Bluesky Launches Privacy-Focused 'Find Friends' Feature

Bluesky, the burgeoning social network positioning itself as an alternative to X and Threads, has rolled out a new "Find Friends" feature designed with a strong emphasis on user privacy. Announced on Wednesday, this new contact matching system allows users to connect with friends from their phone's address book through an opt-in process, explicitly avoiding the widespread issue of unsolicited invite spam seen on many other platforms.

Addressing Past Abuses of Contact Import

The company highlighted past abuses of contact import features across social apps, which often prioritized growth over user privacy. "Contact import has always been the most effective way to find people you know on a social app, but it’s also been poorly implemented or abused by platforms," Bluesky stated in its official announcement. They noted that even with encryption, phone numbers have been vulnerable to leaks, brute-force attacks, sales to spammers, or misuse by platforms for "dubious purposes." This history led Bluesky to develop a "fundamentally more secure approach that protects your data."

In the past, social apps frequently used contact matching as a lead generation tool. If an app found friends not yet on its service, it would recommend "adding" them, often sending an unsolicited invite via text. This method, while sometimes effective for viral growth, often resulted in unwelcome app spam for recipients and did not guarantee long-term user retention.

Bluesky's Privacy-First Solution

Bluesky promises a different experience by explicitly stating it will not send automated invites to your contacts, even if you choose to upload your address book. Instead, users are empowered to send direct, manual invitations to friends, ensuring any outreach is a deliberate action from a known contact. While users cannot opt out of receiving these personal invitations, the control remains firmly with the sender.

Enhanced Security and Data Handling

To further safeguard user data and prevent malicious activity, Bluesky requires phone number verification via a six-digit SMS code before contacts can be uploaded. This measure aims to deter "bad actors" from uploading random numbers to gather information about Bluesky users.

The company stores uploaded contact information in hashed pairs, combining your number with each contact's number to make reverse engineering more difficult. Additionally, the data's encryption is linked to a hardware key stored separately from the main Bluesky database. Users also retain the ability to delete their uploaded contacts and opt out of the feature at any time. Bluesky demonstrated its commitment to transparency by making the technical details of this approach available to the security community as an RFC (Request for Comments) prior to launch, soliciting feedback.

Availability and User Control

The "Find Friends" feature is currently rolling out to Bluesky users in Australia, Brazil, Canada, France, Germany, Italy, Japan, the Netherlands, South Korea, Spain, Sweden, the U.K., and the United States. Early adopters should note that initial contact matching may take some time, with more connections appearing as more users opt into the feature. Crucially, matches will only occur if both individuals have each other in their respective address books and have enabled the feature. Users who prefer not to be found by real-life acquaintances can simply choose not to utilize the feature.