Oh, Bluesky. How could you have missed this?
Bluesky offers a “feature” where users can “upgrade” their Bluesky handles from a more generic name.bsky.social account to a domain name.
Also: 8 Bluesky tips every new user should know
I, for example, just finished “upgrading” my handle. I went from @davidgewirtz.bsky.social to @davidgewirtz.com. I’m writing a detailed step-by-step article on how to do that, which will run later this week. In the process of writing the article and making that transition, I discovered a serious flaw that earned this article all of its scare quotes.
The flaw
When you upgrade your account to the new handle, all your followers and posts move with you. So when I moved from @davidgewirtz.bsky.social to @davidgewirtz.com, my profile looked just as it had before.
So far, so good. But what happened to davidgewirtz.bsky.social? All of the links and references I’ve put up anywhere I list my social media info have pointed to that now old handle — and they still do. Any starter packs (a collection of Bluesky members that you can subscribe to all at once) I’m in still point to that handle.
Also: How to migrate from X to Bluesky without losing your followers
The first big flaw is this: Bluesky doesn’t route requests for the old handle to the new handle. If the handle hasn’t been reassigned, Bluesky just reports an error.
See, here’s the thing. As soon as you convert your handle from a generic bsky.social handle to a domain name, Bluesky frees up your original handle. If someone grabs the handle, then all your hard-earned traffic goes to the new owner of your old handle.
Anyone can take it, make it theirs, cybersquat it, or misrepresent themselves as you.
Want proof? Watch this.
Also: I deleted thousands of tweets from X with this new tool – for free
As soon as I finished upgrading (just assume the scare quotes are there, okay?) from @davidgewirtz.bsky.social to @davidgewirtz.com, I logged out of Bluesky.
Then I created a new account with a new email address. And then, I gave myself a user handle — the old davidgewirtz.bsky.social handle I’d spent all these months building up follower equity with.
Bluesky allowed it. Fortunately, I was able to grab my old handle, but it’s now devoid of any of the followers or post history it had just ten minutes earlier. This became the profile for my original handle.
At least I was able to capture my old handle. If I had not, I shudder to think what someone else might have done with it.
What you must do right away
If you’ve converted your generic bsky.social handle to a domain, I strongly recommend you create a new account with a new email address. Verify that email address in Settings.
Then do what I did above: capture your old handle as a bsky.social account, so you have control of it and nobody else can squat on it.
The next thing I did was change my banner graphic and account description to point people to my new handle. Here’s how that looks now.
These steps are easy and I strongly recommend you do them yourself. Here’s a quick recap.
- Create a new account with a different email address
- Verify that email address by having Settings send you a code
- Enter your old handle as your new handle
- Create a custom graphic and description that points visitors to your new domain name handle.
Good luck!
What Bluesky must do right away
Hello, developers at Bluesky. I know you’re busy, but this one needs your attention. Basically, you’re nuking the followership equity of your most enthusiastic users. Not good. Not at all good.
Here’s what you need to do. When a user converts from the generic bsky.social handle to their domain name, put a checkbox under that big blue button. Set that checkbox to checked, by default.
Make the prompt something like: “redirect all visitors to username.bsky.social to @username.com”. Here’s an example of what that might look like.
At the very least, do not let anyone just jump on those old handles. The potential for mischief is far too great.
If you want to reach out to me once you’ve done this, I’ll update the article.
Final thoughts
All programming projects have growing pains. You hope you’ve thought through an eventuality, but there’s always something. So I don’t blame Bluesky for missing this big hole in their identity management practice.
Also: 7 things to know about Bluesky before you join
In Bluesky’s case, their growth has been explosive and they’ve legitimately had a whole lot to manage.
The issue is what do they do now? Do they just ignore the problem and let their most engaged users suffer the consequences? Or will they be proactive and implement a fix?
That’s how we get to know companies like Bluesky. By their actions.
Stay tuned. I have a feeling this story isn’t over.
You can follow my day-to-day project updates on social media. Be sure to subscribe to my weekly update newsletter, and follow me on Twitter/X at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.
