Notes on using a PDS as Content Infrastructure

at-protocol bluesky ipfs identity

A PDS isn't just for social, it's content addressing with normal web requests, identity baked in, and delivery over boring HTTPS.

I started with farfield.systems on my homelab, then moved to Cirrus, a single-user PDS on Cloudflare Workers. The new domain (pds.iammatthias.com) matched my profile handle, and Workers meant I could stop thinking about uptime. I’ve been hosting HTML on atproto and serving plain text without any HTML, poking at what a PDS can do beyond social.

The IPFS comparison keeps coming up. Both use content addressing. But a PDS is just HTTPS. You fetch everything with normal web requests. Records are signed, content is CID-addressed, and the server just hosts bytes.

Identity Just Exists

Data binds to a DID from the start. Posts, profile updates, blobs, all signed together. There’s no separate question of who owns a CID or what key controls a namespace because the answer is already baked in.

Social content pipes onto my /now page now. Signed by my DID, served from infrastructure I control.

Delivery Is Boring

Everything serves over HTTPS behind a CDN. No gateways to find, no guessing which endpoint is rate-limited today. It works everywhere the web works, which sounds obvious until you’ve spent time with systems that are technically elegant but operationally fragile.

The CSP Is the Tell

Bluesky’s CSP blocks JavaScript. You can host HTML and CSS, but executable behavior stays out. I’ve uploaded full pages and stripped things down to plain text just to see what would happen.

Once you allow JS, a CID stops describing what a user actually sees. Same bytes, different behavior depending on context. Markup-only means the CID matches the experience. Rendering stays predictable and caching stays honest.

Blob Limits Aren’t a Bug

Blob storage is constrained: size limits, rate limits, scoped to repos. A PDS optimizes for user state and social data. Unrestricted blobs would invite abuse, drive up costs, create legal exposure. The constraint keeps it usable.

Moving Infrastructure

When I moved from farfield to Cirrus, the migration itself proved how portable this setup actually is. New PDS means new signing key, so your PLC document updates. The AppView caches DID documents for up to 24 hours, which creates a window where your JWTs are cryptographically valid but get verified against stale data. Cirrus has /admin/emit-identity to fire an event on the firehose, the relay forwards it, the AppView refreshes, and everything syncs up. I moved my signing infrastructure and the network caught up.

That’s the interesting part. HTTPS for delivery, CIDs for integrity, signatures for authorship, a strict CSP for determinism. No new browsers, no special gateways. Content you can fetch, verify, and move.