Company: we use advanced fraud detection to prevent you from using disposable addresses & VPNs to protect your privacy.
Also company: we got breached because we treat your privacy as disposable.
jsr
jsr@primal.net
npub1vz03...ttwj
Chasing digital badness at the citizen lab. All words here are my own.
VERY interesting research on how academic twitter migrated to #Bluesky.
Interesting topline takeaways for growing #nostr. No rocket science that's not been said before, but it's nice to have some data:
1- External shocks are key. Capitalize on them. >15% of transitions explained this way. Think geopolitical events, outages, Musk making a big disliked policy change etc.
2- Audiences move from incumbent platforms following influential voices that they follow. Focus on onboarding these influential voices. This is more impactful than just trying to bring the whole audience first.
This dynamic can build contagion. Find ways to more publicly highlight when influential accounts join.
And make it super easy for Nostr users to use clients to reconstruct followees & social graphs from incumbent platform. Trick will be to do this in a privacy respecting way.
(sidenote: that's way the follow packs were such a good idea. But we need much more of this)
(note: influential voices may experience a period of 'where's my audience?' So it's key to find ways to get the transitioning user from that to the reconstruction of their network. )
3- Multiple peers transitioning is key. Having local clusters develop is important (& probably helps with the dry period before an audience is rebuilt.)
Interesting nuance: transition rates to #bluesky were 25-30% in fields like arts/social sciences, but about half that in medical / physical sciences / engineering. Possible predictors include baseline political engagement & political values expressed.
This has an implication for Nostr: focus messaging on Nostr features that may align with people in incumbent platforms. There has to be desire.
Paper "Why Academics Are Leaving Twitter for Bluesky" https://arxiv.org/pdf/2505.24801
2- Audiences move from incumbent platforms following influential voices that they follow. Focus on onboarding these influential voices. This is more impactful than just trying to bring the whole audience first.
This dynamic can build contagion. Find ways to more publicly highlight when influential accounts join.
And make it super easy for Nostr users to use clients to reconstruct followees & social graphs from incumbent platform. Trick will be to do this in a privacy respecting way.
(sidenote: that's way the follow packs were such a good idea. But we need much more of this)
(note: influential voices may experience a period of 'where's my audience?' So it's key to find ways to get the transitioning user from that to the reconstruction of their network. )
3- Multiple peers transitioning is key. Having local clusters develop is important (& probably helps with the dry period before an audience is rebuilt.)
Interesting nuance: transition rates to #bluesky were 25-30% in fields like arts/social sciences, but about half that in medical / physical sciences / engineering. Possible predictors include baseline political engagement & political values expressed.
This has an implication for Nostr: focus messaging on Nostr features that may align with people in incumbent platforms. There has to be desire.
Paper "Why Academics Are Leaving Twitter for Bluesky" https://arxiv.org/pdf/2505.24801
Now more than ever it is critical to recognize where you've outsourced your cognition.
And whose hidden assumptions your mental economy is now running on.
NEW: Senator Wyden just exposed which companies keep silent about government surveillance.
No = doesn't respect Americans' privacy rights.
Choose accordingly.
But Wyden didn't stop there. 
He highlighted troubling evidence that when government-ordered surveillance of Senators took place, companies failed to notify Senators.
This is a bad, scary look for these companies. And it drives home the fact that Americans are often running blind when it comes to potential surveillance overreach.
Sources:
Wyden Letter to colleagues: https://www.wyden.senate.gov/imo/media/doc/wyden_dear_colleague_on_senate_cyber_and_surveillance_surveillancepdf.pdf
Wyden press release: 
But Wyden didn't stop there.
He highlighted troubling evidence that when government-ordered surveillance of Senators took place, companies failed to notify Senators.
This is a bad, scary look for these companies. And it drives home the fact that Americans are often running blind when it comes to potential surveillance overreach.
Sources:
Wyden Letter to colleagues: https://www.wyden.senate.gov/imo/media/doc/wyden_dear_colleague_on_senate_cyber_and_surveillance_surveillancepdf.pdf
Wyden press release: Wyden Reveals Which Phone Companies Protect Privacy by Telling Customers About Government Surveillance | U.S. Senator Ron Wyden of Oregon
The Official U.S. Senate website of Senator Ron Wyden of Oregon
Privacy advocates must to win every fight to keep your data protected.
Data brokers need to win just once.
NEW: #Google's #Android 16 to feature optional high security mode. Cool.
Advanced Protection has a bunch of requested features that address the kinds of threats we worry about.
It's the kind of 'turn this one thing on if you face elevated risk' that we've been asking for from Google.
And likely reflects some learning after Google watched #Apple's Lockdown Mode play out.
Here are some thoughts:
SOME FEATURES IM EXCITED FOR:
The Intrusion Logging feature is interesting & is going to impose substantial cost on attackers trying to hide evidence of exploitation. Logs get e2ee encrypted into the cloud. This one is spicy.
The Offline Lock, Inactivity Reboot & USB protection will frustrate non-consensual attempts to physically grab device data.
Memory Tagging Extension is going to make a lot of attack & exploitation categories harder.
2G Network Protection & disabling Auto-connect to insecure networks are going to address categories of threat from things like IMSI catchers & hostile WiFi.
FEATURES IM ..MORE CAUTIOUSLY CURIOUS ABOUT
Spam & Scam detection: Google messages feature that suggests message content awareness and some kind of scanning.
Scam detection for Phone by Google is interesting & coming later. The way it is described suggests phone conversation awareness. This also addresses a different category of threat than the stuff above. I can see it addressing a whole category of bad things that regular users (& high risk ones too!) face. Will be curious how privacy is addressed or if this done purely locally.
FRICTION POINTS?
I see Google thinking some of thisC through, but I'm going to add a potential concern: what will users do when they encounter friction? Will they turn this off & forget to re-enable?
We've seen users turn off iOS Lockdown Mode when they run into friction for specific websites or, say, legacy WiFi.
They then forget to turn it back on. And stay vulnerable.
Bottom line: users disabling Apple's Lockdown Mode for a temporary thing & leaving it off because they forget to turn it on happens a lot. This is a serious % of users in my experience... And should be factored into design decisions for similar modes.
GIVE US A SNOOZE BUTTON
I feel like a good balance is a 'snooze button' or equivalent so that users can disable all/some features for a brief few minute period to do something they need to do, and then auto re-enable.
Yes, during that brief period there is vulnerability (and a potential social engineering target), but if the trade off is that the user likely just turns the whole thing off and forgets it..that is worse.
HIGH SECURITY & HIGH PARANOIA USERS
Some users, esp. those that migrated to security & privacy-focused Android distros because of because of the absence of such a feature are clear candidates for it...
But they may also voice privacy concerns around some of the screening features. And about the fact that the phone would need to be re-googled (think:Graphene which confers a lot of privacy by stripping out most google features)
Clear communication from the Google Security / Android team will be key here.
TAKEAWAYS
I'm excited to see how #Android Advanced Protection plays with high risk users' experiences.
I'm also super curious whether the spam/scam detection features may also be helpful to more vulnerable users (think: aging seniors)...
Google's blog: 
It's the kind of 'turn this one thing on if you face elevated risk' that we've been asking for from Google.
And likely reflects some learning after Google watched #Apple's Lockdown Mode play out.
Here are some thoughts:
SOME FEATURES IM EXCITED FOR:
The Intrusion Logging feature is interesting & is going to impose substantial cost on attackers trying to hide evidence of exploitation. Logs get e2ee encrypted into the cloud. This one is spicy.
The Offline Lock, Inactivity Reboot & USB protection will frustrate non-consensual attempts to physically grab device data.
Memory Tagging Extension is going to make a lot of attack & exploitation categories harder.
2G Network Protection & disabling Auto-connect to insecure networks are going to address categories of threat from things like IMSI catchers & hostile WiFi.
FEATURES IM ..MORE CAUTIOUSLY CURIOUS ABOUT
Spam & Scam detection: Google messages feature that suggests message content awareness and some kind of scanning.
Scam detection for Phone by Google is interesting & coming later. The way it is described suggests phone conversation awareness. This also addresses a different category of threat than the stuff above. I can see it addressing a whole category of bad things that regular users (& high risk ones too!) face. Will be curious how privacy is addressed or if this done purely locally.
FRICTION POINTS?
I see Google thinking some of thisC through, but I'm going to add a potential concern: what will users do when they encounter friction? Will they turn this off & forget to re-enable?
We've seen users turn off iOS Lockdown Mode when they run into friction for specific websites or, say, legacy WiFi.
They then forget to turn it back on. And stay vulnerable.
Bottom line: users disabling Apple's Lockdown Mode for a temporary thing & leaving it off because they forget to turn it on happens a lot. This is a serious % of users in my experience... And should be factored into design decisions for similar modes.
GIVE US A SNOOZE BUTTON
I feel like a good balance is a 'snooze button' or equivalent so that users can disable all/some features for a brief few minute period to do something they need to do, and then auto re-enable.
Yes, during that brief period there is vulnerability (and a potential social engineering target), but if the trade off is that the user likely just turns the whole thing off and forgets it..that is worse.
HIGH SECURITY & HIGH PARANOIA USERS
Some users, esp. those that migrated to security & privacy-focused Android distros because of because of the absence of such a feature are clear candidates for it...
But they may also voice privacy concerns around some of the screening features. And about the fact that the phone would need to be re-googled (think:Graphene which confers a lot of privacy by stripping out most google features)
Clear communication from the Google Security / Android team will be key here.
TAKEAWAYS
I'm excited to see how #Android Advanced Protection plays with high risk users' experiences.
I'm also super curious whether the spam/scam detection features may also be helpful to more vulnerable users (think: aging seniors)...
Google's blog: Google Online Security Blog
Advanced Protection: Google’s Strongest Security for Mobile Devices
Posted by Il-Sung Lee, Group Product Manager, Android Security Protecting users who need heightened security has been a long-standing com...
I just tried the new #Primal article editor.
It's awesome.
The cognitive style of long form notes
BREAKING: jury awards massive $167 million in punitive damages against spyware company NSO Group.
It turns out that the regular people on a jury think it is evil when you help dictators hack dissidents.
After years of every trick & delay tactic it only took a California jury ONE DAY of deliberation to get this Monsanto-scale verdict. Precedent-setting win against notorious #Pegasus spyware maker.
BACKSTORY:
Rewind to 2019. About this time (April-May) #WhatsApp catches NSO Group hacking its users with #Pegasus.
They investigated.
We at Citizen Lab helped to investigate the targets & get in touch with the activists journalists & civil society members that were targeted
We identified at least 100. And got in touch. It was a tremendous push of sleepless days. But it made it so clear just how much harm was being done.
Then, In October 2019 WhatsApp sued.
Prior to the lawsuit, NSO had acted the playground bully.
Targeting victims that dared speak up & researchers like us.
Suddenly, the bully wasn't so surefooted. Like the scene in a high school movie where the cousin shows up in the beat up car & collars the bully.
You might not remember, but in 2019 no country had sanctioned NSO Group... No parliamentary hearings, no hearings in congress, no serious investigations.
For years, WhatsApp's lawsuit helped carry momentum & showed governments that their tech sectors were in the crosshairs from mercenary spyware too...
Credit due to Meta & WhatsApp leadership on this one, they stuck the fight out & carried it across the finish line.
NOTIFICATIONS MATTER
WhatsApp's choice to notify targets was also hugely consequential.
A lot of cases were first surfaced from these notifications.
With dissidents around the world suddenly learning that dictators were snooping in their phones...with NSO Group's help.
A SIDEBAR: HARASSING RESEARCHERS
One of NSO's many tactics was to leverage the case to badger me & us Citizen Lab researchers to try and extract information.
It never worked, but it laid bare the tactics that these firms prefer...instead of coming clean.
ROLE OF CIVIL SOCIETY
Ultimately, we wouldn't be here without civil society investigations of mercenary spyware... and alarm raising.
And victims choosing to come forwads.
Thankfully today there's a whole accountability ecosystem growing around this work.
Dozens of orgs engaging.
Numbers are growing.
IS THERE GONNA BE IMPACT? YES
NSO Group emerges from the trial severely damaged.
The damages ($167,254,000 punitive, $440K+ compensatory) is big enough to make your eyes water.
NSO'S BUSINESS IS NOW ALL OVER THE NET
The case is also a blow to NSO's secrecy, with their business splashed all over a courtroom.
WhatsApp just published NSO's depositions, exposing an unprecedented amount of info on a spyware company's operations:
✅https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-NSO-Eshkar-Transcrips_Case-4-19-cv-07123-PJH.pdf
✅https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-NSO-Gil-Transcrips_Case-4-19-cv-07123-PJH.pdf
✅https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-NSO-Shohat-Transcrips_Case-4-19-cv-07123-PJH.pdf
✅https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-NSO-Gazneli-Transcrips_Case-4-19-cv-07123-PJH.pdf
This will scare customers. And investors. And other companies that do the same thing. Good.
MY VIEW:
Watching a jury of regular citizens see right through NSO's mendacity & hypocrisy...and to the need to protect privacy is amazing.
Gives me hope.
Despite all the fancy lawyering & lobbying, people know that this kind of privacy invasion is wrong.
Read more:
They Exposed an Israeli Spyware Firm. Now the Company Is Badgering Them in Court. 
Spyware maker NSO ordered to pay $167 million for hacking WhatsApp
https://www.washingtonpost.com/technology/2025/05/06/nso-pegasus-whatsapp-damages/
NSO Group must pay more than $167 million in damages to WhatsApp for spyware campaign 
It turns out that the regular people on a jury think it is evil when you help dictators hack dissidents.
After years of every trick & delay tactic it only took a California jury ONE DAY of deliberation to get this Monsanto-scale verdict. Precedent-setting win against notorious #Pegasus spyware maker.
BACKSTORY:
Rewind to 2019. About this time (April-May) #WhatsApp catches NSO Group hacking its users with #Pegasus.
They investigated.
We at Citizen Lab helped to investigate the targets & get in touch with the activists journalists & civil society members that were targeted
We identified at least 100. And got in touch. It was a tremendous push of sleepless days. But it made it so clear just how much harm was being done.
Then, In October 2019 WhatsApp sued.
Prior to the lawsuit, NSO had acted the playground bully.
Targeting victims that dared speak up & researchers like us.
Suddenly, the bully wasn't so surefooted. Like the scene in a high school movie where the cousin shows up in the beat up car & collars the bully.
You might not remember, but in 2019 no country had sanctioned NSO Group... No parliamentary hearings, no hearings in congress, no serious investigations.
For years, WhatsApp's lawsuit helped carry momentum & showed governments that their tech sectors were in the crosshairs from mercenary spyware too...
Credit due to Meta & WhatsApp leadership on this one, they stuck the fight out & carried it across the finish line.
NOTIFICATIONS MATTER
WhatsApp's choice to notify targets was also hugely consequential.
A lot of cases were first surfaced from these notifications.
With dissidents around the world suddenly learning that dictators were snooping in their phones...with NSO Group's help.
A SIDEBAR: HARASSING RESEARCHERS
One of NSO's many tactics was to leverage the case to badger me & us Citizen Lab researchers to try and extract information.
It never worked, but it laid bare the tactics that these firms prefer...instead of coming clean.
ROLE OF CIVIL SOCIETY
Ultimately, we wouldn't be here without civil society investigations of mercenary spyware... and alarm raising.
And victims choosing to come forwads.
Thankfully today there's a whole accountability ecosystem growing around this work.
Dozens of orgs engaging.
Numbers are growing.
IS THERE GONNA BE IMPACT? YES
NSO Group emerges from the trial severely damaged.
The damages ($167,254,000 punitive, $440K+ compensatory) is big enough to make your eyes water.
NSO'S BUSINESS IS NOW ALL OVER THE NET
The case is also a blow to NSO's secrecy, with their business splashed all over a courtroom.
WhatsApp just published NSO's depositions, exposing an unprecedented amount of info on a spyware company's operations:
✅https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-NSO-Eshkar-Transcrips_Case-4-19-cv-07123-PJH.pdf
✅https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-NSO-Gil-Transcrips_Case-4-19-cv-07123-PJH.pdf
✅https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-NSO-Shohat-Transcrips_Case-4-19-cv-07123-PJH.pdf
✅https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-NSO-Gazneli-Transcrips_Case-4-19-cv-07123-PJH.pdf
This will scare customers. And investors. And other companies that do the same thing. Good.
MY VIEW:
Watching a jury of regular citizens see right through NSO's mendacity & hypocrisy...and to the need to protect privacy is amazing.
Gives me hope.
Despite all the fancy lawyering & lobbying, people know that this kind of privacy invasion is wrong.
Read more:
They Exposed an Israeli Spyware Firm. Now the Company Is Badgering Them in Court. The Intercept
They Exposed an Israeli Spyware Firm. Now the Company Is Badgering Them in Court.
NSO Group, which makes Pegasus spyware, keeps trying to extract sensitive information from Citizen Lab — and a judge keeps swatting it down.
TechCrunch
NSO Group must pay more than $167 million in damages to WhatsApp for spyware campaign | TechCrunch
The five-year legal battle between the Meta-owned company and the most notorious spyware maker in the world ends with a huge win for WhatsApp.
#Skype shuts down TODAY.
Here's the link to download your contacts, chats etc:
secure.skype.com/en/data-export
Age verification is often a trojan horse for broader surveillance demands.
AI friends consoling me because my cat bonded to the robot vacuum & ignores me.
Friends don't let friends get their eyeballs scanned to buy a coffee.
This portable dystopia machine is Tools for Humanity's latest effort to live up to their Orwellian name.
Connoisseurs of the AI-will-end-humanity marketing hype train of a few years ago should find plenty to appreciate in an eyeball scanner framed as as a 'helpful' tool to distinguish between AI agents & humans.
Or is it for that? Or maybe point of sale? Or nebulous 'verification?'
The only clear thing? This device starts from a point of biometric #privacy invasion.
It sure looks to me like another effort by the company Sam Altman founded to make a global data-grab.
Just say no.
Connoisseurs of the AI-will-end-humanity marketing hype train of a few years ago should find plenty to appreciate in an eyeball scanner framed as as a 'helpful' tool to distinguish between AI agents & humans.
Or is it for that? Or maybe point of sale? Or nebulous 'verification?'
The only clear thing? This device starts from a point of biometric #privacy invasion.
It sure looks to me like another effort by the company Sam Altman founded to make a global data-grab.
Just say no.
TechCrunch
Sam Altman's World unveils a mobile verification device | TechCrunch
Tools for Humanity, the startup behind the World human verification project, unveiled a mobile verification device and expanded to the US.
BREAKING: another journalist targeted with spyware in #Italy.
He's a close colleague of an already-known Paragon target & just got a threat notification from Apple.
(btw if you get one of these, take it very seriously & get in touch with an expert)
CONTEXT
It's time for transparency from the Italian government. This scandal has been going on since the end of January.
Unlike the first revelations earlier this year & their initial denials...Italy is now an admitted Paragon user.
And everything we know about Paragon indicates that government deployments keep immutable logs that should give a quick answer: was it the Italian government?
Story [IT] https://www.fanpage.it/politica/il-governo-puo-chiarire-subito-se-ciro-pellegrino-e-stato-spiato-con-paragon-il-commento-di-citizen-lab/
(btw if you get one of these, take it very seriously & get in touch with an expert)
CONTEXT
It's time for transparency from the Italian government. This scandal has been going on since the end of January.
Unlike the first revelations earlier this year & their initial denials...Italy is now an admitted Paragon user.
And everything we know about Paragon indicates that government deployments keep immutable logs that should give a quick answer: was it the Italian government?
Story [IT] https://www.fanpage.it/politica/il-governo-puo-chiarire-subito-se-ciro-pellegrino-e-stato-spiato-con-paragon-il-commento-di-citizen-lab/
GET IT: Best of #privacy & #security follow pack.
Follow em all:
https://following.space/d/3boa4ixmmv7h
Built on @calle 's magnificent community gift: Following
Use sunscreen. Get enough fiber. Do regular backups.
NEW INVESTIGATION: Uyghurs far from China's borders are being targeted.
Attackers impersonated legit software developers & contacted the targets asking for testing help on a language app.
Then they sent a trojan.
Let's talk about why this was clever.
TECHNICAL SOPHISTICATION? NAH.
Technical sophistication of this attack was...meh.
But that's not where the attackers focused.
INTELLIGENCE-DRIVEN? YAH.
They spent their effort carefully crafting credible bait that matched what they knew about their targets:
Trojanizing a legit Uyghur language app was a clever, cynical move.👇
Many marginalized communities struggle with getting fonts & dictionaries to capture their language.
And developer talent is very welcome.
With a lure that credible you don't need to burn your most sophisticated exploits.
Good news in this case: Gmail spotted & blunted the attacks which were only found whey my colleagues worked with vigilant targets to screen for them.
But the theme of China-nexus hacking groups being economical about exposing technical methods (just using minimum necessary stuff) while drawing from (presumably) vast amounts of intelligence and understanding of their targets to craft effective social engineering is something we at the Citizen Lab have tracked for decades.
READ THE FULL REPORT:
By my talented colleagues: 
TECHNICAL SOPHISTICATION? NAH.
Technical sophistication of this attack was...meh.
But that's not where the attackers focused.
INTELLIGENCE-DRIVEN? YAH.
They spent their effort carefully crafting credible bait that matched what they knew about their targets:
Trojanizing a legit Uyghur language app was a clever, cynical move.👇
Many marginalized communities struggle with getting fonts & dictionaries to capture their language.
And developer talent is very welcome.
With a lure that credible you don't need to burn your most sophisticated exploits.
Good news in this case: Gmail spotted & blunted the attacks which were only found whey my colleagues worked with vigilant targets to screen for them.
But the theme of China-nexus hacking groups being economical about exposing technical methods (just using minimum necessary stuff) while drawing from (presumably) vast amounts of intelligence and understanding of their targets to craft effective social engineering is something we at the Citizen Lab have tracked for decades.
READ THE FULL REPORT:
By my talented colleagues: The Citizen Lab
Weaponized Words: Uyghur Language Software Hijacked to Deliver Malware - The Citizen Lab
Our investigation of a spearphishing campaign that targeted senior members of the World Uyghur Congress in March 2025 reveals a highly-customized a...
Fear is dictatorship glue.
You can't imprison everyone with a dissenting thought.
Or inconvenient factual observation.
But fear teaches self censorship. And is a scalable system of control.
The challenge, of course, is to keep the fear going.
And push it all the way down into private conversations.
In the 20th century, such fear required massive human investment. Informants... model punishments...information control. All on a linear scale.
And there was a post-cold war school of thought that said: once everyone is connected, these systems won't work.
But tech isn't, by nature, an a dictatorship antidote. It can equally be an expedient. Just ask China.
In the past 20 years the government has empirically developed technologies & private sector partnerships for scaling fear and self censorship to north of 1.4 billion ppl. Log scale.
Out here in the rest of the world take a look around.
The major underpinnings of our online & financial behavior have comprehensive person-tracking surveillance and information-shaping built right in... primarily to sell us even more things.
But it is the shortest possible distance from that to a totalizing system of government surveillance. Punishment. And information control.
We all carry informants in our pockets. Ready to snitch on us, shape what we feel, and implement punishments.
This is a tremendously inviting system for governments with the instincts to grab these levers.
Increasingly, they are doing just that.
Pictured: Stasi interrogation rooms.
Image source: 
Image source: Hyperallergic
Mundane Horror in Abandoned Stasi Spaces
As we creep up on the 25th anniversary of the fall of the Berlin Wall (November 9, 1989), some of the remains of the oppressive Ministry for State ...
2027: we can't wait to show our advertising partners how we deliver behavior shaping across whole lives.
this is a surprisingly great feature, imo.
Government censorship has come to #Bluesky.
LATEST:
On demands from the Turkish government, Bluesky restricted access to 72 accounts per a report from a Turkish NGO.
DETAIL:
Accounts are restricted for users in Turkey.
Accounts aren't banned from Bluesky's AT Protocol relays etc, but access is moderated at the official client level through geography-specific labels.
WORKAROUNDS?
Realistically impacted accounts are no longer visible to the majority of Bluesky users (most aren't on 3rd party clients) in Turkey.
However, since 3rd party client apps for the AT Protocol aren't forced to use geography-specific labels, they an still be used to view the content.
In theory, official client + VPN would also result in seeing the accounts.
LOOKING AT SOME DATA:
Bluesky has been publishing transparency reporting about legal & government requests. The most recent report covers 2024 and shows a relatively modest number of takedown requests, but about 50% response by Bluesky.
Unfortunately, the company doesn't differentiate between legal demands in civil litigation and *government* demands. This makes it hard to get a clear picture.
I hope Bluesky segments out these very different kinds of pressure in 2025 reporting so we can get a better sense of what's happening.
BIG PICTURE:
Looking ahead, governments are probing for new ways to enforce content restrictions. These are early days for Bluesky and it is likely that a lot more requests like this will be inbound as users head there to try and avoid the well-greased censorship machinery on legacy platforms like X.
Recommended reading & Sources:
Super-helpful-to-me TechCrunch article: 
Mastodon post confirming blocking with testing : 
Bluesky post with the notification email screenshot:
Bluesky 2024 Moderation Report: 
Bluesky post describing geography-specific labels as a content-removal technique:
LATEST:
On demands from the Turkish government, Bluesky restricted access to 72 accounts per a report from a Turkish NGO.
DETAIL:
Accounts are restricted for users in Turkey.
Accounts aren't banned from Bluesky's AT Protocol relays etc, but access is moderated at the official client level through geography-specific labels.
WORKAROUNDS?
Realistically impacted accounts are no longer visible to the majority of Bluesky users (most aren't on 3rd party clients) in Turkey.
However, since 3rd party client apps for the AT Protocol aren't forced to use geography-specific labels, they an still be used to view the content.
In theory, official client + VPN would also result in seeing the accounts.
LOOKING AT SOME DATA:
Bluesky has been publishing transparency reporting about legal & government requests. The most recent report covers 2024 and shows a relatively modest number of takedown requests, but about 50% response by Bluesky.
Unfortunately, the company doesn't differentiate between legal demands in civil litigation and *government* demands. This makes it hard to get a clear picture.
I hope Bluesky segments out these very different kinds of pressure in 2025 reporting so we can get a better sense of what's happening.
BIG PICTURE:
Looking ahead, governments are probing for new ways to enforce content restrictions. These are early days for Bluesky and it is likely that a lot more requests like this will be inbound as users head there to try and avoid the well-greased censorship machinery on legacy platforms like X.
Recommended reading & Sources:
Super-helpful-to-me TechCrunch article: TechCrunch
Government censorship comes to Bluesky, but not its third-party apps ... yet | TechCrunch
Government censorship has found its way to Bluesky, but there's currently a loophole thanks to how the social network is structured.Earlier this
Mastodon
Mastodon Migration (@mastodonmigration@mastodon.online)
Attached: 1 image
Confirmation: Bluesky Now Blocking User In Turkey In Response To Turkish Demands
Yesterday Arda Kılıçdağı @arda@micro.arda...
Bluesky Social
Ali Safa Korkut (@aliskorkut.com)
This author has chosen to make their posts visible only to people who are signed in.
Bluesky
Bluesky 2024 Moderation Report - Bluesky
Throughout 2024, our Trust & Safety team has worked to protect our growing userbase and uphold our community standards.
Bluesky
Bluesky’s Current Efforts on Trust and Safety - Bluesky
This is a big quarter for Trust and Safety at Bluesky, as we work on a large number of improvements. Here’s a preview of everything that is in pr...
They Criticized Musk on X. Then Their Reach Collapsed.
Graphs from this story are stark.
Link: 
Graphs from this story are stark.
Link: They Criticized Musk on X. Then Their Reach Collapsed.
Three users who disagreed with the site’s owner saw views for their posts plummet.