A company called Germ is aiming to bring end-to-end encrypted messages to Bluesky’s AT Protocol, a feature that the social network doesn’t currently have.
The tool’s security is yet to be independently audited, but the company says it plans to seek that out soon. Mark Xue, a former privacy engineer at Apple and CTO of Germ, told 404 Media “We’ve been working for about two years on Germ, and on this integration for 6 months or so.”
Essentially, Germ is its own app which is integrating with the AT Protocol that powers Bluesky, according to an announcement post the company shared with 404 Media before it went live on Monday. It describes itself as the “first secure messaging service on the ATProtocol!”
To start an encrypted chat, users will click the magic link in a Bluesky user’s bio, the announcement says. A person’s Bluesky or AT Protocol handle acts as what German calls an “identity card.” This directs people to the Germ app, which in turn asks for the users’ Bluesky handle and credentials. The messaging itself then happens in the Germ app, not Bluesky’s own, but it still serves as a way to connect people who are trying to send encrypted messages to Bluesky users.
Screenshots provided by Germ.
Rianna Pfefferkorn, a policy researcher at Stanford and who told 404 Media she was an advisor to Germ, said “I believe they’ve got a great bench of expertise, between their CTO’s background at Apple and the outside advisors they’ve brought on who have very deep expertise in cryptography.” She said Tessa Brown, Germ’s CEO, reached out “because I had long been arguing, in my work at Stanford, that strong encryption is not incompatible with effective trust & safety.”
That has been a constant tension in private messaging apps and social networks. If a platform introduces end-to-end encrypted messaging in order to protect users’ privacy, does that potentially enable other bad behavior, because the platform will be unable to see it?
“By design, end-to-end encryption means Germ can’t analyze the content of people’s messages, just like Signal, iMessage, and WhatsApp. We will have abuse mitigation like those established systems do,” Xue said. He added “A key dimension of abuse in DM’s is unsolicited or unwanted contact. With our integration, users will be able to use their Bluesky handle as their messaging identity without opening up unsolicited DM’s. They can grant permission to contact by exchanging cards directly (by QR code or link), while still proving and using the ongoing binding between their private Germ Card and their public Bluesky profile.”
“We set out to build interoperable E2EE [end-to-end encrypted] DM’s, because we believe that people should be able to make independent choices of software and still be able to talk with each other. Diversity of interoperable apps and infrastructure is also a core value of Bluesky’s AT Protocol (motivated by Musk’s acquisition of Twitter and subsequent user exodus). There’s a community working group to develop interoperable BSky E2EE DM’s, and we think our implementation would be a great starting point,” he added.
In May 2024, Bluesky itself said encrypted DMs were coming “down the line.”