Who Actually Owns Your ATProto Identity? Hint: It's Probably Not You
Summary
The article argues that ATProto's Personal Data Server (PDS) holds signing and rotation keys, giving operators the ability to impersonate users across the entire ATProto ecosystem. It highlights centralization risks, potential identity lockout, and suggests changes like self-controlled rotation keys and better auditability to mitigate these risks.