Can you use GDPR to circumvent BlueSky's adult content blocks?

Original Article ↗ Hacker News Discussion ↗

Bluesky’s (De)centralization Reality

  • Many argue Bluesky is effectively centralized: it depends on a core BGS router, the main index, and Bluesky-operated APIs.
  • ATProto is acknowledged as a protocol that could support decentralization (self‑hosted PDS, alternative “appviews”), but the live network behavior is seen as hub‑and‑spoke with Bluesky in the middle.
  • Comparisons are made to Mastodon and Nostr: both also risk “you can run your own, but almost nobody does” centralization; some feel Bluesky is worse because centralization is a deliberate product/UX choice.

How Age Verification and Content Blocks Actually Work

  • Age verification is implemented in the official Bluesky apps/website, not in the protocol itself.
  • Filtering of porn/DMs is largely a client‑side/app‑layer decision; third‑party clients or simple userscripts can bypass it.
  • Several commenters note this is a far easier path than using GDPR to regain DM access or adult content.

GDPR Compliance and Process

  • Bluesky is criticized for exceeding GDPR response deadlines; commenters say this is legally non‑compliant but practically hard to enforce.
  • Their EU/UK GDPR roles are outsourced to a third‑party firm, which may slow practical access to internal APIs and exports.
  • Some recommend filing complaints with DPAs but are pessimistic about Irish enforcement in particular.

Verifying Identity for Data Requests

  • Discussion focuses on how controllers can reasonably verify a requester: email control is generally seen as acceptable and proportional for a social network.
  • Using a different email then changing the account email to match is cited as a valid control‑of‑account proof.
  • Government ID checks are viewed as overkill and risky because they create new sensitive‑data stores.

Ethics and Mechanics of Age Verification

  • One camp calls mandatory age checks “draconian” because they erode anonymity and create new surveillance/tracking risks, especially with third‑party or foreign verifiers.
  • Others argue it’s technically possible to design privacy‑preserving systems (e.g., zero‑knowledge proofs, government‑backed digital IDs, hardware wallets) that reveal only “over/under X.”
  • Critics counter that any such system still ties identity to a database, is prone to leaks, can be abused for tracking, and is coercive when required for basic online interaction.
  • Debate arises over token sharing/proxying: if proofs are bearer-like, they can be resold or reused; if tightly bound to identity, anonymity erodes.

Children’s Safety vs Adult Privacy and Responsibility

  • Supporters of strong age gates emphasize grooming, private DMs, and legal/PR liability; they argue private channels are especially attractive to predators.
  • Opponents say DM blocking for unverified users is disproportionate: creeps can be public too, and parents—not governments or platforms—should primarily manage children’s access.
  • Some see age‑verification laws as pretexts for broader control/surveillance and note that exposure to porn doesn’t straightforwardly cause severe harm in most anecdotes.

DMs, Safety, and Encryption

  • Bluesky’s unencrypted DMs (accessible for “Trust and Safety”) are criticized; some say truly “private” DMs should be end‑to‑end encrypted.
  • Others accept unencrypted DMs on a broadcast‑oriented platform, prioritizing moderation of abuse over maximal secrecy.
  • There is a suggestion to treat DMs as lightweight, non‑sensitive messages; those needing strong privacy should use tools like Signal instead.

Moderation, Walled Gardens, and Scope

  • Some see Bluesky’s approach (age‑gating DMs, porn filters, trust & safety access) as proof it’s just another centralized, walled‑garden social network.
  • Others stress that these rules are enforced in Bluesky’s own apps; alternative ATProto apps can choose different policies, so the underlying protocol remains open even if Bluesky’s instance isn’t.