Bluesky, a social network competing with platforms like X and Threads, announced a new friend-finding feature on Wednesday. The company emphasizes that this feature is designed with user privacy as a priority. The feature works by matching you with friends from your phone’s address book, but only if both parties have opted in.
The company explained that while importing contacts has historically been the most effective way to find people on social apps, it has often been poorly implemented or abused. Even with encryption, phone numbers have been leaked, sold to spammers, or used for dubious purposes. Bluesky states it developed a more secure approach to protect user data.
In the past, many social apps used contact matching as a lead-generation tool. If the app found you had friends not on the service, it would automatically send them invitation texts. This often resulted in unwanted app spam for the recipients.
Although this method has proven effective for helping apps go viral by generating initial curiosity, it is not a guaranteed strategy for retaining users long-term. Bluesky confirms it will not send automated invites to your contacts.
Instead, the platform allows users to send an invite directly to a friend, but this must be a deliberate, manual action. Because these are personal messages from a friend, users cannot opt out of receiving them.
To use the Find Friends feature, you must first verify your phone number via a six-digit SMS code. This step prevents bad actors from uploading random numbers to fish for information about Bluesky users.
Contact matching may take some time, and more people will appear as more users upload their own contacts. A match only occurs if both you and your friend have each other’s numbers in your respective address books. If you prefer not to be found by people from your real life, you can simply choose not to use the feature.
Bluesky stores uploaded contact information in hashed pairs, combining your number with each contact’s number. The company claims this makes the data harder to reverse engineer. The encryption is tied to a hardware key stored separately from the main Bluesky database. Users can later delete their uploaded contacts and opt out. Technical details were shared with the security community for feedback ahead of the launch.
The feature is now rolling out to users in Australia, Brazil, Canada, France, Germany, Italy, Japan, the Netherlands, South Korea, Spain, Sweden, the United Kingdom, and the United States.