The only question I have after a shallow read of the #ATProtocol (the "specs" behind #Bluesky) is: why?

Why an entirely different protocol? Why not just an extension on top of #ActivityPub?

They wanted a bit more centralized control on top of a decentralized network - not a bunch of geeks running their own servers in the bedroom, but a "marketplace of companies", whatever that means, in charge of distribution and moderation? Fair enough, they are businesses that needs to make money after all.

But then why didn't they go for an extension that simply supports self-certifying data (signed using whatever centralized chain of certificates they want) on top of ActivityPub? The Fediverse and Twitter (or whatever they are going to call whatever they're trying to build now) could have immediately tapped into one another. They could have simply shown posts not certified by their chain as "unauthenticated", and we would have had almost 100% compatibility from day one.

Why a whole new protocol? Why build a new ActivityPub that does the same things as ActivityPub, but just with a layer of self-certification on top? Why call things differently and break compatibility, instead of extending the open standards?

It takes time and resources to build a new protocol, validate it, get developers to adopt it and build stuff on top of it, and add yet more layers of bridges and mappers to/from what exists already. And yes, I know that the alternative approach that I am promoting is exactly that "embrace+extend" that we all know how it ends up. And I'm also aware that are valid arguments to keep the streams separate. But I'm not sure if the best alternative is to let the rest of the world build their own brand of our open protocols (R&D these two balls: these guys are simply repackaging a decade of work on open standards and they are trying to profit from it), while we either keep digging our niches or play a catch-up game with bridges and mappers to the outside world.

https://atproto.com/docs