Bluesky’s Personal Data Server (PDS) holds the signing key that authorizes every post, like, and follow. The operator can change that key, effectively taking full control of your Decentralized Identifier (DID) and impersonating you across all ATProto apps.

Because every new ATProto application writes to the same repository, a single compromised PDS operator can post inflammatory content, grant unauthorized repository access, or lock users out of their own accounts. The attack surface expands as more services join the ecosystem.

Users rarely enroll a backup rotation key, leaving them vulnerable. A self‑controlled rotation key would let a user rotate the signing key or point the DID to another PDS, restoring autonomy. ATProto’s documentation should mandate this feature and clarify the key‑management responsibilities.

Bluesky’s promise of decentralization collapses when the PDS operator wields unchecked power. The protocol’s security hinges on trusting a single entity with all signing keys, making the ecosystem fragile and exposing every user to a single point of failure.