Bluesky, the social network that competes with X and Threads, is introducing a friend-finding feature that they claim respects user privacy, the company announced on Wednesday. To work, the app matches you with friends from your saved contacts in your phone’s address book — but only if both people have opted in.
“Contact import has always been the most effective way to find people you know on a social app, but it’s also been poorly implemented or abused by platforms,” the company explained in its announcement. “Even with encryption, phone numbers have been leaked or brute-forced, sold to spammers, or used by platforms for dubious purposes. We weren’t willing to accept that risk, so we developed a fundamentally more secure approach that protects your data.”
In addition, social apps in the past often used contact matching as a lead generation tool. That is, if the app found you had friends who were not on its service, it would recommend you “add” them. This would then send the friend an invite via text. Typically, those on the receiving end would not appreciate this app spam, though.
Unfortunately, the method has long been effective, and it helped apps go viral, as at least some of the invited users would download and try the app out of curiosity. But despite the initial buzz this method can create, it’s not a guaranteed way to lock in users for the long term. (Though it may help a social app find an exit, when the market is open to M&A!)
Bluesky states that it won’t send automated invites to your contacts, even if you choose to upload your address book to its service.
Instead, it allows users to send an invite to a friend directly — but this is a deliberate, manual action a user must take. (Because these are personal messages from a friend, you can’t opt out of receiving invites, however.)
To use the Find Friends feature, you’ll first verify your phone number by entering the six-digit code sent to you via SMS before uploading your contacts. This prevents bad actors from uploading random numbers in order to fish for information about Bluesky users, the company notes.
Early adopters should note that contact matching may take some time, but more people will begin showing up in this screen as more Bluesky users upload their own contacts to be matched. You’ll only be matched with friends if both you and your friend have each other in your respective address books.
If you’d rather not be found by those you know from work or your real life, you can simply choose not to use the feature.
Bluesky says it stores uploaded contact information in hashed pairs, where your number is combined with each contact’s number. This makes the data harder to reverse engineer, the company claims. The data’s encryption is tied to a hardware key that’s stored separately from the Bluesky database, as well. If you later want to remove your data from Bluesky, you can delete your uploaded contacts and opt out. Details on the technology were already made available to the security community as an RFC, in order to solicit feedback ahead of the launch.
... continue reading