Bluesky Just Got Encrypted DMs. A Startup Built Them First.
Big Tech social platforms don’t usually let outsiders build core features directly into their apps. Bluesky just did exactly that.
A startup called Germ Network has become the first private messenger to launch natively inside the Bluesky app. The integration brings end-to-end encrypted (E2E) messaging to Bluesky users without requiring a separate app download. And honestly, it’s a fascinating look at how open social networks can work very differently from the walled gardens we’re all used to.
End-to-End Encryption Hits Bluesky
So here’s what actually happened. Bluesky integrated Germ Network’s technology directly into its app, giving users access to encrypted direct messages right from a friend’s profile. The move is significant because Bluesky itself hasn’t built its own E2E encryption system. Instead, it let a startup solve that problem, then brought the solution into the main app.
Germ DM works through a small badge displayed on users’ Bluesky profiles. Click the badge, and a lightweight iOS App Clip opens up. You authenticate with your AT Protocol handle, and you can send an encrypted message immediately. You don’t even need to download the full app to get started.
That said, the full Germ DM app is available in public beta on iOS in North America and Europe. And the numbers suggest people are genuinely interested. After Bluesky’s official integration announcement, Germ’s daily active users jumped 5x compared to before.
Who Built This, and Why It Matters
Germ Network was founded by Tessa Brown, a communications scholar who previously taught at Stanford, and Mark Xue, who spent time as a privacy engineer at Apple working on technologies like FaceTime and iMessage. That background isn’t just a fun fact. It shaped the entire philosophy behind Germ.
The goal was to build something better than existing E2E encrypted platforms like Signal, WhatsApp, and iMessage. Instead of requiring a phone number to get started, Germ integrates with AT Protocol to verify identity. That’s a meaningful distinction. Phone numbers tie messaging to your real-world identity in ways that many privacy-conscious users find uncomfortable.
Plus, Germ runs on Messaging Layer Security (MLS), a new encryption standard recently approved by the Internet Engineering Task Force (IETF). This is modern cryptography, not legacy tech patched together over the years.
Crucially, Germ’s messages cannot be decrypted by any outside party. Not Germ itself. Not Bluesky. The encryption is genuine.
![Germ Network app interface showing encrypted messaging badge on a Bluesky profile, with iOS App Clip activation screen]
AT Protocol Makes This Possible
Here’s where things get genuinely interesting for anyone who cares about the future of social media.
Bluesky runs on the AT Protocol (ATProto), an open framework that allows developers outside the company to build apps and features on top of the same infrastructure. That’s fundamentally different from how Facebook, Instagram, or X operate. Those platforms tightly control what third parties can and cannot do.
Bluesky’s approach means that Germ could build a private messenger, integrate it with the social graph Bluesky users already have, and launch it directly inside the main app. No corporate gatekeeping. No years-long approval process.
Bluesky protocol engineer Daniel Holms explained the reasoning clearly. “The reality is that E2EE is hard,” he wrote in a recent blog post. “And this inherent complexity isn’t something that the protocol team at Bluesky can just handle — it gets pushed out to every dev trying to build a client that works with encrypted data.” So rather than tackle it poorly internally, Bluesky leaned on specialists who had already done the hard work.
Xue echoed that thinking. “We align with the ATProto ethos that people should be able to communicate using the apps and tools they choose,” he told TechCrunch.
From Private Beta to Native Integration
Germ didn’t just appear overnight. The team has been building toward this moment for months.
They launched a private beta back in August, distributing access through “magic links” shared in users’ Bluesky bios. It was clever but limited. Users who found those links had to trust a URL in someone’s bio rather than a verified, native interface.
The new badge system solves that. It sits directly on your Bluesky profile, looks official, and opens the App Clip experience with a single tap. Germ told TechCrunch the team stayed in close contact with Bluesky’s app and protocol teams since the ATmosphere Conference in Seattle last year, sharing their roadmap and gathering feedback along the way.
“Both our team and Bluesky’s saw value in better AppView support for the Germ link,” said Xue, who serves as CTO at Germ Network.
The collaboration clearly worked. Bluesky’s head of product Alex Benzer led the changes on Bluesky’s side. And almost immediately after Bluesky added Germ badge support, Blacksky — another AT Protocol-based client — followed suit.
What’s Coming Next for Germ
Brown, Germ’s CEO, told TechCrunch the team is focused on shipping more everyday messaging features right now. Monetization isn’t the immediate priority.
But she did hint at where paid features might eventually land. “We expect that our first paid features will be centered on the needs of prosumer power users like creators, journalists, and politicians — for example, support for multiple handles and private AI-powered screening for first messages from new connections,” she said.
That’s a thoughtful approach. Rather than charging everyone immediately, Germ seems to be building trust first, then finding ways to charge the users who need the most powerful tools.
If you want to try it out, the process is straightforward. Download the Germ DM app on iOS, authenticate your Bluesky credentials, and a badge will appear on your Bluesky profile. One note from hands-on testing: you may need to force-quit and restart the Bluesky iOS app before the badge shows up. Small friction, but worth knowing ahead of time.
What Germ and Bluesky have pulled off together is a genuinely exciting proof of concept for open social networking. When a platform shares its infrastructure instead of locking it down, small teams with specialized expertise can build things the platform itself never could. Encrypted messaging that works natively inside a social app, built by privacy engineers who helped design iMessage, is exactly the kind of outcome that model produces.
It’ll be worth watching how many other AT Protocol apps adopt the Germ badge next.
