Bluesky — Policy Change
Executive Summary
Bluesky launched 'Find Friends,' a privacy-focused contact discovery feature requiring mutual opt-in from both parties. Contacts are stored as hashed pairs (user number combined with contact number) with a hardware-separated encryption key, and phone number verification via SMS is required to prevent enumeration attacks. Unlike industry norms, Bluesky sends no automated invites to non-users.
What Happened
On December 16, 2025, Bluesky launched Find Friends, a contact discovery feature that matches users with people in their phone's address book only when both parties have opted in and have each other's numbers. Users must verify their phone number via SMS before uploading contacts, and Bluesky stores the data as hashed pairs combining the user's number with each contact's number, encrypted with a hardware security key stored separately from the database. Unlike typical social media contact features, Bluesky does not send automated invites to non-users, though users can manually send personal invitations.
Who Is Affected
The feature is initially available only to mobile app users in thirteen countries: Australia, Brazil, Canada, France, Germany, Italy, Japan, the Netherlands, South Korea, Spain, Sweden, the United Kingdom, and the United States. Early adopters may experience delays in seeing matches until more users opt into the feature. Users who choose not to participate will not be discoverable through Find Friends, even if others upload their contact information.
Why It Matters
This represents a departure from industry practices where contact discovery features have been used for lead generation through automated invitations and have been vulnerable to data leaks, brute-force attacks, and misuse by spammers. Bluesky's approach requires mutual opt-in from both parties and implements technical safeguards including mandatory phone verification before upload to prevent enumeration attacks. The decision to forgo automated invitations prioritizes user privacy over viral growth tactics that have historically been effective for social platform expansion.
What You Should Do
If you want to use Find Friends, verify your phone number and upload your contacts through the mobile app in a supported country. If you prefer not to be discoverable by people in your contacts, simply do not opt into the feature. If you later change your mind after uploading contacts, you can delete your uploaded contact data and opt out entirely through the app settings.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.