A startup called Germ becomes the first private messenger that launches directly from Bluesky’s app

Bluesky adds encrypted messaging through Germ

The decentralized social network Bluesky integrated new end-to-end encrypted messaging technology from startup Germ Network this month. This partnership allows users to send private, secure messages directly through the Bluesky interface for the first time. Germ DM is now the first third-party private messenger to launch natively within the app ecosystem.

Alongside the integration, Germ released new technical guidance for other developers. This documentation explains how any application built on the AT Protocol can implement similar encrypted messaging features. The move demonstrates how open social networking ecosystems allow the community to build core functionality rather than relying solely on the parent company.

Users who opt into the service can now add a security badge to their public profiles. This badge serves as a direct entry point for other users to initiate an encrypted conversation. The integration remains experimental but represents a significant shift in how Bluesky handles private communication.

How the encrypted badge works

The setup process relies on iOS App Clips to provide a lightweight messaging experience. When you click the Germ badge on a friend's profile, it triggers a temporary app instance that does not require a full download. You authenticate the session using your existing ATProto handle to verify your identity.

This authentication method removes the need for a phone number, which distinguishes Germ from traditional competitors like Signal or WhatsApp. Once authenticated, you can send messages immediately within the App Clip interface. The system then offers an optional prompt to download the full Germ DM application for a more permanent experience.

Setting up the badge on your own profile requires the standalone iOS app. After authenticating your Bluesky credentials in the Germ app, a badge appears on your profile for all followers to see. Some users reported they had to force-quit the Bluesky app before the new UI element became visible.

• No phone numbers: Users identify themselves via their social handles.
• App Clip integration: Messaging starts without a full app installation.
• Zero-knowledge: Neither Bluesky nor Germ can decrypt the message content.
• Protocol-wide: The tech works across different AT Protocol clients like Blacksky.

The technology behind Germ Network

Germ Network utilizes the Messaging Layer Security (MLS) standard to protect user data. The Internet Engineering Task Force (IETF) recently approved this standard to provide efficient, scalable encryption for large groups. By combining MLS with the AT Protocol, Germ creates a secure layer that sits on top of the open social web.

The startup focuses on building an alternative to iMessage and WhatsApp using modern decentralized architecture. Because it uses the AT Protocol, the messaging service is not siloed within a single app. If a user switches from the main Bluesky client to an alternative like Blacksky, their encrypted messaging capabilities can follow them.

The California-based startup was founded by two experts in the field of digital communication and privacy. CEO Tessa Brown previously taught at Stanford University as a communications scholar. CTO Mark Xue joined the project after working as a privacy engineer at Apple, where he contributed to the development of FaceTime and iMessage.

Why Bluesky outsourced its encryption

Bluesky head of product Alex Benzer led the effort to implement third-party services within the main app. While the AT Protocol may eventually support native encryption, the core team is currently focusing on other protocol features. Protocol engineer Daniel Holms explained that building E2EE is an inherently complex task that can slow down third-party developers.

By allowing Germ to handle the encryption, Bluesky avoids pushing that technical burden onto every small developer building a client. "E2EE is hard," Holms wrote in a recent technical blog post. He noted that the complexity of managing encrypted data often complicates the development of new social features.

The partnership began after the ATmosphere Conference in Seattle last year. Germ has been in constant communication with the ATProto community to ensure their roadmap aligns with the broader ecosystem. This transparency led to the transition from "magic links" in bios to the current native UI integration.

Growth and the future of Germ

The official announcement of the integration caused a massive spike in user engagement. Germ reported that its daily active users jumped by 5x immediately following the Bluesky news. The standalone app is currently in public beta for users across North America and Europe.

The team is not currently focused on monetization, choosing instead to prioritize core messaging features. However, Tessa Brown indicated that the company plans to introduce paid tiers for prosumer power users in the future. These features will likely target the specific needs of high-profile users on the network.

Planned premium features include the following:

• Support for managing multiple handles within one secure interface.
• AI-powered screening tools to filter first-time messages from unknown connections.
• Advanced privacy controls for journalists and politicians.
• Enhanced storage options for encrypted media and large file transfers.

The Germ Network team believes that users will continue to choose their platform if they solve the "hard problems" of decentralized security. They aim to stay true to the ATProto ethos, which dictates that users should have the freedom to choose their own tools. This integration serves as a proof of concept for how third-party developers can extend the functionality of the decentralized web without permission from a central authority.

Other clients in the ecosystem are already following Bluesky's lead. Blacksky, a popular alternative interface for the protocol, added support for the Germ badge shortly after the initial launch. This rapid adoption highlights the interoperable nature of the new social web, where a single innovation can propagate across multiple apps simultaneously.

As the AT Protocol continues to grow, more services like Germ are expected to plug into the network. For now, the integration provides Bluesky with a much-needed security feature that its primary competitors already offer. By leveraging MLS and App Clips, Germ has created a blueprint for how private communication can exist in an open-source social environment.