End-to-end encryption (E2EE) is a method of securing communication so that only the sender and intended recipient can read the messages.
When a message is sent, it's encrypted on the sender’s device and can only be decrypted by the recipient’s device using a unique cryptographic key. This means that even if the data is intercepted while being transmitted—whether by hackers, service providers, or governments—it remains unreadable to anyone except the two parties involved.
No one else, not even the app or platform handling the message, can access its contents.
This level of privacy makes E2EE especially valuable for sensitive conversations, protecting users from surveillance, data breaches, and unauthorized access.
And this time, after more than two years of development, a startup called 'Germ' is officially launching its encrypted DM feature into beta, aiming to gradually onboard testers before opening access to the public.
Among of them, one notable early adopter is the Bluesky social network.
By using Germ's E2EE, Bluesky should be able to offer users a more secure alternative to the platform’s existing direct messaging system.
Germ’s mission is to provide a privacy-first messaging experience for the decentralized social web.
To do this, Germ explained that it uses what it's called the Autonomous Communicator (AC) Protocol, a purpose-built system that enables users to define multiple identities—called “agents”—and securely exchange contact cards for encrypted messaging relationships.
What makes Germ particularly distinctive is its approach to identity and access.
Each profile card represents an autonomous identity; when two users exchange cards, they share permissioned access, and blocking or terminating a connection revokes that access unless re‐exchanged.
Under the hood, the AC Protocol layers the IETF-approved Messaging Layer Security (MLS) standard for robust end-to-end encryption beneath a dynamic identity system. This separation of identity from transport allows identity information to evolve independently and avoids exposing user identifiers in transit. Germ's servers merely relay encrypted messages and cards—without access to the content.
For one-on-one messaging, Germ uses a specialized form called PairMLS. In this setup, conversations take place in ratcheting MLS groups where each user proposes updates—like rotating their keys or updating credentials—on alternating message epochs. This approach lets users evolve both their encryption state and their identity metadata over time, maintaining strong security and identity flexibility.
In essence, the AC Protocol transforms messaging and contact lists into decentralized, encrypted, consensual systems: identities live as dynamic, exchangeable agents, messaging stays end‑to‑end encrypted, and the user’s control is central. All of Germ’s technical layers support a vision of private, evolving relationships on the open social web.
It's this very technical foundation that allows Germ to integrate seamlessly with Bluesky and other ATProto-based apps like Flashes and Skylight.
Instead of relying on traditional identifiers like phone numbers, Germ connects directly with ATProto identities. Users can control who’s allowed to message them—for example, accepting DMs only from people they follow or setting permissions so only they can initiate conversations. Blocking is also flexible: users can choose to block someone just in Germ or across all ATProto-linked apps.
Germ introduces an innovative approach to messaging through the use of a “magic link”—a cryptographic key embedded in a user’s Bluesky bio.
When another user taps the link on iOS, they can start a secure conversation instantly without needing to install a separate app.
This functionality is made possible by Apple’s App Clips, which run lightweight versions of apps for specific tasks. While App Clips are typically used for things like parking payments, Germ repurposes them for spontaneous, secure chats.
Once a chat is initiated via the App Clip, users can opt to download the full Germ app, which unlocks additional features like a friend list and deeper Bluesky integration. In early tests, the pairing feature between Germ and Bluesky occasionally ran into issues—likely due to the unreleased iOS 26 developer beta—but these were often resolved by initiating chats through the App Clip first.
Germ was was founded by Tessa Brown, a communications scholar and former Stanford educator, and Mark Xue, a former Apple privacy engineer who worked on technologies like FaceTime and iMessage.
Brown was motivated by her academic research, which showed that private communication is essential for fostering healthy online interactions. Xue, meanwhile, saw the limitations of phone number–based messaging systems and sought to reimagine secure communication from the ground up.
Brown expressed enthusiasm about Germ’s growth within the Bluesky ecosystem, especially as the platform gains visibility and attracts high-profile users, including Barack Obama and Hillary Clinton. With Germ leading the way in encrypted communication on Bluesky, there’s potential for the technology to be formally adopted by Bluesky itself.
At this time, Germ is free.
However, the company may introduce a premium subscription in the future, offering additional features like private AI tools and customization options.