Key Points
- Bluesky relies on custom domains for verification, leading to issues with accessibility and impersonation.
- Nearly half of Bluesky’s top accounts have impersonators, exposing platform vulnerabilities.
- Domain-based verification requires DNS adjustments, complicating the process for users without technical expertise.
- The platform has increased moderation efforts and plans to introduce visual verification tools.
Bluesky, the burgeoning social media platform, is experiencing rapid growth but grappling with significant verification challenges. As new users flood the platform, impersonators and scammers have taken advantage of Bluesky’s unconventional approach to verification, which relies on custom domain names rather than traditional checkmarks or badges.
A study by Alexios Mantzarlis, director of the Security Trust and Safety Initiative at Cornell Tech, revealed that 44% of the 100 most-followed accounts on Bluesky have at least one impersonator. These doppelgänger accounts often mimic original profiles down to bios and profile pictures, highlighting Bluesky’s vulnerabilities.
Instead of proactively verifying accounts, Bluesky encourages users to adopt custom domain handles to “self-verify.” For example, organizations like The New York Times and Bloomberg use their official domains as handles. While this system ensures only domain owners can access the verification, it’s a labor-intensive process involving technical DNS adjustments, making it inaccessible for many users. Further complicating matters, old handles become available for others to claim once a new custom domain is adopted, increasing the risk of impersonation.
Some users have devised creative workarounds to address the issue. Investigative journalist Hunter Walker has manually verified over 330 high-profile accounts, including politicians, celebrities, and journalists. Walker often uses official email communications or representatives to confirm identities, even creating a system that adds emojis to verified accounts for better visibility. However, Walker acknowledges the limitations of his efforts, urging communities and Bluesky to develop broader verification systems.
Impersonation issues are exacerbated by the lack of visible verification markers, such as badges, and scammers’ potential misuse of lookalike domains. Vice President Kamala Harris, for instance, reportedly had 20 impersonator accounts despite not having an official presence on Bluesky.
Bluesky has acknowledged the challenges and pledged to improve its moderation and verification processes. Emily Liu, a spokesperson for Bluesky, stated that the company has quadrupled its moderation team and is exploring visual verification signals for a better user experience. CEO Jay Graber hinted at the possibility of introducing a system with multiple verification providers in the future.
Despite these challenges, Bluesky’s open-source nature presents opportunities for users and organizations to shape the platform’s trust and identity systems collaboratively. As Walker emphasized, this transitional phase is critical for addressing identity and trust concerns about Bluesky.
