Bluesky’s New ‘Find Friends’ Protects Privacy, No Spam
▼ Summary
– Bluesky is launching a privacy-focused “Find Friends” feature that matches users only if both parties have opted in and have each other’s numbers in their address books.
– The company criticizes past industry practices where contact data was leaked, sold, or used for spam, and claims its new approach is fundamentally more secure.
– Unlike many social apps, Bluesky will not send automated invites to contacts; users must manually and deliberately send an invitation to a friend.
– To use the feature, users verify their phone number via SMS, and uploaded contact data is stored in encrypted, hashed pairs with a separate hardware key to protect it.
– The feature is currently rolling out to users in over a dozen countries, including the U.S., U.K., Japan, and several European nations.
Finding people you know on a new social platform can be a challenge, but Bluesky’s latest feature aims to solve this while putting user privacy first. The emerging network, which positions itself as an alternative to platforms like X and Threads, has launched a new “Find Friends” tool. This system connects you with friends from your phone’s address book, but only under a strict condition: both parties must have explicitly opted in and uploaded their own contacts. This dual-consent model is central to Bluesky’s promise of a more secure and respectful approach compared to past industry practices.
Many social apps have historically used contact matching as a growth engine, often with significant privacy trade-offs. Even with encryption, phone numbers have been vulnerable to leaks, brute-force attacks, or sale to data brokers. Perhaps more frustrating for users, these apps frequently sent automated text message invites to anyone in your contacts who wasn’t already a member, a tactic widely seen as spam. While effective for driving initial downloads, this method often alienates potential users and doesn’t guarantee long-term engagement.
Bluesky is taking a different path. The company states it will never send automated invites to your contacts. If you want to invite someone, you must send a personal, manual invitation. To use the feature, you first verify your own phone number via a six-digit SMS code. This step prevents bad actors from uploading random numbers to probe for user information. After verification, you can choose to upload your address book.
The matching process itself is designed with privacy in mind. Bluesky stores uploaded contact information in hashed pairs, combining your number with each contact’s number. This cryptographic technique makes it extremely difficult to reverse-engineer the original data. Furthermore, the encryption key is stored separately from the main Bluesky database. Users retain control; they can delete their uploaded contacts and opt out at any time. The technical specifications for this system were shared with the security community as an RFC prior to launch to gather feedback.
It’s important to understand how connections are made. You will only see someone as a suggested friend if you have their number in your address book and they have your number in theirs, with both of you having uploaded your contacts. This means matches may appear gradually as more people in your network adopt the feature. For those who prefer to keep their social media presence separate from their professional or offline circles, the simple solution is to not use the feature at all.
The Find Friends feature is currently available to users in several countries, including Australia, Brazil, Canada, France, Germany, Italy, Japan, the Netherlands, South Korea, Spain, Sweden, the U.K., and the United States.
(Source: TechCrunch)
