Bluesky, a social network competing with platforms like X and Threads, has announced a new friend-finding feature designed with user privacy as a priority. The feature, introduced on Wednesday, helps you connect with friends by matching saved contacts from your phone’s address book. However, this only works if both you and your friend have opted into the service.
The company explained that while importing contacts has traditionally been the most effective way to find people on social apps, it has often been poorly implemented or abused. Even with encryption, phone numbers have been leaked, sold to spammers, or used for dubious purposes. Bluesky states it developed a more secure approach to protect user data.
Historically, many social apps used contact matching as a lead generation tool. If the app discovered you had friends not on the service, it would automatically send them invitation texts. This often resulted in unwanted app spam for the recipients.
While this method has proven effective at helping apps go viral by prompting curious users to download them, it does not guarantee long-term user retention. It can, however, help a social app become an attractive acquisition target when the market is open to mergers and acquisitions.
Bluesky emphasizes it will not send automated invites to your contacts, even if you upload your address book. Instead, users must manually and deliberately send an invite to a friend. Because these are personal messages from a friend, you cannot opt out of receiving them.
To use the Find Friends feature, you must first verify your phone number via a six-digit SMS code before uploading your contacts. This step prevents bad actors from uploading random numbers to fish for information about Bluesky users.
The company notes that contact matching may take some time for early adopters. More people will appear in the feature as more Bluesky users upload their own contacts. A match only occurs if you and a friend have each other in your respective address books. If you prefer not to be found by people from your work or real life, you can simply choose not to use the feature.
For security, Bluesky stores uploaded contact information in hashed pairs, where your number is combined with each contact’s number. This makes the data harder to reverse engineer. The encryption is also tied to a hardware key stored separately from the Bluesky database. Users can later delete their uploaded contacts and opt out. Technical details were shared with the security community as an RFC to solicit feedback ahead of the launch.
The feature is now rolling out to Bluesky users in Australia, Brazil, Canada, France, Germany, Italy, Japan, the Netherlands, South Korea, Spain, Sweden, the U.K., and the United States.