---
title: Germ Brings Encrypted Messaging to Bluesky via ATProto
description: Germ uses Messaging Layer Security and ATProto to deliver end-to-end encrypted messaging without leaving Bluesky. Daily active users jumped fivefold.
author: Darie Nani (Editor-in-Chief)
date: 2026-02-20T21:57:10.000Z
updated: 2026-02-26T17:55:06.680Z
canonical: https://www.sovereignmagazine.com/article/germ-brings-encrypted-messaging-to-bluesky-via-atproto
image: https://cdn.nanimediahouse.com/germ-bluesky-encrypted-messenger.webp
categories: Startups
content_type: News
region: California
publication: Sovereign Magazine
---

Bluesky now has end-to-end encrypted private messaging through Germ, a California startup that has become the first third-party messenger to launch natively inside the social network’s app, as first reported by [TechCrunch](https://techcrunch.com/2026/02/18/a-startup-called-germ-becomes-the-first-private-messenger-that-launches-directly-from-blueskys-app/).

## How the integration works

Germ uses ATProto (Bluesky’s open protocol) for user authentication. No phone number is required. Users tap a badge on a contact’s Bluesky profile, which opens an iOS App Clip (a lightweight temporary application that does not require a full download). After logging in with their ATProto handle, they can send an encrypted message immediately.

The encryption uses Messaging Layer Security, the group messaging standard ratified by the Internet Engineering Task Force in 2023. MLS provides forward secrecy and post-compromise security, meaning that even if a session key is compromised, past and future messages remain protected. Neither Germ nor Bluesky can decrypt message content.

Bluesky introduced its own direct messaging feature in May 2024, but the built-in system does not offer end-to-end encryption. Bluesky’s head of protocol Daniel Holmgren has said the company has several reasons not to build the system itself, describing E2EE as ‘hard,’ [according to TechCrunch](https://techcrunch.com/2026/02/18/a-startup-called-germ-becomes-the-first-private-messenger-that-launches-directly-from-blueskys-app/). Germ operates as a separate encrypted layer accessible from within the Bluesky app, filling a gap the platform has [chosen not to address](https://www.sovereignmagazine.com/article/what-does-sovereign-tech-actually-mean-for-europe) natively.

## Former Apple privacy engineer co-founded the company

Germ was co-founded by Mark Xue, who worked as a privacy engineer at Apple on FaceTime and iMessage, and Tessa Brown, a communications scholar who previously taught at Stanford. Xue’s experience building consumer encryption at Apple informed the decision to adopt MLS rather than build a proprietary protocol.

The standalone Germ app is in public beta on iOS across North America and Europe. An Android version has not been announced.

## Daily active users jumped fivefold

Daily active users increased fivefold after the integration went live, according to the company. Bluesky has grown to over 25 million registered accounts since opening to the public in February 2024, and the uptake suggests demand for encrypted messaging within that user base.

The integration currently works only through iOS App Clips. Full functionality on Android and desktop would be needed before Germ can reach a significant share of Bluesky’s users.

## ATProto as a developer platform

Bluesky’s decision to enable a third-party messenger rather than build encrypted DMs internally is the more significant development. Platforms like X and Meta treat messaging as core proprietary infrastructure. Bluesky is instead delegating functionality to outside developers who build on ATProto, the [open-source framework](https://www.sovereignmagazine.com/article/global-demand-surges-for-decentralised-crypto-wallets-as-users-seek-security-and-control) that allows third-party applications to interact with the same user accounts, posts and social graph.

ATProto’s long-term value depends on developers actually adopting it. Germ is the first application to demonstrate that the protocol can support consumer products beyond posting and feeds. Whether more developers follow will determine if this is a one-off integration or the start of an actual platform ecosystem.

## Further Context

**Q: Are Bluesky chats encrypted?**
Bluesky’s built-in direct messages are not end-to-end encrypted. Messages sent through the native DM feature are visible to Bluesky PBC, the company that operates the platform. They can be accessed for content moderation, in response to valid law enforcement warrants, and could be exposed in a data breach. The Electronic Frontier Foundation has advised that sensitive conversations should be moved to dedicated encrypted messaging services.

**Q: Are Bluesky chats private?**
Bluesky direct messages are private in the sense that they are not publicly visible on feeds or profiles. By default, only accounts you follow can send you a DM, though this can be changed to allow messages from anyone or from no one. However, ‘private’ does not mean ‘encrypted’ in this context. The messages are stored on Bluesky’s servers and are accessible to the platform’s administrators.

**Q: How secure are Bluesky DMs?**
Bluesky’s native DMs provide basic access controls but lack end-to-end encryption, which is the standard security measure used by Signal, WhatsApp and iMessage. Bluesky has acknowledged the gap and stated its intention to add E2EE eventually, but protocol engineer Daniel Holmgren has described the technical challenge as significant. Germ’s integration provides an immediate alternative for users who require encrypted communications, running as a separate encrypted layer that sits on top of ATProto rather than modifying the protocol itself.
