Warn users about public availability of handle history

[hotbees]

Describe the Feature

Third-party services like https://clearsky.app/, https://skytools.anon5r.com/, and https://pht.kpherox.dev/ make it trivial to view the history of every handle an account has used and, with the third site, even see every DID a handle has been associated with (and then view their histories). Additionally, while clearsky seems to respect account deletion, the latter two do not.

This can have serious privacy and safety implications for users who are unaware of this and unintentionally associate their real name with their online identity, or associate different online identities that they intended to keep separate. People will get doxxed, stalked, harassed, and outed. This has never been so trivial on other popular social media sites which users are currently migrating from en masse, and as such, many are likely to not even consider it when changing handles.

I believe it's imperative that warnings be added to the screens where users create or change handles that any handle they use will be permanently and publically associated with their account. There should also be some mention of this elsewhere on the site, such as in the privacy page.

Attachments

No response

Describe Alternatives

In my ideal world this handle history would not be accessible, but I understand that's probably a deeply rooted protocol level thing and out of scope for this repo.

Additional Context

No response

[pinklatte]

Hello. I just saw this post and I'm not very tech savvy at all. I was wondering what you meant by "unintentionally associate their real name with their online identity, or associate different online identities that they intended to keep separate"? Does this mean exposing for example multiple accounts that a user has logged in to the app? Like if I had Handle 1 logged into bsky, and then sometime later logged into another account using Handle 2 (and switch between these accounts regularly using the same device), both Handle 1 and Handle 2 will be associated to one person and this is all public? Sorry if I misunderstood 🙏

EDIT: Oh I think I get it now (?) Perhaps I did misunderstand. What you're referring to is only 1 account that has changed their username / handle, not multiple different accounts logged into the same device.

[surfdude29]

@pinklatte Sorry for jumping in here as I'm not OP, but no, you don't need to worry about that. Which accounts you're logged into on the app or website is private, and there's no public info available that could link accounts in that way.

The issue that OP is referring to is that all the history of the previous handles that someone has used is publicly available, and for some people that could have privacy ramifications.

For example, the website internect.info (set up by Bluesky's own @mozzius) gives various publicly available details about Bluesky accounts. Here's the page for my account and if you click/tap on View history you'll see the Audit log, which shows that my handle was previously surfdude29.bsky.social before I changed it to surfdude29.ispost.ing.

In this case it's not a privacy concern, but suppose my real name was Jack Jones and I had created my account as jackjones.bsky.social. Later, I decide to change my handle because I don't want to use my real name anymore, but my previous handle containing my real name will still be available to anyone who knows how to look for it, even though I've now changed my handle to anonymousguy185.bsky.social. This is the type of privacy issue that I believe OP is referring to.

[hotbees]

@surfdude29 Exactly that kind of thing yeah. And to go a step further, if you created your account as jackjones.bsky.social, but then change to anonymousguy185.bsky.social later, someone who is looking for the user jackjones could still find you despite you having changed your handle by looking up jackjones.bsky.social on eg. https://pht.kpherox.dev/.

To use surfdude29.bsky.social as an example, we can go to https://pht.kpherox.dev/handle/surfdude29.bsky.social and go through the previous DIDs this handle has been used with and look through that DID's histories to find out that the new handle is surfdude29.ispost.ing

And since deleting your account doesn't remove your data from this website, you're stuck having jackjones associated to anonymousguy185 in both directions.

[surfdude29]

@hotbees That's a good point that with the https://pht.kpherox.dev/ site you can search to see all DIDs that have been linked to a particular handle.

Given that the design of ATProto and the PLC Directory means that data on previous handles for a DID will always be publicly accessible, I think the best approach is user education, as you suggest. I would propose something like the following text is added to the Change Handle dialog:

Please be aware that handles are registered publicly, so information on any previous handles will always be linked to your account. [link to support article]Learn more.[/link]

This would mean that in my example, if I had registered as jackjones and then decided to stop using my real name, if I read that text in the dialog (maybe a big if, granted) then I would at least be aware that I have a choice as to how to proceed. Mothball or delete jackjones, or maybe only use it to post things that I'm fine being associated with my real name and set up a new anonymousguy185 account that has no link to my real name. Or, proceed with the handle change knowing that anyone who cares to find out can link jackjones and anonymousguy185.

One other point that I just remembered while writing this comment is that there is an obvious way that handles are linked on bsky.app itself, no need to use another site. And that is that in my original example, anyone visiting the jackjones.bsky.social profile link will be automatically redirected to the profile page for anonymousguy185.bsky.social (with the proviso that the original handle hasn't been registered to another account).

[hubick]

I'm living this bug. Was harassed/doxxed, renamed all socials to be anon, now just found my old handle w real name on ClearSky.

Reading above, it's worse, as not knowing this before, I've now also permanently associated my anon handle that everyone knows with my real name, so I can't even delete/recreate that - I need to start over with an entirely new anon handle, and none of my followers/communities will recognize me, I won't be in starter packs, etc.

Nightmare.

Edit: Deleted and created a new acct. Old account still listed as following everyone and accessible (shows "invalid handle" and did:plc:blahblahblah url). Is Bsky just lagging and will eventually delete the old account content I told it to delete, or is this yet another privacy nightmare?