Why Inter-Service Auth Needs Client Identity

ATProtocol's inter-service authentication currently has no way to identify which client is making a request on behalf of a user, forcing services to rely on forgeable headers or clunky workarounds to establish trust relationships. Adding an optional client_id claim to inter-service JWTs would solve this cleanly, enabling service-to-service trust, rate limiting, and feature flags using the cryptographic infrastructure we already have.

Don't Feed the Trolls: Why This Old Internet Wisdom Still Matters

"Don't feed the trolls" emerged as folk wisdom in 1990s Usenet culture and became internet gospel, grounded in solid psychological research showing that trolls seek negative attention and ignoring them removes their reward.

ATProtocol Attestations: Cryptographic Signatures for the Decentralized Web

This post introduces the formal ATProtocol attestation specification, a framework for adding cryptographic signatures to ATProto records through two complementary patterns: inline attestations that embed signatures directly in records, and remote attestations that store proof in separate repository records. The specification prevents replay attacks through repository binding, uses CID-based content addressing for integrity, and provides the cryptographic foundation for verified credentials, trusted content, and authenticated interactions in the decentralized ATProtocol ecosystem.

Unforgeable Endorsements Technical Deep-Dive

Deep technical implementation of the unforgeable endorsement system. Covers step-by-step CID computation, complete code for the endorsement workflow, validation algorithms, firehose event processing, and detailed security analysis of attack vectors. Includes working code examples, lexicon definitions, and the cryptographic mechanisms that make forgery mathematically impossible.

Building Unforgeable Professional Endorsements with ATProtocol

Traditional professional endorsements on platforms like LinkedIn lack cryptographic proof—anyone could forge them, and the platform controls the truth. This article introduces a two-record architecture using ATProtocol's Content Identifiers (CIDs) and Decentralized Identifiers (DIDs) to create mathematically unforgeable mutual attestations. By separating proof creation from endorsement acceptance and leveraging the firehose for distributed validation, we build a system where both parties cryptographically consent and no central authority can manipulate the record.

Introducing at://work: A Job Board That Puts You in Control

at://work is a modern job board built on ATProtocol where your profile and job listings are stored on your own Personal Data Server, giving you true ownership of your professional data. As a full AppView with XRPC APIs and remote MCP server capabilities, it makes job market data accessible to both users and developers while proving that professional networking can be decentralized and user-controlled.

Ohio's New Porn Age Verification Law: Big Brother Dressed Up as Child Protection

Ohio's new age verification law requiring ID to access adult websites (starting September 29, 2025) fails to protect children while forcing adults to surrender personal data to access legal content. This "small government" Republican law creates a surveillance system that invades privacy without addressing the real online dangers kids face.

Launching QuickDID - Fast, Open Handle Resolution for the AT Protocol

QuickDID is a high-performance, open source handle resolution service for the ATmosphere that serves as both public infrastructure at https://quickdid.smokesignal.tools and deployable software under MIT license. It offers flexible caching strategies (memory/Redis/SQLite), scales from single-instance to distributed deployments, and includes production features like rate limiting and proactive cache refresh. Currently a release candidate, it provides a drop-in alternative to Bluesky's resolver while giving developers full control over their handle resolution infrastructure.

AT Protocol and SMTP: When Old Tech Powers New Identity

Exploring how AT Protocol and SMTP can work together to make secure messaging possible by combining 50-year-old email infrastructure with modern cryptographic identity. Building on Chris Boscolo's AT-SMS proposal, this post introduces ideas for adding SMTP services directly to DID documents and leveraging PDS-level cryptographic operations through XRPC methods. The result: verifiable, encrypted communication where messages work like signed JWTs over email, handles prove identity without centralized authorities, and users maintain complete control over their messaging infrastructure. A technical deep-dive into how "boring" technology like SMTP and DNS, combined with AT Protocol's identity primitives, could finally deliver truly portable, private, and permanent messaging.

If-This-Then-AT Blueprint: Payment-Proof Access Gates