Bluesky’s Centralization: The Decentralized Alternative That Isn’t?

I. What Is Bluesky?

Bluesky began in 2019 as a Twitter initiative under Jack Dorsey, aimed at developing “an open and decentralized standard for social media". In 2021 that project spun off as an independent company, Bluesky Social, Inc., with the mission to “develop and drive large-scale adoption of technologies for open and decentralized public conversation”. The new company created the AT Protocol (Authenticated Transfer Protocol) an open-source framework intended to power federated social networks and launched a reference social app based on it. By early 2025 Bluesky’s app had accumulated tens of millions of users, buoyed in part by disaffected Twitter/X users seeking an “open” alternative. Bluesky is often viewed and markets itself as a kind of “Twitter 2.0”: a microblogging service with 300-character posts and a chronologicalish feed, but built on a “protocol” instead of a single corporation. In publicity, Bluesky is repeatedly described as the “open”, “federated” or “user-controlled” alternative to centralized platforms like Twitter. Its early backers including Twitter’s founder explicitly contrasted it with the “very entrenched” incentives of incumbent social platforms. By launching a public beta in February 2024, Bluesky invited users to imagine a new social web where anyone could host parts of the network and nobody held all the power.

II. How Bluesky Sells Openness

Bluesky’s official messaging is built around buzzwords like open, decentralized, and user control. The company website proudly states: “Bluesky is a social app that is designed to not be controlled by a single company”. It highlights that the underlying AT Protocol is an “open-source framework” with a standard format for identity and posts, so that “many different apps can interoperate” and “users can move between them freely”. Bluesky literature repeatedly compares its model to email or the open web: for example, one blog explains that AT Protocol “provides a way for servers to communicate with each other like email,” meaning “you can have many sites… [and] individuals and businesses can self-host if they want”. In other words, the pitch is that Bluesky will be a federated network where people pick their service providers but still participate in one global pool of content. The Bluesky apps emphasize features like algorithmic choice and composable moderation: users can subscribe to custom feeds or filtering lists that anyone builds, and even “follow anyone across any Bluesky server” without extra logins. In marketing materials and interviews, Bluesky’s founders liken the vision to early web ideals. For example, the TechCrunch launch story notes that AT Protocol “allows anyone to build their own social media applications, similar to how open web protocols let anyone build websites”. Bluesky presents itself as carrying on the promise of federation: an app built by many people on shared protocols, giving each user freedom to pick apps, feeds, and servers, without a single company arbitrarily deciding who sees what.

III. Centralized in Practice

Despite the rhetoric, the reality is that Bluesky’s network remains heavily centralized under the control of the Bluesky company. Nearly all users rely on Bluesky-run infrastructure. For most people signing up, Bluesky automatically assigns them a handle like @username.bsky.social and hosts their Personal Data Server (PDS) the silo where their posts, followers list, and private keys live. Likewise, all content from every PDS is aggregated into Bluesky’s central relay. In fact, as of 2025 the official Bluesky app (the AppView) is essentially the only way to consume the global feed.

This concentration has practical consequences. When Bluesky experienced a major outage in April 2025, most of the network went down. TechCrunch reported that a “major PDS networking problem” at Bluesky’s servers knocked the service offline and only those few users who had gone to the trouble of running their own PDS remained connected. As TechCrunch notes, “While in theory anyone can run the various parts of the infrastructure… so few have done so. Those who did, however, were not impacted by the outage.” In other words, Bluesky’s pledged decentralization offered no practical safeguard for the masses. If the company’s servers fail or are taken down, almost all users lose access.

Analysts have emphasized just how dependent Bluesky remains on its corporate back-end. One architecture review states that “for 99% of users… your data, identity, feed generation, and data aggregation are in Bluesky’s (the company) control. If they pulled the cord, almost the entire network would disappear.” In that piece, the author calls Bluesky’s current design “somewhere in-between” full decentralization and centralization. Indeed, by default Bluesky even holds the keys: “If you sign up to Bluesky, you’ll be assigned to a Bluesky-managed PDS... [so] the private keys are in Bluesky’s custody. By default they’re in complete control”. Even the company’s own protocol docs admit that Bluesky PBC operates the only production servers today: “Bluesky PBC runs the default PDSes… [and] runs the default Relay and Firehose at bsky.network. However, other providers could offer a competing service if they wish.” Technically others could start a rival relay, but none have at scale. Almost everyone winds up on Bluesky’s infrastructure, bottlenecked through Bluesky-run servers and a single trust registry.

Critically, Bluesky’s notion of “federation” currently doesn’t allow users meaningful independence. Even though the AT Protocol theoretically supports account portability and multiple hosts, today most users never exercise those options. For example, anyone with a @username.bsky.social handle could verify a personal domain or move to an alternate PDS but almost no one has done so on a large scale. The company encourages a single namespace as a “starter” rather than the dozens of independent servers you see on ActivityPub networks. Meanwhile, certain aspects remain fully centralized: at launch, Bluesky’s trust root is its own registry of verified handles and algorithms, and features like handle resolution and searching are still BlueSky-controlled.

IV. Political Implications of Central Control

Bluesky’s centralization also means its corporate team makes the hard policy calls and users have no real say. The very moderation and on boarding decisions that Bluesky criticized Twitter/X for become part of the Bluesky roadmap. For example, when Republican JD Vance created a Bluesky account in June 2025, Bluesky’s system immediately flagged it as a suspected impersonation and auto-suspended the account. Only after Bluesky staff intervened was Vance’s profile “quickly restored and verified so people can easily confirm its authenticity,” Bluesky told TechCrunch. In effect, Bluesky’s team chose who to let in and when to add a verification badge a gatekeeping step that would not happen in a truly federated network.

Similarly, journalists and regular users have found themselves arbitrarily censored or locked out, with no community-based appeals process. A Politico reporter, Michael Kruse, described how his Bluesky account was summarily taken down by automated filters as “spammy, fake, or inauthentic” seemingly because of an unpopular quote he reposted. When Bluesky later reinstated him, Kruse reports they provided no explanation of the supposed violation. He complained that even after being restored, “I had no idea who or what had reported me, and for which violation.”politico.com. Such opacity means a small corporate-moderation team is effectively deciding speech boundaries on Bluesky, without transparent policy or user checks.

Worse still, Bluesky’s central control can be co-opted by states or special interests. In April 2025, for instance, Bluesky complied with Turkish government demands to block dozens of accounts. A report documented that “59 Bluesky accounts were blocked…on the grounds of protecting ‘national security and public order’” in Turkey. Turkish users on the official Bluesky app suddenly could not see those accounts or posts. Crucially, as one TechCrunch analysis notes, Bluesky users on the official app “have no way to opt out of the moderation service Bluesky provides” meaning that if Bluesky agrees to censor content in a region, ordinary users cannot escape it except by leaving the platform entirely. Some third-party Bluesky-compatible apps exist, and in theory they could choose not to enforce those Turkish government blocks; almost everyone is on Bluesky’s own apps. There is not a culture of both developing alternative apps nor as much of a reason with accounts also being centrally hosted.

These incidents illustrate Bluesky’s core issue: unlike Mastodon or true federations, users cannot simply switch to a dissenting instance or ignore the corporate filter. On Mastodon, if one server bans a viewpoint, users can move to another server and carry their account with them. On Bluesky, all roads lead back to Bluesky’s roadblock. As one fediverse advocate warned, users may soon come to view Bluesky’s fate as “the easy decentralized way to do things” that didn’t work, and mistakenly conclude “we tried decentralization and that didn’t work… remember Bluesky?”. Because Bluesky’s governance is top-down, it's replicating the same one-size-fits-all dynamics opaque bans and sudden policy shifts that many fled Twitter and many other cooperate media platforms to escape.

V. How Mastodon & ActivityPub Differ

By contrast, platforms like Mastodon (which implement ActivityPub) truly distribute control. Each Mastodon instance (server) is a fully independent community: users choose where to sign up, and that server’s administrators set its policies. Crucially, if you dislike a server’s rules, you can migrate your account elsewhere – your identity only needs to match a new server name, and your social graph moves with you. As Mastodon’s own documentation puts it, “Each Mastodon server is a completely independent entity, able to interoperate with others to form one global social network.” The site emphasizes that moderation and algorithms are not corporate-imposed: “Each server creates their own rules and regulations, which are enforced locally and not top-down like corporate social media,” so users can “join a server with the rules you agree with, or host your own.”

This means power is spread across the community. If one instance grows harmful or is pressured, others are unaffected unless they choose to federate with it. Also in terms of governments it is harder to pressure a service that is decentralized. Mastodon instances typically finance themselves via donations or grassroots subscriptions, not venture capital, reducing the commercial pressures on content policy. The end result is a user-run ecosystem: no single corporation can silence the network, and communities can tailor norms to their values. Bluesky’s structure with one default server and one default feed lacks these decentralized safeguards.

VI. Why Messaging Matters

Bluesky’s marketing calling itself decentralized and open creates expectations that aren’t yet met, and that can have wider fallout. Privacy-conscious users and developers may wrongly assume Bluesky provides the same exit options or anti-censorship guarantees as ActivityPub networks. If Bluesky were to stumble or enforce controversial policies, observers might mistakenly blame the idea of decentralization itself. Indeed, an analyst warns that “people might believe there’s an ‘easy decentralized way to do things’ that Bluesky has discovered which isn’t actually that at all,” and if Bluesky later collapses, observers might think “we tried decentralization and that didn’t work” This could undermine trust not just in Bluesky but in open-protocol efforts more broadly.

Meanwhile, critics note that venture-backed projects often use “open protocol” rhetoric as a gloss. Bluesky is a public-benefit corporation with major VC investment, not a foundation or a grassroots project. As one commentary observes, Bluesky’s founders “are not companies… they will come under the same pressure all businesses face to maximize returns to investors.”. Some compare this to OpenAI: once a research-oriented “open” organization, now a profit-seeking one. In fact, Bluesky’s own advisers acknowledge this tension: they say Bluesky “is a public benefit company, so profit is not its (only) goal. However, there is VC capital involved… OpenAI is a great example… a company that is now open only in its name" The lesson is that branding something as an “open protocol” does not in itself guarantee community control. When Bluesky’s leadership is beholden to investors, open-source code can coexist with de facto central control. Users and developers need to see through the hype: the promise of decentralization means little if the ecosystem ends up dominated by one funded gatekeeper.

VII. Why We Should Choose Existing Federated Platforms

By the time Bluesky launched its AT Protocol and company‑run PDS network, robust federated social platforms were already in wide use—most prominently Mastodon and the broader Fediverse ecosystem. These systems have spent years refining true decentralization:

• Independent servers, portable identities: You pick your instance, and if you ever disagree with its rules, you can migrate your account (and your followers) to another server without losing your social graph.
• Diverse client ecosystem: Dozens of interoperable apps (Pleroma, Pixelfed, PeerTube, etc.) let you consume and create content in your preferred way, free of a single “official” client.
• Community‑driven governance: Moderation policies and feature development emerge from open discussions among server admins and communities, not from a venture‑backed board.
• No corporate gatekeeper: With no centralized identity registry or firehose under one company’s control, no organization can pull the plug on the entire network or unilaterally dictate who belongs.

Bluesky’s model of one default bsky.social server, company‑owned relays, and a closed trust root offers no advantages over the alternatives. Rather than trying to retrofit decentralization onto a centralized core, users, developers, and privacy‑conscious communities should focus on strengthening and expanding the systems that already work. Mastodon’s federated servers, and the thriving ecosystem around them stand as the true, resilient realization of the decentralized social web Bluesky claimed to build.

In summary, Bluesky’s vision is promising, but its system falls short of true decentralization. Its brand may attract privacy and community-minded users, but without deeper decentralization, that brand is breeding disillusionment.