Bluesky's Encryption Outsourcing: A Liability for Dating Apps?

Bluesky has chosen to route users to a third-party encrypted messenger rather than build end-to-end encryption into its own platform—a decision that positions encryption as a modular plug-in rather than a core responsibility. For dating platforms watching this experiment unfold, the model raises a critical question: is outsourced privacy a clever infrastructure play or a convenient way to dodge the hard work of trust and safety at scale? The answer matters, because what works for a public social network may be legally and operationally untenable for apps designed to facilitate intimate connections between strangers.

Bluesky has introduced a profile badge that routes users to Germ DM, a third-party encrypted messaging app, rather than building end-to-end encryption into its own direct messaging system. The integration, launched in February 2026, allows users to tap a badge on a Bluesky profile and open an encrypted chat through an iOS App Clip—no phone number required, just authentication via an ATProto handle. It's a deliberately modular approach: encryption as a plug-in, not a platform responsibility.

The move follows an explicit design choice by Bluesky. According to engineer Daniel Holms, the platform opted not to implement full end-to-end encryption in native DMs to avoid protocol complexity. Instead, it's outsourcing secure messaging to a specialist.

Germ Network, the startup behind Germ DM, uses Messaging Layer Security (MLS), an IETF-approved standard, and integrates with ATProto to deliver encryption that neither Bluesky nor Germ can access. The company has also released guidelines for other ATProto clients—Blacksky added support almost immediately—turning what could have been a one-off partnership into a potential blueprint for the decentralised social web.

Plug-in privacy and the fragmentation risk

Germ reported a 5x increase in daily active users following the announcement. That sounds impressive until you consider the baseline: the company disclosed "thousands of downloads" prior to the integration, which suggests a small user base to begin with. A 5x jump from a few hundred active users is still measured in hundreds, not tens of thousands. The full Germ DM app is in public beta on iOS in North America and Europe only, which limits reach further.

What's more interesting than the raw numbers is the structural model. By publishing integration guidelines, Germ has positioned itself as infrastructure for the ATProto ecosystem rather than a standalone app. Other clients can add the same badge, creating a theoretically consistent experience across decentralised social platforms. But "theoretically" is doing a lot of work here.

If users encounter different messaging services across different ATProto clients—one uses Germ, another integrates a different E2EE provider—the result isn't interoperability. It's fragmentation dressed up as openness.

Dating platforms have been through this before. The industry spent the 2010s debating whether to route users to third-party messaging apps like WhatsApp or WeChat versus keeping conversations on-platform. The consensus settled firmly on the latter, not because operators wanted to hoard user data, but because on-platform messaging allows for safety tools: reporting, flagging, pattern detection for scams and abuse. Encrypted messaging breaks all of that.

What Bluesky's choice reveals about decentralised safety

Bluesky's decision to skip native E2EE isn't just about protocol complexity. It's about trade-offs that centralised platforms have already made. WhatsApp, Signal, and Telegram offer full encryption, but they're messaging-first products. Social platforms—including dating apps—need to balance privacy with visibility into harmful behaviour.

That's why Instagram DMs aren't end-to-end encrypted by default, and why dating apps like Hinge and Bumble retain access to in-app conversations for trust and safety purposes. The claim that Bluesky's integration represents "something not seen on centralized Big Tech platforms" needs context. Users have always been able to share WhatsApp or Telegram links on social profiles, or move conversations off-platform entirely.

If a decentralised dating app built on ATProto adopts a similar model, it inherits the same blind spots.

What's new here is the badge and the App Clip, which reduce friction. But the underlying dynamic—encrypted chat happening outside the platform's line of sight—is identical. The difference is presentational, not structural.

For dating operators, that distinction matters. A user could display a Germ badge on their dating profile, move the conversation to an encrypted channel, and the platform would have no way to intervene if that conversation turned abusive or predatory. Bluesky can afford to take that risk because it's a public social network, not a product designed to facilitate one-on-one connections between strangers. Dating apps don't have that luxury.

Modular infrastructure, fragmented accountability

Germ's guidelines open the door for other ATProto clients to integrate similar encrypted messaging services. That could mean a dating app on the protocol offers its own E2EE badge, routed through a different provider with different standards. Or it could mean users expect the same Germ badge across all ATProto platforms, creating dependency on a third-party startup with no obligation to dating-specific safety needs.

Neither scenario is reassuring. The dating industry's regulatory environment—particularly under the UK Online Safety Act and the EU Digital Services Act—holds platforms accountable for user harm. Outsourcing encryption doesn't outsource liability. If a user is groomed or defrauded via a third-party encrypted messenger accessed through a dating app profile, regulators and litigators won't distinguish between "native" and "modular" features.

The platform facilitated the connection. That's enough. This is where the plug-in privacy model starts to look less like innovation and more like a liability offload. Bluesky can experiment because it's not operating under the same trust and safety expectations as a dating platform. Dating apps can't.

What to watch

The real test will come when—if—a decentralised dating app on ATProto attempts to scale using a similar model. The protocol allows for it. The question is whether any operator is willing to accept the trade-off: easier encryption, harder moderation, and regulatory exposure that doesn't care how modular your infrastructure is.

Match Group (MTCH) and Bumble (BMBL) have spent years investing in trust and safety teams, content moderation AI, and on-platform reporting tools precisely because they need visibility into user interactions. A plug-in privacy model undermines all of that.

Bluesky's integration with Germ might work for a decentralised Twitter alternative. For dating, it's a template that looks elegant until you consider what happens when the first lawsuit lands.