Bluesky trust and safety is too important to be left to Bluesky

Welcome to the first weekly issue of Platformocracy. Thank you to the many people who have subscribed so far and your thoughts and comments. I plan to aggregate these into a periodic post on reader reactions, so please keep them coming. 

If you aren’t familiar with Bluesky, the ideas behind decentralized social media, and terms such as the ATmosphere or the Fediverse, I’ve included a refresher at the end of this post. For the rest of you, let’s dive in.

I love Bluesky, it’s perfect, now change

I love Bluesky. What’s not to like about a quality app with a supportive community of over 35 million interesting people built on an open protocol? Unlike corporate social media that keeps everything locked down, you can build tools and apps that Bluesky doesn’t control. You can, in theory, even exit to another compatible social network, without losing your friends, followers, or posts.

What I don’t love about Bluesky is that despite an admirable layer of open moderation, the company has still retained final power over setting and enforcing rules on its app, just like any other member of the Platformocracy. If this doesn’t change soon, it will be too late to build a true participatory process.

A structural remedy is the best way to make a clean break. Bluesky Trust and Safety should be separated from the Bluesky company, and put under control of Bluesky users.

Bluesky trust & safety is open on top, but autocratic underneath

Bluesky introduces a new layer of openness that other social media platforms lack. Bluesky comes with a default moderation service, but you can turn it off for a whopping 22 subcategories, from matters of interpretation like Misinformation to dangerous stuff like Scams or Spam. You can even build your own moderation services to stack on top of the default, if you want protections that the company doesn’t offer.

Below the default moderation service, however, Bluesky controls and enforces their rules behind closed doors, just like corporate social media. They retain absolute authority to define their Community Guidelines, and operate moderators and algorithms that look for violations and impose sanctions (removal, suspension, termination).

Autocracy is bad, actually

As I explained in my launch post, when a company operates autocratically, it’s bad for the community. Bluesky is starting to face regular protests against their moderation decisions around transphobia, demands from the Turkish government, and Gaza-related accounts (which might actually be scam fundraisers) being labelled as spam. I expect this to continue, and even get worse. In his 2024 book Governable Spaces, Nathan Schneider points out that the lack of democratic processes online means people aren’t learning critical skills of debate and compromise, and are in fact being primed for authoritarianism.

Absolute power is also a vulnerability in the case of changes in strategy or corporate control, such as Reddit driving third-party moderation tools out of business or the continuing fallout from Elon Musk’s Twitter takeover. I trust that the Bluesky team doesn’t want to do this, but it’s impossible for any venture-funded organization searching for a sustainable revenue model to guarantee that things won’t change in the future.

Exit is supposed to lead to participation, not just exit

Bluesky’s commitment to exit as recourse is admirable and essential, but “take it or leave” (no “it”, just leave) isn’t a one-size-fits-all solution. The freedom to exit, and the signal from lots of people exiting, is supposed to make organizations listen and include their community in decision-making.

Also, while exit has a lot of promise for the future, Bluesky the only huge social network using the AT protocol right now, so there’s really nowhere else to go. This means that today, exit is more of an insurance policy against future enshittification, rather than a force to influence Bluesky’s decision-making.

^{Breaking news: on Thursday, the non-profit group A New Social announced Bounce, a tool to migrate social graphs between Bluesky and Mastodon. This might help accelerate things.}

Bluesky needs separation of powers. 

Bluesky Social PBC could address these concerns by spinning off their entire trust and safety operation to an independent Community Standards Council. 

This Council would have ownership of community guidelines, the default moderation service, and all policy enforcement, including people, code, infrastructure, and budget to maintain and improve all of the above. The initial leadership of this organization would be drawn from verified active members of the Bluesky community, with the mandate to set a process for leadership succession and community deliberation and input into their activities.

This spinoff would need to have teeth: irrevocable structural independence, an ongoing financial commitment, and robust protections in the case of change of control. Otherwise, the Council will suffer the same problems as the Meta Oversight Board. That organization can only make binding decisions for a small number of appeals, can only issue advice on policy, and has no role in day-to-day enforcement. And while Meta has given the Oversight Board $280 million (!!!), there is to my knowledge no ongoing budget commitment proportional to Meta’s growth or the number of appeals coming in.

There are, of course, lots of potential objections and issues with creating a separate Council. Here are five, to get the ball rolling:

1. How would legal risk from violating laws be handled between the two entities?

2. How will the budget for the Council keep up with Bluesky’s growth and changes in the threat environment?

3. What power should the Council have over Bluesky features with the potential to affect safety, such as verifications or in-app reporting?

4. Should Council meetings be open to the public? What if an issue involves proprietary or personally-identifiable information?

5. What happens if Bluesky Social PBC and the Community Standards Council reach an impasse on a critical decision?

These tensions should be debated publicly. They all exist inside all tech companies, but are being handled in secret and without community participation. Corporate PR teams assure you that they are doing everything they can to protect people, new harms were unforeseen, and errors are aberrations that will be fixed right away. In reality, every internal safety professional I’ve ever met has horror stories of denied budget requests, ignored risk assessments, and embarrassing errors that impacted real users for months or years before being caught.

Separation of powers, with a representative council on one side and a corporation on the other, would bring debate and decision-making into the light.

Leave Bluesky alone! 

I am sensitive that I’m suggesting one of the most open and innovative social media platforms out there put something else new and complicated onto their already overflowing backlog. I’m adding another log to the fire because I believe Bluesky might be the only platform willing and able to make this change successfully. They already have a deep commitment to openness, are big enough to have a meaningful user base, but are also new enough to not yet be locked into the path to Platformocracy. Laying a democratic foundation early on would give them the chance to build a meaningfully different platform-community relationship.

If Bluesky the company becomes a role model in democratic governance, I am optimistic that we can look forward to truly new social media in the years and decades to come. I hope this essay will start a conversation about how to make that happen.

Recap: What is decentralized social media?

Most social media platforms are closed – you have to use their app or website to access them, and if you want to leave, your data stays behind. The decentralized or federated social media movement (the two terms mean slightly different things) aim to break up these closed systems into many smaller social networks that talk to each other, so the overall system can’t be controlled by just a few monolithic corporations.

Bluesky is built on an open standard called the AT protocol, which is open in several interesting ways, including:

1. Algorithmic choice – you can choose custom feeds and additional moderation rules within the Bluesky app, versus being limited to only what the company provides.

2. App choice – you can access the full AT protocol feed (all posts, replies, etc) from a different front-end application (“AppView”) instead of Bluesky’s app, which lets you completely avoid the company’s recommendations and moderation policies.

3. Data control – you can run your own Personal Data Server (PDS), which would let you take everything with you to a new social media platform completely detached from Bluesky.

The result of all this openness is a collection of tools, services, and platforms. A great example is Blacksky, founded by Rudy Fraser, a curated feed plus moderation tools and other services that gives over a million people on Bluesky a protected experience within the broader community.

Collectively these independent efforts are called “the ATmosphere,” mostly to distinguish it from the Fediverse, the other (and older) collection of decentralized tools and platforms, which uses a different protocol called ActivityPub. Mastodon is the best-known Fediverse software. Meta also has partially integrated Threads with the Fediverse – independent servers can read and comment on Threads posts, but Threads users cannot read posts from other Fediverse servers yet.

A big difference between the ATmosphere and the Fediverse is the degree of centralization. The vast majority of ATmosphere usage is on Bluesky’s app, while the Fediverse is mostly a collection of small, independent servers.

If you want to go even deeper, Christine Lemmer-Webber wrote a detailed explanation called How decentralized is Bluesky really? that taught me a lot, including I believe coining the term credible exit that I use above.

Back to start

Ideas? Feedback? Criticism? I want to hear it, because I am sure that I am going to get a lot of things wrong along the way. I will share what I learn with the community as we go. Reach out any time at [email protected].