More than 20 million people have signed up for new accounts on Bluesky in the last few months, most of them refugees from the site formerly known as Twitter. That’s made for plenty of joyful reunions, as new arrivals find old friends and interesting people on social media’s hottest new site.
It’s also made for some not-so-pleasant moments, as scammers and mischief-makers set up Bluesky accounts impersonating popular Twitter accounts.
Also: 7 things to know about Bluesky before you join – and why you should
Here, for example, is what I found recently when I searched for Brian Krebs, the well-known security professional.
That’s a picture of Brian Krebs, all right. And the handle on Bluesky’s default server matches the @briankrebs handle that he uses on Twitter. The bio is a little cheeky, but that’s gotta be him, right?
Sorry, no. The account was briefly banned but was reinstated after its owner (who is not Brian Krebs) added the magic word “satire” at the end of the bio.
Ugh.
Also: 8 Bluesky tips every new user should know
The real Brian Krebs doesn’t have a Bluesky account. But he might have to create one strictly for defensive purposes, as he notes in this post on Mastodon.
Brian Krebs, posting on Mastodon that he is not on Bluesky.
Screenshot by Ed Bott/ZDNET
In its glory days, Twitter had a way of dealing with this kind of confusion. The real Brian Krebs, like many of his peers in the journalistic community, had a blue checkmark after his name, indicating that Twitter had verified his account and could confirm that, yes, that was *the* Brian Krebs. In those days, I had a blue checkmark on Twitter as well, thanks to a coordinated effort by ZDNET’s editorial managers.
And then Elon Musk bought Twitter, and one of the first things he did was to strip away the blue checkmarks that had been awarded to people who had proven that they really were who they said they were. Today, a blue checkmark on a Twitter … sorry, *X* account means that you pay the service $8 a month. That’s it.
Also: How to use Bluesky: Everything to know about the popular X alternative
Managers at social media networks are painfully aware that impersonators can cause mayhem on their platforms. The owners of the stolen handles suffer reputational damage, and in the worst-case scenario, the fake accounts can use their unearned credibility to scam followers out of real money.
So, how does Bluesky handle verification? Sorry to say, you’re on your own. The only built-in way to verify an account on Bluesky’s servers is to attach that account to a domain you own. That’s what I’ve done, so instead of using @edbott.bsky.social as my handle, I’ve set up my account using @edbott.com.
Also: How to migrate from X to Bluesky without losing your followers
That’s an acceptable option for people who’ve gone to the trouble of registering their own domains and know how to modify the necessary DNS settings to work with Bluesky. But not every influential voice on social media is that technically sophisticated. And sure enough, one especially creative scammer even managed to use that weakness to turn their fake accounts into an extortion scheme that targeted some very big names indeed.
The domain naming system was never designed to be an identity provider, and it failed miserably here. But it has some potential. Indeed, Bluesky says it’s “working behind the scenes” to help organizations set up “verified domain handles.” In theory, admins at news-based sites like the New York Times and ZDNET could “verify” accounts for their correspondents. But that’s an ad hoc approach that’s fraught with problems.
As an alternative, some Bluesky users have taken advantage of a platform feature that labels accounts with a unique symbol to indicate their status. Hunter Walker, a journalist who works for Talking Points Memo, set up a verification system that allows you to see badges for reporters, elected officials, and other influential folks in the political realm. If you see a badge, that account is real!
The trouble with those third-party verification systems is that you only see those labels if you’ve subscribed to the labeling service. If you’re a Bluesky newbie, how would you know this is the right way to track down your favorite journalists? And what’s to prevent a fake labeling service from monkey-wrenching the entire system?
But those two approaches point to a way forward for Bluesky, which has organized itself as a public benefit LLC whose mission is to create a “sustainably open social network.” Twitter failed miserably at running its own verification service, but Bluesky doesn’t have to fall into that trap.
Also: How to create your own Bluesky domain – and why you should (or shouldn’t)
What if the main Bluesky servers set up a default labeling service that was turned on for every new user? What if they then set up a verification framework that third parties (like Hunter Walker) could apply to join? By distributing the work of verifying account holders to trusted providers and then ensuring that the results appear on every user’s feed, you get pretty close to the blue checkmark standard that Twitter set, minus most of its complications.
I’m not sure any social media service can ever take the place of Twitter, but if Bluesky can keep its cool, it has the potential to surpass its forebears.