blue sky has updated its phishing policy be “more aggressive” after a third-party analysis highlighted its verification issue. The Bluesky Safety account said the social media service is removing accounts that impersonate other people and those that crouch over handles. Bluesky does not have a conventional verification system, so it is easy for unscrupulous users to impersonate someone else, either to attract attention or to scam other people. This may not have been a serious problem in the past, but the recent influx of new users brought the problem to the fore.
While users can verify their identities on Bluesky by linking their account to a domain name, the process is not as simple as paying for a verification mark. They would have to add a text string to the DNS record associated with your domain in order to claim your URL. For example, we could claim the Engadget.com identifier on Bluesky if we perform this self-verification process. People can link their accounts to personal domains or pay for Bluesky's custom domain service. In its new announcement, the platform says it is working with high-profile organizations and individuals to set up their verified identifiers.
That said, when a user verifies their account, their old identifier (usually username.bsky.social) is released and available to others who sign up. Alexios Mantzarlis, the third from Cornell tech to analyze the app's user base, found that 44 percent of Bluesky's 100 most followed accounts have a double. That's why Bluesky now requires parody, satire, or fan accounts to be tagged as such in both their handles and bio. If they do not, or if they only indicate the nature of their account in one of those elements, they will be treated as an impersonator and will be removed from the platform.
Bluesky now also explicitly prohibits altering identities. Accounts that start out as impersonators for the purpose of gaining new users and then switch to a different identity in an attempt to bypass the ban will still be removed from the app. Finally, it says it is exploring “additional options to improve account verification,” although they are not yet ready for implementation.
