minorities are always discarded as soon as anything becomes becomes difficult. Um and so when North Sky sort of started to assemble, we sort of actually began with sort of an idea, you know, what does it mean if we actually had a space, you know, where we can actually speak freely.

Um what if we could actually like really celebrate our successes, you know, our challenges, like sort of provide and support one another. And you know, and not have people you know shit all over it, quite simply. Um so it was sort of like I was sort of talking about it, we kind of like had like a lot of intense discussions, and it kind of came down to like it's not really about an individual. It's really about you know caring for the community that they can thrive in. And then as a consequence, we actually then kind of like encourage these community dynamics that support those individuals.

Sort of create like a nice like self-reinforcing positive environment where it's like you as a person contribute to the community and community return actually contributes towards your success and protection. And that was kind of where it was kind of came down to like how do we actually focus on the needs of the people, sort of like looking at the common needs while also sort of providing them agency at the same time. So that way sort of like we're not forcing you to abide by rules, but actually also giving you the ability to actually kind of participate in them.

And really when kind of talk we started talking about that, it was actually like okay, then issues kind of become like you know within the community, is like how do we actually sort of de-escalate people from like fight or flight as you know every single actually I have to say every single person in North Sky Social, like the members and volunteers, we have all been subjected to different sort of types of trauma, you know, whether it is like racial, sexual, gender-based. Um we have all actually kind of like been targeted by this. And then that kind of means that we have to kind of like create spaces that allow for decompression at the same time.

As when you're existing in a space, you know, whether it's online or in real life, where you're constantly being targeted and harassed, there is never any point where you can actually process that in a healthy manner. Um so that's kind of where when we started actually looking at like, okay, what does it actually moderate to do moderation? Did you trust and safety with this context? And so that's where kind of like restorative justice, you know, that was like really what we started writing everything out, that was like the core tenet of it. Um and the other part of it was actually human-to-human moderation, where our actions aren't you know opaque.

Um I expect to say like one of the first moderative actions that we actually took was where um we started migrating people over, and one user's like made a post that was actually a clear violation of our guidelines. Rather than just using Ozone to take it down, we actually notify them. We're saying, hey, you've made this post, it violates the guidelines for these for these reasons. Can you please remove it? They immediately deleted it. Um that was where actually we kind of we gave them the agency the choice to actually participate uh in actually building a healthy community.

Um so we say you know it's basically like you know, let's let's just check in with you. Let's actually see how you're doing. Um and then the other part is really like uh our focus is really like how do we actually handle these inter-community issues, you know, within the community itself. Uh as in a way it's I say it's it's easier to moderate the challenges to actually target your community than it is to actually moderate what's happening within it. Um when we kind of talk about those spaces, there's also the other issue is sort of you know, we say like protecting like from external influences is we saw like on on H protocol in particular, is actually there's a lot of challenges that come with it.

Like these are two examples from earlier this year where it's like one person was like person took a picture of her and proceeded to use AI to dress it up differently. Um another one is a political activist targeted uh for his activism, saying, hey, I have to actually delete all my content because we're all being targeted by this. Um let me click that again. Yeah. And then the other part is where we basically see uh AI tech bros who basically see this fire hose where all this data is in public, I can use it for training purposes, um, not commenting on just city's announcement.

Um and and so it's sort of like you know, and when this happened, they're like, oh my god, this is amazing thing. I just published, and everybody freaks out. Um fun fact I emailed Hugging Faces privacy uh group uh basically asking them if they can remove for GDPR violations. I never got a response. Um yeah, and so by the way, this is an illustration my daughter made for me for this talk. Um she is watching this right now. Yeah. Yeah. And so really kind of like we want to have a community space where people can actually uh experience joy together, you know, and actually be able to like discuss not just their challenges, but their successes, you know, they can create together.

Uh but at the same time when you start creating these spaces, you always have people outside of it who want to uh invade it, who want to disrupt it, or it may not even be nefarious. I think it was what last week Rudy made a post where he's talking about like the hustle, and then somebody responds like I do not support hustle culture, and Ruby's like, oh I'm sorry, I didn't code switch. It's it's like those types of actions where it's like basically somebody they just they'll blindly walk into the space. And that's kind of like one of the issues that we kind of always see happening as you start kind of doing community building.

And so that's kind of where we then start like kind of discussion early on was also like, okay, then we have feeds, which are great, you know, they kind of provide for a lot of flexibility. You know, you can create a feed that has specific content. BlackSky has their community feed as an example. Um Sky, we created our own also. But at the same time, it's sort of like people can still access it, you know, you can kind of do some logic within it. Um, but it doesn't really solve the public side of things. And so that's we're going to start okay, how do I actually shift away from just talking about feeds towards actually creating spaces.

And so it's sort of like, you know, okay, what does it look like? You know, how do users interact with these spaces? Sorry, I'm also like kind of spotting because I just wrote all this two days ago. Um, you can like actually kind of create those, create interactions within these spaces. So it's not sort of like breaking away from actually having a single feed to actually pay how we should actually have a space that has different ways of actually interacting with that space itself. Um then in what ways does it actually result in a positive environment too.

And this is kind of where uh they call it Stratos, or sort of a private data solution. Kind of like that's where it kind of kind of came out of that. Uh as we never when I originally wrote the proposal, there was like no announcements yet. I think it was basically like Nick had had written some things, Paul written some things, it's all kind of very heavy theoretical. But this is where we kind of talk about okay, let's actually do private data in a way that's actually permissioned. Um where you can kind of like allow for multiple spaces to exist, but at the same time have some governance in there too.

Uh and that's kind of where we're saying, okay, actually actually have the ability to actually moderate this. Was one of the critical aspects of it. Um when I published the first proposal, the uh the what one of the common feedbacks that I was like, okay, why don't you do end-to-end encryption? I was like, okay, let me actually think about this. So I looked at the MLS spec, I read it, I talked to Ian from Pyragos. Um it doesn't work at that type. So like end-to-end encryption is essentially, you know, like I'm talking to Nick. Nobody can take part in it.

And then I add another person to it, and now they take part in it, but they don't see any of our messages from before because it's all encrypted if it's satisfied. Um, if you want to moderate it, then whoever the moderates the migration service has to be a party of it. So that is like there's always like a third party that's just can view everything. So at that time at that point, encryption doesn't work. Um also how do you also make it so it's easy to actually search it, to browse it, to access it however you wish.

And so that's kind of where it was one of those big things. And also like how do we make it verifiable? So we didn't want to break away from the protocol at the same time. Uh so we kind of made the intentional decision of actually trying to actually stick with how atproto works in a way that others can actually adopt it. Because that was actually kind of the critical aspect of where as a community builders, we don't want to build a completely unique platform at the same time. We want to build something actually that can actually be adopted and grown together with other individuals.

Um rushing through this, but let's find out. Yeah. Yeah, and so that's basically where we kind of talk about, okay, like spaces or feeds. And so we kind of decide on this hydration model. Um basically the smokesness approach is kind of written, is where you basically you have um you know on the PDS you have like a public record. You know, that can just has a reference to the private one. And so then app view or an application, um, it can see the public one and it has a reference and then able to kind of pull it, pull it in from the from the public one, and you end up with your private data at the same time.

So that kind of allows us that that compatibility with AT protobing the needs of like having a data privacy with it. Um now for the gutsy part as a demo. So Luca has been begging me for the last like three days uh to record this, but I have refused because I like doing things live. Um so this is basically please show a post. Don't terrify me right now. Um yeah, so here we go. So this is basically a web app. I kind of threw it together as a demo purposes, uh, where we have uh the idea is to basically you have like your feeds.

Um to speak. Does this have a laser pointer on it? Yes, it does. Nice. Um yeah, and so basically, you know, see like Amelia this morning, she wrote some posts on here as for fun. Um right now, this is this is basically an app view feed. It's actually serving all the private content. And for the sake of this, all this is doing is actually it's just serving the data for all the boundaries that I have access to. So we use boundaries as mentioned, it's a permission space. And so what it is basically from authorization side, I'm sending a request.

It says, okay, let me find out all your boundaries. Okay, here you go, here's all your data associated with it. And that allows me to actually kind of then see it. And I see here um kind of actually jumping past it. Sorry, let me jump back really quickly. By the way, there's documentation. Um the idea is basically that we have an attestation. Here we go. Um that basically is where as soon as when a user enroll in the service, um, we create a public record. Basically, okay, this is your service, here's your boundaries, here's your here's your actually your signing key that we create for you.

And we kind of write that back to the public record, and that also sort of enables that discovery aspect of it. Um with the attestation, you can actually kind of verify it at the same time. Um sec P2256K1, um, and then P256 uh key for the user. So every user has our own key. That's where we say verifiable. Um, as then you know you know what your public key is, and you can always actually validate that. Your records belong to you. And that was sort of like trying to build this trust model at the same time.

Um, back behind the desk. Yeah. Um yeah, and so if you look here, we have a little nice little enrollment record. We can actually see that. So this is one, you know, Strato service. Uh these are my two boundaries uh that I have that I have access to. And then down below is the attestation, uh, basically providing very verification of it. Um and then this nice little thing that also shows it. Um by the way, I fork PDSLS and I add a stratos support to it. Um so it actually it's it fully works. Um yeah, it's basically showing like the verification basically does client side, checks the service, uh DID web document to actually validate it and shows that yes, this is actually verified.

Um then basically then if on the demo app, we basically then see up here it does a little check, does its own verification, and then also from the service, it also validates yes, you are enrolled. Um and then we see down here, these are the different, basically, these are the domains that a person has access to. Um, and then the actual and the additional ones that are available. And this basically then allows you to actually basically write a little private post. With it. Yes. There we go. Um and then here we go. And then I'm just gonna do a thing of I'm gonna give uh sorry, actually let me do this really fast.

But this is where a a user is already enrolled in the service. So I'm gonna log out and just log in with a different one.

Oh we go. Um full OAuth, scoped enrollment, only so only the Stratos uh lexicons can have access, of course. And I go ahead and authorize that. And then I'm logged in. And we see here that I don't have access to anything. So I'm not enrolled, I only see my public records. Um and we've and right now the service is actually designed where you can actually have a uh open enrollment with exclusive domains. So the const is basically like I can actually I can freely enroll in this one. Um this is currently necessary because uh the enrollment process basically generates a long-lived OAuth token.

So that way behind the scenes, whenever you actually create a private record, it also basically writes the public one for you on your behalf. Uh so sort of like an OAuth delegation, or as I call it OAuth wizardry, um, because this whole setup is insane, honestly. Yeah. Oh, and Amelia is now showing off that she's actually posting at the same time.

Um yeah, and so basically we see here like I only have access to you know the open enrollment uh domain. And then there's of course like always gonna be an admin interface where um let me get that. There we go. I'm gonna add myself to the bees domain. There we go. Uh that was the wrong DID. Hang on a second. Let me find that one. Actually, I really like doing live demos because something always goes wrong. Let me delete that. It's just differently right. Yes. Also appreciate actually showing that this actually works. There we go. Back to the demo app.

I refresh that. And now SCBs. And yeah.

Yeah. And so basically, and actually there isn't really anything right there in there. Was but it's because I uh write because I post a lot more on this account, that's why. But then if I go back to the previous one.

Yeah, we added it. And it's taking a while to populate.

Oh, I don't have any content there. Right. Because I clear this out for the demo too, just in case. But anyways, but actually anybody can actually log into this app. I'll tear it down in like in a day or two. But that's basically like the concept behind it is that we actually wanted to basically allow people to basically adopt this and integrate it in any way they wish. Because it's sort of like when we started actually thinking about this, actually the whole reason I built this is because when I met Boris back in November at Eurosky in Berlin, I was like, oh let's talk about what's what's happened with a private data working group.

And what I learned is that nobody could actually decide on an approach. As we're sort of like disagreeing, and I basically told Boris like I'm gonna prove it's possible by having a demo at AdversaryCon.

Yeah, and it's not so much to say that it's not hard. I just like really difficult things. That's really what it comes down to. And it was like it was uh instead of say this is just one approach to it, there's quite a few others. Actually, like I posted the proposal in January, and then within a couple weeks, there are six more proposals out there and announcements. Um crazy, like, you know, but actually at the same time, they all have different requirements for it. Um one group wants to have like you know more of like a uh a private social media space.

Another wants to actually want to have actually the ability to actually restrict the data between your device and its target. Um Bluesky signal approach is more like how do we actually give more agency to the users with primitives? Um and for us it's actually where how do we actually provide spaces for a community with actually the ability to do like kind of the governance to kind of like you know take care and support the community at the same time. Um let me jump back to this thingy. I do have a couple other slides. Let me see.

Um yeah, and so I I kind of rarely want to put stress on like shout-outs to a few individuals uh throughout all this. Um like Nick, for example. Uh I hopped on quite a few calls with him uh because it was something where I would say the the most difficult part was actually thinking about how does this actually work at scale. Um because it's one thing they basically say okay, we're gonna have like some private data and it kind of sits around, but then it's like how do you actually handle it? We can have like thousands of people working using this at the same time.

Um this is where Nick was really instrumental, kind of like you know, talking through hashing algorithms, which I've only like briefly read about before, and he gave me like a long list, but I spent an entire week reading research papers. Um like Lewis, because actually uh I was working on this locally, and then I deployed it to the cloud to test some things and suddenly had horrific issues. Um last week I just tagged tagged him on the Discord and I was like Louis, how are you doing Postgres with Tank with with Tranquil? Um he was kind of providing some advice there.

And also fake, of course, for listening to me complain about issues non-stop. Um then um Emilia, who's uh you know, Amelia is Millia, honestly. What what does she not know? Um yeah, and then Boris uh because I made a challenge, he they basically made me challenge myself with this. Um yeah, but this is it's really kind of comes back to is where um private data is a very important thing in many contexts. Um for us it is actually you know how to provide a private space for communities. Uh for others it is you know providing you know a private space for for research, right?

AT science is actually a common topic that came up yesterday on Friday for them. Um and so this is where we kind of say like let's actually build an open the way that can actually be adopted. Um yeah. And if you want to learn more, you can look at the documentation that I published uh on Friday morning uh because I have horrible jet lag and I just kept writing things. Um yeah. And so thank you everybody.