Bluesky gave me a verification checkmark last week. The blue badge now sits next to my name, confirming that I am, in fact, me. It is also nice to know that I have the same amount of checkmarks as Jerry, which is also important.
Bluesky has been steadily verifying people within the atproto developer community. The official framing is about authenticity and preventing impersonation, but in a community of this size, verification is less about confirming identity than about signalling who the ecosystem considers notable. Right now, the primary signal of "this person is a trusted member of the developer community" is issued by the venture-funded company at the center of the network rather than by the community itself.
The protocol actually has infrastructure for this. Bluesky's Trusted Verifier system lets independent organizations issue their own verification badges. The New York Times can verify its journalists, a university its researchers. In principle, some entity representing the atproto developer community could verify its own members, but in practice, no such entity exists.
I've been saying for a while that the atproto ecosystem functions as a subculture. As I wrote after the Atmosphere conference, everyone knows everyone, and everyone knows that everyone knows everyone, in the way you find in scenes rather than industries. But what distinguishes this subculture from most others is the structural position of Bluesky at its center. Subcultures normally either lack an institutional core or define themselves against one. The atmosphere community has a hundred-million-dollar company at its heart that it broadly likes and trusts, and that genuinely participates in the community around it.
For the dev community to verify its own members, it would need three things simultaneously: an entity to operate the verifier, criteria for who qualifies, and enough legitimacy that the verification actually means something. The problem is that each of these depends on the other two. You can't define criteria without some authority to set them. You can't claim authority without community buy-in. And you can't get buy-in without first demonstrating that the criteria and operation are credible. This is a bootstrapping problem that communities have a hard time solving.
Bluesky bypasses it entirely because its legitimacy as the protocol's developer is already established. And it matters what's actually being verified. When the New York Times confirms one of its reporters, it is describing straightforward fact about employment status. "This person is a notable atproto developer" involves judgment about what counts as notable and what counts as a developer, and those judgments become political the moment you have to make them explicit. Bluesky can make these calls quietly, case by case. A community verifier would need to formalize what is currently informal, and formalization has costs.
The conditions that make the community good are the same conditions that keep it dependent. If the dev community were in conflict with Bluesky, there would be a clear motivation to build independent institutions. The alignment and warmth actually suppress the urgency that would otherwise drive institutional formation. Nobody needs to solve the bootstrapping problem right now, because Bluesky is handling it fine, which is exactly the situation that makes future independence harder to achieve, one small comfortable dependency at a time.
I don't think this is a crisis or even necessarily a problem that needs solving today. One of the most valuable things Bluesky provides to the atproto ecosystem is something harder to replicate than code or infrastructure: coordination authority, the ability to make decisions that stick because people trust the entity making them. For the ecosystem to mature into genuine independence, the community would eventually need to develop its own sources of coordination authority. That's a social challenge, not a technical one, and the kind that open protocol communities have historically found much harder than writing software.