Many social media apps encourage you to give them access to your contacts. If you do so, they will let you know which of your contacts are on the platform so that you can send them a friend request.
This can be problematic because you may not wish to share your online presence with everybody in your contacts, and because you are effectively sharing the personal data of other people without their consent. Bluesky says its own “privacy-first” approach is different …
When you install a social media app and it requests permission to access your contacts, the implications of that wouldn’t necessarily be apparent to everybody. Essentially, you are handing over the personal data of your entire contacts database, regardless of whether individuals within it would be happy for you to do so.
Apple improved things last year with the option of providing selective access to contacts instead of the all-or-nothing option that existed previously. However, the consent issue still exists.
Bluesky says it has adopted a privacy-first approach to this.
Contact import has always been the most effective way to find people you know on a social app, but it’s also been poorly implemented or abused by platforms. Even with encryption, phone numbers have been leaked or brute-forced, sold to spammers, or used by platforms for dubious purposes. We weren’t willing to accept that risk, so we developed a fundamentally more secure approach that protects your data. If you choose to use Find Friends, you’ll verify your phone number and upload your contacts. When someone in your contact book goes through the same process and Bluesky finds a match, we’ll let both of you know. This can happen immediately, or later via notification if the match happens down the road.
Specifically, there are four elements:
It only works if both people participate. You’ll only be matched with someone if you both have each other in your contacts and you’ve both opted into Find Friends. If you never use this feature, you’ll never be findable through it. Your coworker can’t use it to look you up unless you’ve uploaded their number from your contacts.
You’ll only be matched with someone if you both have each other in your contacts and you’ve both opted into Find Friends. If you never use this feature, you’ll never be findable through it. Your coworker can’t use it to look you up unless you’ve uploaded their number from your contacts. You verify your number first. Before any matching happens, you prove that you own your phone number. This prevents bad actors from uploading random numbers to fish for information about who’s on Bluesky.
Before any matching happens, you prove that you own your phone number. This prevents bad actors from uploading random numbers to fish for information about who’s on Bluesky. Your contact data is protected even if something goes wrong. Phone numbers are stored as hashed pairs — your number combined with each contact’s number — which makes the data exponentially harder to reverse-engineer. That encryption is also tied to a hardware security key stored separately from the contacts database.
... continue reading