The fact that the AT Protocol relies on everyone having a domain name, which is a centralized system over which few people have control, and about whose workings most people have no clue about, is problematic. Also impractical, once we consider that - as far as I can understand - 8 billion people should have their own domain name.
What's impractical about everyone having a domain name? It surely isn't due to lack of domain names, because foo.bar.baz.bim.bim.bap.com is a valid domain name.
It is true that full data sovereignty isn't something most people are interested in, but this is more about a cooperative model for data ownership and access. Having your data identifier be JackDaniels@yahoo.com isn't particularly different from it being jackdaniels.is.technically.bourbon.com. In both cases another organization owns some of the path to your identifier and could potentially lock you out of it. In both cases, verizon is near the top of that list (.com).
As far as the domain name system being centralized, I'm not sure I agree. DNS is like a feudal system with hundreds of kings (top level domains) who all work together with one pope (ICANN), and various lords and ladies occupying positions under those kings. If ICANN goes completely bonkers the kings can get a new pope, some of them are literally sovereign because they are nation states. Just for fun, some of those states are ruled by literal kings, too. There are experiments to run a TLD by Decentralized Autonomous Organization (DAO), but I think for the most part nobody really cares because the current system happens to work pretty OK. If you have an idea for a more decentralized way to organize a namespace that doesn't involve your grandmother typing in a massive UUID or onion address, and doesn't result in someone being able to domain squat literally everything; I would love to hear about it.
Small point but
> foo.bar.baz.bim.bim.bap.com
is owned by the owner of bap.com, under the current system.
Ownership is probably the wrong word since the legal grant is term limited contract for exclusive use under terms of service. Selling subdomain usage grants (also under contract and TOS) feels quite similar.
Top level domains can change pricing, terms, or cease operation. Freenom is a great case study, as they previously operated TLDs. At the edges, a well-operated subdomain service could offer stronger ownership-like behavior than a top level domain.
> The fact that the AT Protocol relies on everyone having a domain name
Well, either that or someone else hosting their identity (see did:plc), which seems to be the part you say should exist?
Probably DNS is the most decentralized centralized system we have available today that most people can actually use, unless I'm missing some obviously better way of doing the same thing?
The thing your missing is ICANN is headquartered in the US. The US political situation is dire and I think this could be a real danger for the internet at large. We might end up with disagreeing DNS worldwide at some point. E.g. if you hold a domain and have a non-authorized viewpoint so your DNS entry gets snuffed.
But from a practical point of view a decentralised system should not rely on domain name ownership. Any computer can generate a private/public key pair, which is all you need for identify.
> Any computer can generate a private/public key pair, which is all you need for identify.
Right, but once you've generated those, then what? You need a global registry of sorts so people can lookup each others keys for example, which is why DNS kind of is the best we have available today.
I don't think there is any perfect solution here, but it's hard to come up with something that has better trade-offs than DNS. Sure, ICANN might be based in the US, but so far DNS been relatively safe to rely on, and if ends up not reliable in the future, I'm not sure social media profiles is the biggest worry at that point.
> Well, either that or someone else hosting their identity (see did:plc)
Wouldn't that turn into did:plc:facebook all over again?
If there was no way of moving away from it, probably yeah. But since you can migrate from a did:plc to did:web, I don't feel like they're very similar situations at all.
It doesn’t really rely absolutely on domain names; at the very root there’s just a DID. DNS happens to be the best we’ve got right now as a human-readable username and address in-one goes.
We can work to make DNS /ICANN et.al. more democratically operated and people-owned while at the same time devising wholly alternate paradigms like Handshake and similar: https://blog.webb.page/2025-08-21-dap-the-handshake-successo...
> 8 billion people should have their own domain name
That is something that could be feathered in gradually -- your country, region, city, neighbourhood, etc could have their own domains, and you could be anon237@milan.italy or whatever, until you find it necessary or inspiring to obtain your own domain.
There are around 10^99 different possible domain name labels (the part between the dots), so I don’t quite see the impracticality. Even going the route of Reddit’s autogenerated usernames like Eloquent-Salad9443.net would be viable.
But what is the alternative. Systems that bind identity to the phone number give even less control. Systems that use a self generated cryptographic key (like Scuttlebutt) are even less practical.
DNS is not perfect but I think the best we have for now.
> everyone having a domain name
This idea is an incremental improvement over "everyone is posting x.com"
With did:plc, you don’t have to have your own domain, if you are willing to delegate some responsibility.