While I agree that there’s every reason to be cautious about Bluesky’s centralized approach, I think it’s worth noting that private-key identities solve two distinct problems:
- Instance-independent identity with credible exit
- Self-sovereign identity with no 3rd party authority
Personally I don’t actually want to be 100% responsible for the safeguarding of my private identity key, for the same reason I use a bank instead of storing my money in a safe at home.
I want to fully own my identity, but I don’t need exclusive custodianship over it. I have a much more urgent need for (1) than (2), so I’m okay with solving the former first as long as there’s a clear path from there to the latter.
Bluesky’s approach is in principle fine with me, provided their promise of credible exit can be substantiated. However I might only be willing to trust such a third party if it was Mozilla or some other similarly established open-web institution.