Bluesky, a rising social platform aiming to compete with X (formerly Twitter) and Threads, has launched a new “Find Friends” feature focused on user privacy. Unlike many other social networks, Bluesky is taking a deliberate approach to avoid the common pitfalls of contact-based friend suggestions, such as unsolicited spam invites and data breaches.
Avoiding the Spam Trap
Historically, social apps have leveraged contact matching for rapid growth, often by sending automated invites to users’ friends who aren’t yet on the platform. This tactic, while effective for initial viral boosts, frequently results in unwanted spam and can damage user trust. Bluesky specifically avoids this method, recognizing that aggressive invite tactics are not a sustainable strategy for long-term engagement.
The company explicitly states it will not send automated invites, even if a user uploads their address book. Instead, friend connections require a manual, deliberate action by the user sending the invite. While recipients cannot opt out of receiving personal invites from friends, this approach still sharply contrasts with the intrusive methods employed elsewhere.
Enhanced Security Measures
Bluesky emphasizes that security is paramount. Contact data is stored in hashed pairs, making it significantly harder to reverse engineer. The encryption key is physically separated from the main database, adding another layer of protection against unauthorized access.
To prevent abuse, users must verify their phone number via SMS before uploading contacts, stopping malicious actors from attempting to harvest user data. This verification process ensures that only legitimate users can leverage the feature.
Gradual Rollout and Future Accessibility
The “Find Friends” feature is currently available in several major markets: Australia, Brazil, Canada, France, Germany, Italy, Japan, the Netherlands, South Korea, Spain, Sweden, the U.K., and the United States. Bluesky notes that contact matching may not be immediate as the network requires critical mass to work effectively; more users must upload their contacts for wider matching to occur.
Users who prefer not to be found by contacts can simply avoid using the feature altogether. The company has also proactively shared technical details via an RFC (Request for Comments) to solicit feedback from the security community before a broader rollout.
Bluesky’s decision to prioritize privacy and user control in this feature sets a clear example for the industry, signaling that growth does not need to come at the cost of user data or unwanted spam. The long-term success of this model remains to be seen, but it demonstrates a conscious effort to build a more respectful social experience.
