> Bluesky’s moderation team reviews each verification to ensure authenticity.

How is this compatible with Bluesky's internal cultural vision of "The company is a future adversary"[1][2][3]? With Twitter, we've seen what happens with the bluecheck feature when there's a corporate power struggle.

[1]: https://news.ycombinator.com/item?id=35012757 [2]: https://bsky.app/profile/pfrazee.com/post/3jypidwokmu2m [3]: https://www.newyorker.com/magazine/2025/04/14/blueskys-quest...

I don't see how it's incompatible.

The problem with Twitter (before the whole blue check system was gutted into meaninglessness) was that not enough verification badges were handed out. It's not exactly a dangerous situation.

Bluesky's idea of verified orgs granting verification badges to its own org members would be an example of a much more robust and hands off system than what Twitter had.

The dangerous scenario is what happened to Twitter after the Elon takeover: verification becomes meaningless overnight while users still give the same gravity to verification badges which causes a huge impersonation problem. But that possibility is not a reason to have zero verification.

What’s stopping me from making an org that hands out verifications to anyone?

Presumably a contractual agreement with BlueSky. Trust needs to stem from somewhere, so you’re either looking at a web-of-trust model where somebody (BlueSky or BlueSky clients) makes decisions on what sign-offs to trust, or you trust BlueSky to perform due diligence on partner orgs that provide this service and to hold them accountable when that trust is breached.

The WoT model works but as GPG has shown it requires your end users (people? BlueSky client developers?) to manage who they trust as an authority on anything.

I like the idea of a trust hierarchy. Bluesky verifies NYT, then NYT verifies all their journalists. Makes the entire process a lot more scalable.

I built handles.net[1] to make it easy for organisations to manage their member's handles, I think that using domain names for identity is neat and valuable, I have a vested interest in its success as a paradigm but... domain name "verification" is not the right solution today for non-technical people. I shared this sentiment a few months ago[2] and I have only become more confident in that assessment since.

The approach they've taken ("trusted verifiers") is an approach aligned with their values, as it is an extension of the labelling concept that is already well established in the ecosystem. As an idealist, it is a shame that they gave up, I think they could have had an impact on shifting how non-technical people view domain names and understand digital identity... but as a pragmatist, this is the right choice. Bluesky has to pick their battles, and this isn't a hill to die on.

[1] https://handles.net [2] https://news.ycombinator.com/item?id=42749786

Yeah my initial reaction was not too positive. There's something weird to me about simply delegating verification to a third party organization. I'd prefer a more pure solution. Maybe we don't have a solution yet that is simple enough for widespread adoption. The domain based identity does seem a bit too complicated for the average user.

Good! I’ve been using a third-party labeller (which is a great hack), but making it more user friendly and official is a great thing.

I’m a proponent of verification only for “important people”. Yes, the definition of important is funny, and people may feel slighted by it: but I’ve yet to find a system that helps me identify high quality sources so immediately on a social media platform.

I think the best way to look at things is to look at platforms that don't and have really never had issues with verification to begin with. An oddly good example is YouTube, which has a verification feature that's so uneventful and drama-free I reckon a lot of people hardly even notice it. Even fairly small scale musicians and creators, at least relatively speaking, can have verification symbols. (Of course, there can be issues with e.g. account takeovers and people changing their name/icon to try to fool you, but that's not really a problem with the verification process itself.)

The trouble with what platforms like Twitter did was by trying to stick to some definition of important, they took what should be a mundane "yep, this is the person it looks like" icon and made it into a status symbol that everyone wanted. Twitter had a hard time defining the boundaries: Shouldn't they verify their most influential users even if they're not real world celebrities or public figures? What happens if someone who is verified says something that they don't like? How do you prevent corruption when you give other organizations special privileges for verification?

For Twitter and Instagram verification, people were bribing employees and getting verification just because they joined an organization (like an eSports team or a news organization.) This was not a good status quo.

Bluesky is probably headed towards the same problem if they try to be the bearer of who's important. Obviously, you can't verify any Joe Schmoe, but honestly you can just set a reasonable threshold based on their status in the platform for as to whether or not they should be eligible to get verification. When you do stuff like say "You should be able to be verified because you work for NYT", that's just weird. Being a journalist doesn't magically make you important, or mean that your posts will be worthy of greater consideration, yet that's what you're setting people up for when you make verification into a big ordeal like this, and it's the reason why Twitter would unverify people for e.g. having an opinion too far outside the Overton window. And using in-platform metrics to determine eligibility seems reasonable anyways... If you have like 10 followers, your verification status is utterly meaningless anyways.

I think if they want to solve the problem for journalists they should've verified the organizations and then made this separate from verifying individuals. Then accounts under that domain could just have some sort of special badge. This especially makes sense because otherwise you could literally just have your personal account become verified by having a couple month stint at the NYT or something, which is non-sensical.

This seems like an anti-feature. The appeal of Bluesky is exactly the lack of a Twitter like central authority.

The opposite. It’s Twitter before Twitter was turned into a campaign of degenerate malignancy, with several escape hatches built-in.

Bluesky remains the single best example of how decentralization works best as components of the architecture, not its raison d'etre.

Yep, right on schedule.

Fine with this albeit very 'manual'...but not clear if any other choice. I do really like the domain username scheme and if anything this news just draws more attention to that because there's sooo many organizations/news outlets etc not taking advantage.

I'm guessing because users will just "verify" themselves, and then the whole thing is meaningless.