Bluesky has been experiencing nonstop growth ever since election day. The alternative social media platform is starting to stand out above all of the others as users flee Elon Musk's X, formerly known as Twitter, due to changes at X as well as Musk's role in the incoming Trump administration.
On Tuesday, Bluesky announced that it had hit 20 million users. It has also begun surpassing another big X competitor, Meta's Threads, in some key statistics as well.
As Bluesky continues to grow, scammers and other bad actors are going to take notice. In fact, some have already.
Fake accounts on Bluesky
On Wednesday, for example, an account claiming to be billionaire hedge fund manager Bill Ackman went viral on Bluesky after it published a post suggesting that Bluesky should be acquired in order to stop the user exodus from Musk's X. It was a fake. There have already been fake Gaza fundraiser accounts and fake accounts falsely claiming to be British MPs.
Of course, fake accounts are not unique to Bluesky. If you'll recall, Musk's X had to temporarily shut down its paid verification system when it first launched due to an influx of paid fake accounts. And Bluesky has been pretty good so far at quickly shutting down accounts that have been reported for breaking the platform's rules.
However, Bluesky is fairly new. 20 million users is a lot, but it's still only 20 million users, and a lot of well-known individuals on other similar platforms are not yet on Bluesky. When an account claims to be a notable individual from another platform, even though — or perhaps because — that individual is not already established on Bluesky, users are often fooled.
No Bluesky verification
Unlike most major social media platforms, Bluesky does not currently have an identity verification system.
Before Musk's takeover, the verified blue checkmark on Twitter was a sign of authenticity. An account was indeed who it claimed to be or represented. With the roll out of paid verification on platforms like X and Meta's Facebook, Instagram, and Threads, the trustworthiness of the verification mark has been diluted. However, seeing the value in verifying noteworthy users, many big accounts on these platforms are still provided with free verification.
Some may argue that no verification is better than a system that sells it. That may very well be the case. However, Bluesky does have a problem unique to its platform when it comes to fake accounts: Custom domains.
Bluesky's custom domain problem
When signing up for Bluesky, users pick a username which appears on the platform as "@yourname.bsky.social". Many users choose usernames that correlate with their handle on other platforms.
After signing up, Bluesky users can further alter their username by connecting their own domain name to use. When doing this, user's Bluesky usernames then become "@yourname.com". This helps customize a user's experience and, if the domain name is representative of that user, can serve as a form of verification itself. In fact, that's how Bluesky itself promotes it – a way to "self-verify."
But, when using your own custom domain name as a Bluesky username, Bluesky releases the originally registered "@yourname.bsky.social" username back into the wild, available for anyone to register.
Some have taken the extra step of registering a separate account with that handle in order to deter bad actors from grabbing the username. However, Bluesky is fairly new, so even some of the most tech-savvy users may not realize that their original "@yourname.bsky.social" is no longer reserved for them once they set up their own custom domain username.
The takeaway, then, is that Bluesky may not be as saturated with scammers, bots, and trolls as X, but it's still just a platform on the internet, and if you're planning on spending time there, you'd better keep an eye out for frauds.
Topics Cybersecurity Social Media X/Twitter
