Bluesky Adds Verification Badges ⇥ bsky.social
In a post attributed to the Bluesky Team, the company announced a familiar verification method with a twist:
In 2023, we launched our first layer of verification: letting individuals and organizations set their domain as their username. Since then, over 270,000 accounts have linked their Bluesky username to their website. Domain handles continue to be an important part of verification on Bluesky. At the same time, we’ve heard from users that a larger visual signal would be useful in knowing which accounts are authentic.
Now, we’re introducing a new layer — a user-friendly, easily recognizable blue check. Bluesky will proactively verify authentic and notable accounts and display a blue check next to their names. Additionally, through our Trusted Verifiers feature, select independent organizations can verify accounts directly. Bluesky will review these verifications as well to ensure authenticity.
The domain-based verification Bluesky already implemented was a good start, but incomplete. My profile is connected to my personal domain but, even with that single line of text, there is no obvious indicator. You can see the problem on Bluesky’s own profile which tells you to “check username👆” to confirm it is, indeed, the real one.
Then there is the problem of public personalities. Maybe a musician or actor wants to confirm their profile is really them, but is domain-based verification really the best way for them? Does Pedro Pascal have a dot-com? What about a journalist who could “verify” an account connected to an employer, but they also want a separate personal account? Both ought to be verified, but only one is employer-connected. Then, when they leave that employer, they will need to change their username, and Bluesky does not automatically redirect moved profiles. (Followers, posts, and so forth are moved to the new profile, but any links to posts made under the previous profile are not redirected.)
A verification checkmark is not an offensive idea unto itself, but it comes with a new set of concerns. First, what does it mean? Bluesky says it is for “authentic and notable accounts”, but what that means is not clear. Twitter used to assign itself an authoritative role in determining which accounts fit similar criteria. In doing so, it helped make this badge a bizarre mark of status. Now, Meta and X let you simply buy a badge to confirm an account belongs to the person or organization claimed. If the goal is to avoid controversy with notable figures, surely self-verification and manual profile confirmation achieve those purposes. But a parody account is also legitimate in its own way, right?
Second, while it makes sense to have a quick identifier of accounts susceptible to impersonation, the badge also comes with risks. If such an account is hijacked, for example, its posts carry additional weight.
Bluesky seems like it is trying to solve some of these issues by allowing others to vouch for the authenticity of an account. In theory, this minimizes its own role in being the voice of authority. In its example, the New York Times’ account can verify the authenticity of others’ accounts. But Bluesky still plays a central role in this process — it appears to determine whether an account can become a Trusted Verifier, and its moderators confirm each verification request from third-party verifiers. I take it this latter requirement is necessary because it is not clear to me whether there are any limits to which accounts a Trusted Verifier can approve. Still, it means Bluesky is the final say in which accounts belong to the person or organization claimed.
Update: I was wrong, according to Bluesky technical advisor Jeremy Johnson:
anyone can publish a verify record, any app can choose who to display verifies from. And as this thing bakes a bit we’re going to make it easier to pick different verifiers in our app.
If you were to run your own app view then you definitely don’t have to care at all what Bluesky PBC does here, just collect all the app.bsky.graph.verification records and go ham.
It sounds like I could verify my own accounts — or, indeed, vouch for any account — but it is up to the client how it wants to display that verification attempt. Bluesky itself is only trusting itself and select others for now.