Bluesky wakes up to impersonation nightmare with strict rules

Bluesky, the social media upstart that is increasingly being seen as a less problematic substitute for X, has recently seen a surge of new users. Just over a week ago, the platform crossed the 20 million users benchmark and briefly sat at the top of Apple App Store charts.

It, however, seems that the rapid growth didn’t come without its own share of problems. An analysis recently confirmed how bad actors are abusing the impersonation tactic for deception. In the wake of the revelations, Bluesky has announced a few changes to its policy guidelines, especially around identity protection and impersonation.

“Impersonation and handle-squatting accounts will be removed,” the company’s safety team wrote in an update on Bluesky. It specifically mentions that if someone creates an account to impersonate another personality for the sake of gaining followers, those accounts will be removed.

“Identity churning is not allowed on Bluesky,” warns the company. For accounts that are trying to parody another person, they will have to clearly identify as such, both in their username as well as the profile bio. Accounts that only declare such intent in one place will also receive the boot.

Bluesky says it is already sitting on a pile of moderation-related requests submitted by its community due to the high number of fresh sign-ups. “We have also quadrupled the size of our moderation team, in part to action impersonation reports more quickly,” adds the company.

Policy update by Bluesky seen on an iPad.
Nadeem Sarwar / Digital Trends

Moreover, the ambitious social media upstart is also planning to add more robust identity verification measures in the near future. So far, the only reliable method of identity verification on Bluesky is the custom domain name facility. Notably, Bluesky wants to handle verification in a different fashion, compared to that of rival platforms like X or Meta-owned social sites.

According to Bluesky CEO Jay Graber (via TechCrunch), the company is hoping to build a verification system where it is not the sole entity in control of the identity submission and authentication pipeline.

Looking over at the competition, X now relies on a Premium subscription to offer the verified badge, and so do Facebook and Instagram. This paid verification system has already backfired for X.

On Bluesky, there are no visual indicators of whether an account is verified in the same vein as the checkmark on X or Instagram. Moreover, the self-verification system on the platform is still quite technical and half-baked in its own way.

In lieu of such safety measures, Bluesky is ripe for bad actors to impersonate famous personalities as well as businesses. Such accounts can be used for all kinds of nuisances, ranging from peddling scams to simply engagement baiting and subsequently hawking such accounts.

The impersonation woes of Bluesky were first highlighted by security researcher Alexios Mantzarlis, who wrote in his newsletter that nearly half of the 100 most popular accounts on the platform had at least one fake account trying to leech off their identity.

“Most are cheap knock-offs of the bigger account, down to the same bio and profile picture. Only 16% of the duplicates that I reviewed had an ‘impersonation’ label,” Mantzarlis wrote. It would be interesting to see how soon Bluesky launches extra protective measures to rein in such bad actors and offer an official channel for identity verification.

On the positive side, the company recently cleared that it won’t lift user content for AI training, further adding that it has no intention of doing so in the near future. X and Meta-owned social media platforms, on the other hand, are using publicly-shared content for training their respective generative AI tools.