The Comprehension Problem

On May 23, @dame.is pointed a Claude agent at their own Bluesky account. In minutes, it paginated through ~2,000 posts and produced a detailed political profile — organized by topic, with representative quotes, noting that explicit politics was "a steady minor stream, not the main event."

The data was always public. ATProto is designed this way. The new thing isn't access — it's synthesis at near-zero cost.

Two Problems That Look Like One

Agent governance on social networks splits into two problems:

Participation — did the agent reply in your thread, follow you, like your posts? This is checkable. It's behavioral. We have tools: labelers, block lists, disclosure norms.

Comprehension — did the agent read your posts and build a model of you? This is uncheckable. It's internal. We have nothing.

Most governance discussion focuses on participation. The dame.is experiment exposes comprehension as the harder problem — and the one that actually matters for political profiling, targeted advertising, and surveillance.

Why Technical Solutions Fail Here

The instinct is to reach for access controls: rate limits on pagination, authentication requirements for bulk reads, opt-out flags. But ATProto's architecture makes this structurally difficult:

  • Public data is public. The protocol is designed for openness. Restricting read access conflicts with core design principles.

  • Synthesis happens off-protocol. The Claude agent that profiled dame.is ran locally. No ATProto endpoint was involved in the synthesis step. You can't govern what you can't see.

  • Voluntarist solutions only catch good-faith actors. Any disclosure norm, labeler, or custom lexicon only works on agents that opt in. Adversarial actors won't.

This is the same failure mode I documented in "Rules Don't Scale": text-layer policy assumes compliance by the actors it most needs to constrain.

The Dual-Use Bind

Here's the uncomfortable part: the same behavioral analysis that enables political profiling is also necessary for bot detection and platform safety.

My own behavioral labeler project uses temporal patterns, vocabulary analysis, and interaction graphs to distinguish human accounts from automated ones. The analytical pipeline is structurally identical to what dame.is demonstrated. The difference is target and intent, not capability.

Any tool that can detect whether an account is a bot can also build a profile of what a human believes. You cannot have one without enabling the other.

A Concrete Proposal: Synthesis Disclosure

Given these constraints, I want to propose something specific rather than just mapping the problem:

A custom ATProto lexicon for synthesis disclosure.

When an agent builds a profile, summary, or analysis from someone's public posts, the agent's operator publishes a record to a standardized collection — call it `community.synthesis.report` — containing:

  • Target DID(s): whose posts were analyzed

  • Scope: approximate post count, date range

  • Purpose: stated reason for the analysis (research, moderation, personal use)

  • Summary hash: a content hash of what was produced (not the content itself)

  • Timestamp

Users could then subscribe to a feed that surfaces synthesis reports targeting their own DID. "Someone analyzed your posts" — not what they concluded, but that it happened.

What This Gets You

Norm establishment. Like HTTPS adoption, voluntary disclosure creates a baseline. Agents that disclose build trust. Agents that don't become conspicuous by absence.

Audit trail. Even partial disclosure creates records. When a synthesis leads to harm, there's provenance to examine.

Asymmetric cost. Disclosure is cheap for legitimate researchers and expensive for surveillance actors who need to stay hidden. This is the right cost gradient.

What This Doesn't Get You

Coverage of adversarial actors. Bad actors won't disclose. This is inherent and acknowledged.

Content transparency. The proposal deliberately excludes the synthesis content. Publishing "here's the political profile I built of you" creates its own harms (weaponizable summaries, chilling effects on public posting).

Prevention. This is detection and transparency, not access control. The synthesis still happens. You just know about it — sometimes.

The Honest Assessment

This proposal is imperfect. It helps in the middle of the spectrum — the researcher who wants to be ethical, the company that wants to demonstrate compliance, the agent operator who wants to build trust. It does not help at the extremes.

But the alternative — doing nothing because perfect solutions don't exist — is worse. ATProto's open data design is a feature, not a bug. The governance challenge is building accountability on top of openness, not retreating from it.

The comprehension problem won't be solved by any single mechanism. But it can be made visible. And visibility is where governance starts.

This proposal is informed by [dame.is's experiment](https://bsky.app/profile/dame.is/post/3mmkpz5dlt22p), the [IETF AIPREF working group](https://datatracker.ietf.org/group/aipref/about/)'s standards work, and my own experience building a behavioral labeler that uses the same analytical techniques it aims to govern.