Judges can deputize if necessary
Natanael
https://github.com/bluesky-social/atproto/tree/main/packages/bsky
The old design was built to scale to a few million users. The new backend is revised to handle ~hundreds of millions. They'll releasing bits and pieces at a time.
https://bsky.app/profile/jay.bsky.team/post/3krxdfy6koc22
He never had ownership. Not all investments provide ownership.
3rd party moderation tools already exists, using the same API as the official moderation system, available to subscribe to even directly in the official app. If you don't want bluesky's moderation decisions enforced, you can run a different client which don't apply the bluesky labels (or if the bluesky appview blocks something entirely, you can circumvent that and retrieve it directly from that user's PDS)
is specifically not clarified to leave open the possibility for monetization such as forcing as on users
What
The network is specifically designed around portability and content addressing so they can't lock you in
it would never be a useful alternative to the Official Bubble maintained by the Bluesky corporation that you must submit to or be left out in the cold interacting with users only on alternate, small personal networks.
There are already plenty of people running their own self hosted PDS servers to host their account, talking to the rest of the bluesky users, using 3rd party moderation filters and 3rd party clients, with 3rd party feed generators to view stuff like topic specific feeds
Also there's bridgy so you can talk across Mastodon / bluesky by letting bridgy mirror posts and replies between the two networks
If you've already noticed incoming traffic is weird, you try to look for what distinguishes the sources you don't want. You write rules looking at the behaviors like user agent, order of requests, IP ranges, etc, and put it in your web server and tells it to check if the incoming request matches the rules as a session starts.
Unless you're a high value target for them, they won't put endless resources into making their systems mimic regular clients. They might keep changing IP ranges, but that usually happens ~weekly and you can just check the logs and ban new ranges within minutes. Changing client behavior to blend in is harder at scale - bots simply won't look for the same things as humans in the same ways, they're too consistent, even when they try to be random they're too consistently random.
When enough rules match, you throw in either a redirect or an internal URL rewrite rule for that session to point them to something different.
Apple had it report suspected matches, rather than warning locally
It got canceled because the fuzzy hashing algorithms turned out to be so insecure it's unfixable (easy to plant false positives)