When you're a whole on the internet

Most of us exist online as a jigsaw puzzle scattered across a table. A LinkedIn profile. A Bluesky account. An old Twitter handle. A forum username from 2009. The pieces are all there, but assembling them takes work, and that friction, it turns out, has been doing a lot of social work that nobody explicitly designed.

The HTTP-era internet was never built with identity coherence in mind (or, identity at all). Each service captured a slice of you independently. The result was fragmentation by accident: different contexts, different audiences, different versions of yourself that didn't necessarily talk to each other. A researcher who also posts about urban planning and occasionally says something funny about cats. A policy professional who is also in a recovery community. An activist who also works for a corporation. The pieces existed. But the jigsaw was hard to assemble, and that difficulty was a form of protection. Not privacy exactly, I guess, but friction.

OSINT practitioners, stalkers, and overzealous HR departments have always known how to reduce that friction. But for most people, most of the time, the disconnection between services was enough. Context collapse was a risk, not a default.

ATProto changes the connective tissue

The AT Protocol, the architecture underlying this blog, @bsky.app and an emerging ecosystem of interoperable apps, is built around a different premise. Your identity is anchored to a decentralized identifier (DID) that travels with you across services. Your handle can be your own domain, like here where my blog's name is the subdomain for "yaso.is". When you move between apps built on the protocol, your identity, your followers, and your content come with you. You own your data. "You" are portable.

This is genuinely good news for a set of real problems: platform lock-in, arbitrary account suspension, the loss of years of public writing when a service shuts down. The AT Protocol solves the portability problem in ways that HTTP never did. But portability and legibility are not the same thing, and the protocol bundles them together in ways that deserve more scrutiny.

When your DID travels with you across services, so does the connective tissue between your contexts. The silly app and the professional app, built on the same protocol, can surface that you're the same person. Not because someone did OSINT work but because the architecture makes it easy. The friction that was doing protective work quietly disappears.

Two separate problems that look like one

Here's what the current conversation tends to conflate: the question of who controls your identity and the question of how visible the connections between your contexts are. ATProto makes real progress on the first. It hasn't addressed the second.

This matters because the people who most need context separation are often not the ones with the loudest voice in protocol design discussions. They are not the tech forward early adopters excited about owning their data and moving between apps. They are the people for whom context collapse means material risk.

I sure like and say things on Bluesky that I don't want to be easy to find on a professional settings. Don't know about everyone, and this post is more of a personal reflection.

A design question and a governance question

The way I see, there are two ways to address this at different levels:

The design question is whether context separation should be a first-class feature of ATProto applications. Individual apps can choose not to surface DID linkages, to simply not show that the person posting memes is the same person publishing policy analysis. This is already technically possible. It is not a norm. The default in most implementations is toward legibility, because legibility is what most builders are optimizing for. Changing this requires app level choices to be made deliberately, and probably a shared design vocabulary for what "context separation" even means in an interoperable ecosystem.

The governance question is harder. Should the AT Protocol itself provide a mechanism for selective opacity? A way for users to say "yes, these accounts are both me, but do not surface that connection"? This would require a protocol-level feature that currently doesn't exist. Adding it retroactively to a protocol that is designed around public DIDs is not a simple retrofit. It would require a governance process: who decides, how it gets proposed, how the tradeoffs get weighed across a decentralized ecosystem with no single authority. Neither of these is insurmountable. But I don't see it being discussed widely.

The paradox at the center

The features that make ATProto genuinely good for users: portability, ownership and interoperability, are structurally the same features that make context collapse easier. Ownership and legibility come bundled, and there's no obvious switch to separate them.

This is not an argument against the AT Protocol. It is an argument for building the next layer with more deliberate adversarial thinking. The HTTP internet gave us context separation by accident, as a side effect of fragmentation nobody planned (also a side effect of centralization and silos). ATProto is being designed, and so that means the choice about how much of yourself should be findable, and by whom, and across which contexts, is one that can actually be made, rather than inherited from architecture that wasn't thinking about it.

The jigsaw can be put together now. The question is whether users should get to decide which pieces are visible, and from which angle.

A bit of hermeneutics

I'm not a trained philosopher (yet?), but I'm writing a chapter for a book about it with a friend. It is an interesting exercise because I get to reflect on the impacts on human social abilities to interpret each other when mediated by protocols, and how protocol design might affect how we behave towards one another.

Paul Ricoeur makes a distinction between two modes of identity. The first he calls idem: a permanent, stable, verifiable sameness across time. The second is ipse: the self as interpreted, narrated, contextual, or the self that shifts depending on who is asking and in what situation. These are not contradictions. They are two layers of the same person.

ATProto optimizes for idem. It gives you a stable, portable, verifiable identifier that travels with you across services. This is technically elegant and solves real problems. But people actually live as ipse, or narrating different aspects of themselves in different contexts, modulating how much of themselves they disclose and to whom. The protocol assumes the first, but human identity, in practice, is the second.

What's interesting is that context separation, or the ability to be a different facet of yourself in different spaces, is not a bug in human social behavior. It is a feature. People do this constantly in physical life: you are not the same self at a job interview, at a family dinner, at a protest, and at a bar with close friends. These aren't performances of inauthenticity. They are how interpretation works. Gadamer called this the horizon: the situated context from which understanding becomes possible. Different contexts produce different horizons, and meaning emerges from within them, not above them.

The friction of the HTTP internet, or its accidental fragmentation was quietly preserving something like this. Not privacy in a legal sense, but the social capacity to be read differently in different rooms. When ATProto removes that friction in the name of portability and ownership, it may also be collapsing horizons that people were relying on without knowing they had a name for it.

This is not an argument that protocols should be designed by philosophers. It is an argument that the people designing protocols should occasionally ask what they are assuming about the humans who will live inside them.