According to 9to5Mac, the decentralized social platform Bluesky has launched a new “privacy-first” method for finding friends called “Find Friends.” The feature, detailed in a company blog post, requires you to verify your own phone number and upload your contacts, but Bluesky itself never stores or tracks those phone numbers. Instead, it uses a four-part process involving local hashing and matching to notify both parties only when a mutual match is found, either immediately or later via notification. The core trade-off is that because Bluesky doesn’t know who’s already on the platform, you might get a text invite from a friend even if you’ve already joined. The company explicitly cited past abuses, like platforms using numbers for ads or leaks, as the reason for this new architecture.
Why this is a big deal
Look, we’ve all been there. You install an app, it immediately begs for your contacts, and you just hit “Allow” without a second thought. But here’s the thing: you’re not just sharing *your* data. You’re handing over the names, numbers, and emails of everyone you know, without their consent. Remember the whole Facebook phone number fiasco? Users gave their digits for two-factor auth, and Facebook turned around and used them for ad targeting. That’s the kind of creepiness Bluesky is trying to architect out of existence. And honestly? It’s a welcome change.
The privacy trade-off
So how does it actually work? Basically, your phone hashes your contacts’ numbers locally. Bluesky’s server then does its own hashing and tries to find a match *without* ever seeing the original data. If there’s a match, both users get a notification. It’s clever. But the downside is real: Bluesky has no central directory of users. So your friend might excitedly send you an invite text for a service you’re already on. Is that annoying? Sure, a little. But is it a fair price for not having your social graph mined and sold? I think most privacy-conscious users would say yes. It reframes the whole concept from “growth hacking” to actual, respectful connection.
A new standard?
Now, Apple did improve the system-level controls last year, moving away from the all-or-nothing access. That was a step. But Bluesky’s approach attacks the problem from the server side, too. It’s saying, “We don’t even *want* the temptation of having that sensitive data.” In a world where every app seems to be a data vacuum, that’s a pretty radical stance. Will it catch on? Will the big platforms, whose entire business models are built on knowing exactly who knows who, ever adopt something like this? Probably not. But for a platform like Bluesky, which is trying to build a credible alternative to the established giants, it’s a powerful statement. It turns a privacy weakness into a core feature.
The bottom line
This is one of those features that sounds technical but has a very human impact. It respects that your contacts list isn’t just your data—it’s a network of people who never agreed to be part of a social media platform’s database. The minor inconvenience of a duplicate invite is a small, tangible cost for a much larger privacy win. It makes you wonder: if a relatively new social platform can build this in from the start, why has the “upload all your contacts” model been the default for so long? The answer, of course, is that data is currency. And Bluesky is choosing not to deal in it.
