Hey HN! I went to an ATProto meetup last week, and as a burnt-out semi-academic who hates academic publishing, I thought there might be a cool opportunity to build on Octopus (https://www.octopus.ac/), so I got a bit excited over the weekend and built Octosphere.
Hopefully some of you find it interesting! Blog post here: https://andreasthinks.me/posts/octosphere/octosphere.html
If not, same handle over there, I can get you in touch with them. Or hit up Boris, he knows everyone and is happy to make connections
There's also a full day at the upcoming conference on ATProto & scientific related things. I think they com on discourse more (?)
https://discourse.atprotocol.community/t/about-the-atproto-s...
That'll get us connected off HN
I think Cosmik is the group I was thinking of that has also put out some initial poc like yourself
Something like rotten tomatoes could be useful. Have a list of "verified" users (critic score) in a separate voting column as anon users (audience score).
This will often serve useful in highly controversial situations to parse common narratives.
You need content addressing and cryptographic signatures for that.
Theirs? (Personally, I think not.)
So thank you for bringing it up, it showcases well that a distributed system is not automatically a good distributed system, and why you want encryption, cryptographic fingerprints and cryptographic provenance tracking.
Three~five experts specifically asked to review a paper in a controlled environment versus a thousands random scientists or public people (which might be motivated by financial, malicious or other reasons) is probably still the better option. Larger, technically impressive multi-disciplinary papers with 20+ authors are basically impossible to review as individuals, you would like a few experts on the main methods to review it together in harmony with oversight from an reputable vendor/publisher. Such papers are also increasingly common in any biotech/hard-tech field.
I don't think that's a fair characterization. Most AP implementations famously don't have privacy features: it was by design (and therefore no surprise to us tech folks), but i remember it was quite the scandal when users found out Mastodon instance admins could read users' private messages. A later "scandal" involved participation in the EUNOMIA research project about "provenance tracking" in federated networks [1], which to be fair to conspiracy theorists does sound like an academic front for NSA-style firehose R&D.
That being said, Bluesky is much harder to selfhost and is therefore not decentralized in practice. [2] See also Blacksky development notes. However, Bluesky does bring a very interesting piece to the puzzle which AP carefully ignored despite years of research in AP-adjacent protocols (such as Hubzilla): account portability.
All in all, i'm still siding on the ActivityPub ecosystem because i think it's much more ethical and friendly in all regards, and i'm really sad so many so-called journalists, researchers and leftists jumped ship to Bluesky just because the attraction of "Twitter reborn" (with the same startup nation vibes) was too strong. At least in my circles, i did not meet a single person who mentioned the choice of Bluesky was about UX or features.
But now, i'm slowly warming up to the ATmosphere having a vibrant development community. Much more so than AP. And to be fair to ATProto, it is worse than AP from a centralization standpoint, but at least it's not as bad and complex as the matrix protocol which brought 0 value over AP/XMPP but made implementations 100x more complex and resource-intensive.
To me something git-like with a peer review UI (a la pull requests) seems far more natural for distributed academic publications than a social media protocol though.
ActivityPub, based on my understanding, really doesn't work like that - while you an oauth with your mastodon account, the expectation is you'll be handling identity and back-end bits, and then sharing events across the network (happy to be corrected).
Part of what kicked this off is seeing ATProto's new devrel person at a meetup and finding their vision pretty compelling.
But yes, ActivityPub is more "robust" and decentralised (hence also jankier)
Email “works” in the same sense that fax machines worked for decades: it’s everywhere, it’s hard to dislodge, and everyone has already built workflows around it.
There is no intrinsic content identity, no native provenance, no cryptographic binding between “this message” and “this author”. All of that has to be bolted on - inconsistently, optionally, and usually not at all.
And even ignoring the cryptography angle: email predates “content as a first-class addressable object”. Attachments are in-band, so the sender pushes bytes and the receiver (plus intermediaries) must accept/store/scan/forward them up front. That’s why providers enforce tight size limits and aggressive filtering: the receiver is defending itself against other people’s pushes.
For any kind of information dissemination like email or scientific publishing you want the opposite shape: push lightweight metadata (who/what/when/signature + content hashes), and let clients pull heavy blobs (datasets, binaries, notebooks) from storage the publishing author is willing to pay for and serve. Content addressing gives integrity + dedup for free. Paying ~1$ per DOI for what is essentially a UUID, is ridiculous by comparison.
That decoupling (metadata vs blobs) is the missing primitive in email-era designs.
All of that makes email a bad template for a substrate of verifiable, long-lived, referenceable knowledge. Let's not forget that the context of this thread isn’t “is decentralized routing possible?”, it’s “decentralized scientific publishing” - which is not about decentralized routing, but decentralized truth.
Email absolutely is decentralized, but decentralization by itself isn’t enough. Scientific publishing needs decentralized verification.
What makes systems like content-addressed storage (e.g., IPFS/IPLD) powerful isn’t just that they don’t rely on a central server - it’s that you can uniquely and unambiguously reference the exact content you care about with cryptographic guarantees. That means:
- You can validate that what you fetched is exactly what was published or referenced, with no ambiguity or need to trust a third party.
- You can build layered protocols on top (e.g., versioning, merkle trees, audit logs) where history and provenance are verifiable.
- You don’t have to rely on opaque identifiers that can be reissued, duplicated, or reinterpreted by intermediaries.
For systems that don’t rely on cryptographic primitives, like email or the current infrastructure using DOIs and ORCIDs as identifiers:
- There is no strong content identity - messages can be altered in transit.
- There is no native provenance - you can’t universally prove who authored something without added layers.
- There’s no simple way to compose these into a tamper-evident graph of scientific artifacts with rigorous references.
A truly decentralized scholarly publishing stack needs content identity and provenance. DOIs and ORCIDs help with discovery and indexing, but they are institutional namespaces, not cryptographically bound representations of content. Without content addressing and signatures, you’re mostly just trading one central authority for another.
It’s also worth being explicit about what “institutional namespace” means in practice here.
A DOI does not identify content. It identifies a record in a registry (ultimately operated under the DOI Foundation via registration agencies). The mapping from a DOI to a URL and ultimately to the actual bytes is mutable, policy-driven, and revocable. If the publisher disappears, changes access rules, or updates what they consider the “version of record”, the DOI doesn’t tell you what an author originally published or referenced - it tells you what the institution currently points to.
ORCID works similarly: a centrally governed identifier system with a single root of authority. Accounts can be merged, corrected, suspended, or modified according to organisational policy. There is no cryptographic binding between an ORCID, a specific work, and the exact bytes of that work that an independent third party can verify without trusting the ORCID registry.
None of this is malicious - these systems were designed for coordination and attribution, not for cryptographic verifiability. But it does mean they are gatekeepers in the precise sense that matters for decentralization:
Even if lookup/resolution is distributed, the authority to decide what an identifier refers to, whether it remains valid, and how conflicts are resolved is concentrated in a small number of organizations. If those organizations change policy, disappear, or disagree with you, the identifier loses its meaning - regardless of how many mirrors or resolvers exist.
If the system you build can’t answer “Is this byte-for-byte the thing the author actually referenced or published?” without trusting a gatekeeper, then it’s centralized in every meaningful sense that matters to reproducibility and verifiability.
Decentralised lookup without decentralised authority is just centralisation with better caching.
I think ML (and really all other fields) are the same. Skimming a paper never really leaves you certain of how rigorous it is.
I agree that a naive "just add voting" "review" mechanism would not suffice to replace journals. However there's no requirement that the review algorithm be so naive. Looked at differently, what is a journal except for a complicated algorithm for performing reviews?
> I am afraid the need for these publishers will still be there and they will just exist regardless, and it will still be preferred by academics.
Agreed. I doubt publishers are going away any time soon (if ever) regardless of how technically excellent any proposed replacement might be. I still think it's worthwhile to pursue alternatives though.
ATProtocol made a decision, based on the other protocols, to put more emphasis on user experience. If you want to build a new social media fabric for everyone, they have to want to use it. AP / Nostr have UX that will never appeal to the masses.
I build in the ATmosphere because I want to effect change. AP was hostile, Nostr is for crypto bros. The @dev community is one of the strongest pieces and attractors
One way I like to think about how the protocol is different is that they made a giant event system for the public content and then let anyone plug in anywhere they want
Peer review goes beyond the formal process, in the court of IRL. Social media is one place people talk about new research, share their evaluations and insights, and good work gets used and cited more.
Arxiv has been invaluable in starting to change the process, but we need more.
Another issue when going to a decentralized tool is that I think it should apply some sort of gate-keeping to only allow academics or verified scientists to contribute reviews, but then you also need a way to prevent bias/friend/self-citation network interactions between the academic reviewers, which means you would need to keep good track of them? Not sure how to handle that.