More than 20 million people have signed up for new accounts on Bluesky in recent months, most of them refugees from the site formerly known as Twitter. This has led to many happy reunions, as newcomers find old friends and interesting people on the newer, more mainstream social media site.
It’s also made for some not-so-pleasant moments, when scammers and mischief-makers create Bluesky accounts posing as popular Twitter accounts.
Plus: 7 things you should know about Bluesky before joining and why you should know
This, for example, is what I found recently when I searched for Brian Krebs, the well-known security professional.
That’s a photo of Brian Krebs, okay. And the handle on Bluesky’s default server matches the @briankrebs handle you use on Twitter. The bio is a bit cheeky, but it has to be him, right?
Sorry, no. The account was briefly banned but was reinstated after its owner (not Brian Krebs) added the magic word “satire” to the closing of the bio.
Puya.
Plus: 8 Bluesky Tips Every New User Should Know
The real Brian Krebs does not have a Bluesky account. But you might have to create one strictly for defensive purposes, as you point out in this post on Mastodon.
Brian Krebs, posting on Mastodon who is not on Bluesky.
Screenshot by Ed Bott/ZDNET
In its glory days, Twitter had a way of dealing with this kind of confusion. The real Brian Krebs, like many of his peers in the journalism community, had a blue check mark after his name, indicating that Twitter had verified his account and could confirm that yes, that was *the* Brian Krebs. In those days, it also had a blue check mark on Twitter, thanks to a coordinated effort by ZDNET’s editorial directors.
And then Elon Musk bought Twitter, and one of the first things he did was remove the blue ticks that had been awarded to people who had proven that they were really who they said they were. Today, a blue check mark on a Twitter account… sorry, *X* means you pay $8 a month for the service. That’s all.
Also: How to use Bluesky: everything you need to know about the alternative X standard
Social media managers are painfully aware that copycats can wreak havoc on their platforms. Owners of stolen handles suffer reputational damage, and in the worst cases, fake accounts can use their unearned credibility to scam their followers out of actual money.
So how does Bluesky handle verification? I’m sorry to tell you that you are alone. The only built-in way to verify an account on Bluesky’s servers is to attach that account to a domain you own. That’s what I did, so instead of using @edbott.bsky.social as the handle, I set up my account using @edbott.com.
Also: How to migrate from X to Bluesky without losing your followers
That’s an acceptable option for people who have gone to the trouble of registering their own domains and know how to modify the DNS settings needed to work with Bluesky. But not all influential voices on social media are so technically sophisticated. And sure enough, one particularly creative scammer even managed to use that weakness to turn your fake accounts into an extortion scheme which by the way pointed to some very big names.
The domain name system was never designed to be an identity provider, and here it failed miserably. But it has some potential. In fact, Bluesky says it is “working behind the scenes” to help organizations set up “verified domain identifiers.” In theory, administrators of news sites like the New York Instances and ZDNET could “verify” the accounts of their correspondents. But this is an ad hoc approach that is fraught with problems.
Alternatively, some Bluesky users have taken advantage of a platform feature that tags accounts with a unique symbol to indicate their status. Hunter Walker, journalist who works for Speaking Factors Memo, establish a verification system which allows you to view badges of reporters, elected officials and other political influencers. If you see a badge, that account is current!
The problem with those third-party verification systems is that you only see those labels if you have subscribed to the labeling service. If you’re new to Bluesky, how would you know this is the right way to locate your favorite journalists? And what’s to stop a fake labeling service from ruining the entire system?
But those two approaches point a way forward for Bluesky, which has organized itself as a public benefit LLC whose mission is to create a “sustainably open social network.” Twitter failed miserably to run its own verification service, but Bluesky doesn’t have to fall into that trap.
Also: How to create your own Bluesky domain and why you should (or shouldn’t) do it
What if the main Bluesky servers set up a default tagging service that was activated for every new user? What if they then established a verification framework that third parties (like Hunter Walker) could apply to join? By distributing the work of verifying account holders to trusted providers and then ensuring the results appear in each user’s feed, it comes pretty close to the blue checkmark standard that Twitter established, minus most of its complications.
I’m not sure any social media service can ever replace Twitter, but if Bluesky can keep his cool, he has the potential to surpass his ancestors.
