Last updated August 18th 2023 Follow me @ eepy.bsky.social THIS ARTICLE MAY BE OUT OF DATE Bluesky now has a helpful article that covers this information. I'd recommend reading that first.

When I started learning about the AT Protocol, it occurred to me that there might be a disconnect between how web developers understand Bluesky vs how normal people do. If you don't know what an API is, it probably isn't obvious to you why people without a Bluesky account might be able to see your posts.

So I'm writing this with non-software-engineers in mind so you can make the best possible decisions with regard to your own privacy and data security.

Note that I'm not affiliated with Bluesky. Please check when this was last edited because things can and will change in the coming weeks.

I'm happy to answer questions! If possible ask in this thread: https://bsky.app/profile/eepy.bsky.social/post/3jvx6vx4ir32o

There are different ways for things to be public

Aside from what's visible on the mobile and web apps, personal information is also available from the API and from downloading a repo. A repo is a repository of records of actions taken on Bluesky. Each user has their own repo that they have full control over in theory. An API is what you request information from in a way that is easy for a program to understand and make use of. Bluesky's API makes some of the information easier to find and create third party tooling around.

As far as I can tell, some of the information found in your user repo is not accessible via the API unless you download the whole thing.

API Public

A lot of information falls under what I'd call “API public”. This means it's easy for developers to create tools that make this information available. Like this for example. Essentially, it's information that is supposed to be public and easy to find.

Your posts on Bluesky are public. Yes public. Bluesky is not a closed private space and is not meant to be. You don't have privacy from people who don't have an account. Everything visible to someone with a Bluesky account is also visible to the internet at large.

Anyone on the internet can get your posts from the Bluesky API until you delete them. Also public and easily accessible from the API is your current profile information, current and former handles, who you have blocked or followed (mutes are private) and all the posts you like.

Public in your user repo

August 28th update: Good news! This section is going to be out of date very soon. I'm planning to update it but might not get around to that for a little while. Anyone can download a copy of anyone else's user repo. There is information in here that isn't available from the API. It is currently possible to delete information in the repo, but this does not happen automatically.

The way that Bluesky works means that whenever you take an action, a timestamped record is created. It is possible to download these records directly from Bluesky and look through them.

The text of deleted posts is still visible in your repo. If the post contained an image however, that image is properly deleted. The repo only has links to images which are stored elsewhere. It is sometimes possible to dig up deleted posts!

There is a record of every time you like, follow, or block someone. These persist even if you unlike, unfollow, or unblock.

Past handles, taglines, and display names also work this way. If I want to, I can find your holiday display names as well as any previous identities you went under. I can also see all the taglines you've used. Past handles are API public, but other past profile info is only stored in your repo. The exception is profile pictures, which are properly deleted when changed.

Records in your user repo are possible to delete. I'm working on a tool to allow normal people to do this but according to Daniel something official is also in the works. It is not possible to erase the history of handles you have used as far as I can tell.

Note: I can verify that this information is available in the repo itself and I've heard that it's possible to query the API for some of it but I myself haven't figured out how.

Data saving

People have been and will continue to save all activity on Bluesky. Most data savers are not malicious. There are lots of reasons to be downloading everything. For example, cool third party projects like this social graph. Data archiving is not unique to Bluesky.

Data savers can easily make their own records of when you take certain actions like blocking accounts and liking posts and they can also download your repo directly from Bluesky.

Not public on the internet

Some of your information is private between you and Bluesky. That means someone who works there in theory could get access to it but it isn't published and won't be collected by data savers.

Display settings and your email address are private. Bluesky also knows who you invited and who invited you but doesn't publish that information.

You follows and blocks are public but mutes, what mute lists you use, and other moderation settings like the nudity filter are private. Bluesky keeps track of when you see notifications but doesn't publish that information.

Third Party Services

Feeds

With the exception of the official feeds, most custom feeds are run by third parties. Anyone can publish a feed to Bluesky! When you visit a feed in the official Bluesky app, it sends a request to an external application. The owner of the feed can do whatever they want with this information, including logging how much time you spend browsing their feed and what posts you've seen.

App Passwords

Be very careful about handing out app passwords!

Certain third party tools including interfaces like Skyfeed and visibility tools such as block viewers require you to generate an app password. App passwords are very permissive in that they have all the same capabilities as your actual password with two exceptions: it is not possible to delete your account or create more app passwords.

App passwords can reveal your email address and harvest your invite codes! Before giving away an app password, be 100% certain that the owner is trustworthy enough to not steal this information.

I'm really hoping they change this in the future.

Account deletion

As far as I can tell, deleting your account works as expected (i.e: your info is no longer accessible from Bluesky's server) but this could change in the future when federation is implemented. When that happens, multiple copies of your data will be stored by multiple servers who may have different policies on when data gets deleted. It is also common practice in the dev community to store everything as it's posted.

Summary

Let's recap what info is public and to what degree:

Always private between you and bluesky – who you have muted – what mute lists you are using – your email address (but can be exposed with an app password) – invite trees (who you invited is visible to you but afaik who invited you is not) – moderation settings – notification last seen

API Public i.e: easy for anyone on the internet to access or build tools to access – posts – reposts – likes – photos – blocks – who you are following – current profile info – your published mute lists

Public in your own repo unless manually deleted i.e: the information is out there but a bit more technical to access/delete right now – who you followed and when (even if unfollowed) – who you blocked and when (even if unblocked) – everything you have liked and when, including unliked posts* (but not attached images) – past profile info such as your handles, display names, and taglines

Citations

Special thanks to Daniel and to people on the dev discord, especially David and Jaz for answering my questions. I compiled the information I got from them and from the docs, then did some testing to confirm.

Here's my conversation with Daniel.

Here's proof that they delete images.

Tools

If after reading this you want to rebase your own repo here's a curl command to do that:

curl -X POST 'https://bsky.social/xrpc/com.atproto.repo.rebaseRepo' -H 'Content-Type: application/json' -H 'authorization: Bearer your.jwt.here' -d '{"repo": "did:plc:yourDIDhere"}' 

If you don't know what any of this means, you probably shouldn't rebase your repo and should wait until they have something official set up.

View labels on your account View your own likes View Jay's blocklist (it's empty) Past handles are visible by checking plc.directory/did:plc:yourdidgoeshere/log

*I'm not 100% sure but I think you could probably access the content of a post you liked/unliked which was then deleted by someone who hasn't rebased their own repo.