James Showalter describes a pretty specific if not entirely implausible nightmare scenario. Someone drives up to your house, cracks your Wi-Fi password, and then starts messing with the solar inverter mounted beside your garage. This unassuming gray box converts the direct current from your rooftop panels into the alternating current that powers your home.

“You’ve got to have a solar stalker” for this scenario to play out, says Showalter, describing the kind of person who would need to physically show up in your driveway with both the technical know-how and the motivation to hack your home energy system.

The CEO of EG4 Electronics, a company based in Sulphur Springs, Texas, doesn’t consider this sequence of events particularly likely. Still, it’s why his company last week found itself in the spotlight when U.S. cybersecurity agency CISA published an advisory detailing security vulnerabilities in EG4’s solar inverters. The flaws, CISA noted, could allow an attacker with access to the same network as an affected inverter and its serial number to intercept data, install malicious firmware, or seize control of the system entirely.

For the roughly 55,000 customers who own EG4’s affected inverter model, the episode probably felt like an unsettling introduction to a device that they little understand. What they’re learning is that modern solar inverters aren’t simple power converters anymore. They now serve as the backbone of home energy installations, monitoring performance, communicating with utility companies, and, when there’s excess power, feeding it back into the grid.

Much of this has happened without people noticing. “Nobody knew what the hell a solar inverter was five years ago,” observes Justin Pascale, a principal consultant at Dragos, a cybersecurity firm that specializes in industrial systems. “Now we’re talking about it at the national and international level.”

Security shortcomings and customers complaints

Some of the numbers highlight the degree to which individual homes in the U.S. are becoming miniature power plants. According to the U.S. Energy Information Administration, small-scale solar installations – primarily residential – grew more than fivefold between 2014 and 2022. What was once the province of climate advocates and early adopters became more mainstream owing to falling costs, government incentives, and a growing awareness of climate change. 

Each solar installation adds another node to an expanding network of interconnected devices, each one contributing to energy independence but also becoming a potential entry point for someone with malicious intent.

When pressed about his company’s security standards, Showalter acknowledges its shortcomings, but he also deflects. “This is not an EG4 problem,” he says. “This is an industry-wide problem.” Over a Zoom call and later, in this editor’s inbox, he produces a 14-page report cataloguing 88 solar energy vulnerability disclosures across commercial and residential applications since 2019. 

Not all of his customers – some of whom took to Reddit to complain – are sympathetic, particularly given that CISA’s advisory revealed fundamental design flaws: communication between monitoring applications and inverters that occurred in unencrypted plain text, firmware updates that lacked integrity checks, and rudimentary authentication procedures.

“These were fundamental security lapses,” says one customer of the company, who asked to speak anonymously. “Adding insult to injury,” continues this individual, “EG4 didn’t even bother to notify me or offer suggested mitigations.”

Asked why EG4 didn’t alert customers straightaway when CISA reached out to the company, Showalter calls it a “live and learn” moment.

“Because we’re so close [to addressing CISA’s concerns] and it’s such a positive relationship with CISA, we were going to get to the ‘done’ button, and then advise people, so we’re not in the middle of the cake being baked,” says Showalter.

TechCrunch reached out to CISA earlier this week for more information; the agency has not responded. In its advisory about EG4, CISA states that “no known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.”

Connections to China spark security concerns

While unrelated, the timing of EG4’s public relations crisis coincides with broader anxieties about the supply chain security of renewable energy equipment.

Earlier this year, U.S. energy officials reportedly began reassessing risks posed by devices made in China after discovering unexplained communication equipment inside some inverters and batteries. According to a Reuters investigation, undocumented cellular radios and other communication devices were found in equipment from multiple Chinese suppliers – components that hadn’t appeared on official hardware lists.

This reported discovery carries particular weight given China’s dominance in solar manufacturing. That same Reuters story noted that Huawei is the world’s largest supplier of inverters, accounting for 29% of shipments globally in 2022, followed by Chinese peers Sungrow and Ginlong Solis. Some 200 GW of European solar power capacity is linked to inverters made in China, which is roughly equivalent to more than 200 nuclear power plants.

The geopolitical implications haven’t escaped notice. Lithuania last year passed a law blocking remote Chinese access to solar, wind and battery installations above 100 kilowatts, effectively restricting the use of Chinese inverters. Showalter says his company is responding to customer concerns by similarly starting to move away from Chinese suppliers entirely and toward components made by companies elsewhere, including in Germany.

But the vulnerabilities CISA described in EG4’s systems raise questions that extend beyond any single company’s practices or where it sources its components. The U.S. standards agency NIST warns that “if you remotely control a large enough number of home solar inverters, and do something nefarious at once, that could have catastrophic implications to the grid for a prolonged period of time.”

The good news (if there is any), is that while theoretically possible, this scenario faces a lot of practical limitations.

Pascale, who works with utility-scale solar installations, notes that residential inverters serve primarily two functions: converting power from direct to alternating current, and facilitating the connection back to the grid. A mass attack would require compromising vast numbers of individual homes simultaneously. (Such attacks are not impossible but are more likely to involve targeting the manufacturers themselves, some of which have remote access to their customers’ solar inverters, as evidenced by security researchers last year.)

The regulatory framework that governs larger installations does not right now extend to residential systems. The North American Electric Reliability Corporation’s Critical Infrastructure Protection standards currently apply only to larger facilities producing 75 megawatts or more, like solar farms.

Because residential installations fall so far below these thresholds, they operate in a regulatory gray zone where cybersecurity standards remain suggestions rather than requirements.

But the end result is that the security of thousands of small installations depends largely on the discretion of individual manufacturers that are operating in a regulatory vacuum.

On the issue of unencrypted data transmission, for example, which is one reason EG4 received that slap on the hand from CISA, Pascale notes that in utility-scale operational environments, plain text transmission is common and sometimes encouraged for network monitoring purposes.

“When you look at encryption in an enterprise environment, it is not allowed,” he explains. “But when you look at an operational environment, most things are transmitted in plain text.”

The real concern isn’t an immediate threat to individual homeowners. Instead it ties to the aggregate vulnerability of a rapidly expanding network. As the energy grid becomes increasingly distributed, with power flowing from millions of small sources rather than dozens of large ones, the attack surface expands exponentially. Each inverter represents a potential pressure point in a system that was never designed to accommodate this level of complexity.

Showalter has embraced CISA’s intervention as what he calls a “trust upgrade” – an opportunity to differentiate his company in a crowded market. He says that since June, EG4 has worked with the agency to address the identified vulnerabilities, reducing an initial list of ten concerns to three remaining items that the company expects to resolve by October. The process has involved updating firmware transmission protocols, implementing additional identity verification for technical support calls, and redesigning authentication procedures.

But for customers like the anonymous EG4 customer who spoke with frustration about the company’s response, the episode highlights the odd position that solar adopters find themselves in. EG4’s customers had purchased what they understood to be climate-friendly tech, only to discover they’d become unwitting participants in a knotty cybersecurity landscape that few seem to fully comprehend.

Is the grass greener on the other side? We’re not sure, but the sky is most certainly bluer. It’s been over two years since Elon Musk purchased Twitter, now X, leading people to set up shop on alternative platforms. Mastodon, Post, Pebble (two of which have already shuttered operations) and Spill have been presented as potential replacements, but few aside from Meta’s Threads have achieved the speed of growth Bluesky has reached.

As of February 2025, Bluesky has surpassed 30 million users. Its growth stems from several policy changes at X, including a heavily criticized change to the block feature and allowing third party companies to train their AI on users’ posts, which helped the app soar to the top of the U.S. App Store. Bluesky also saw a big boost following the results of the 2024 U.S. presidential election (which also contributed to an X exodus by Taylor Swift fans). But while the number is promising, the growth has slowed — and the network has a lot of catching up to do to compete with Threads’ 275 million monthly active users.

Below, we’ve compiled the answers to some of the most common questions users have about Bluesky. And if you’ve made the switch, you can follow TechCrunch here as well as our team with our Starter Pack.

What is Bluesky?

Bluesky is a decentralized social app conceptualized by former Twitter CEO Jack Dorsey and developed in parallel with Twitter. The social network has a Twitter-like user interface with algorithmic choice, a federated design and community-specific moderation.

Bluesky is using an open source framework built in-house, the AT Protocol, meaning people outside of the company have transparency into how it is built and what is being developed.

Dorsey introduced the Bluesky project back in 2019 while he was still Twitter CEO. At the time, he said Twitter would be funding a “small independent team of up to five open source architects, engineers, and designers,” charged with building a decentralized standard for social media, with the original goal that Twitter would adopt this standard itself. But that was before Elon Musk bought the platform, so Bluesky is completely divorced from X.

As of May 2024, Dorsey is no longer on Bluesky’s board. Bluesky is now an independent public benefit corporation led by CEO Jay Graber.

How do you use Bluesky?

Upon signing up, users can create a handle which is then represented as @username.bsky.social as well as a display name that appears more prominent in bold text. If you’re so inclined, you can turn a domain name that you own into your username — so, for example, I’m known on Bluesky as @amanda.omg.lol.

The app itself functions much like X, where you can click a plus button to create a post of 256 characters, which can also include photos. Posts themselves can be replied to, retweeted, liked and, from a three-dot menu, reported, shared via the iOS Share Sheet to other apps, or copied as text.

You can search for and follow other individuals, then view their updates in your “Home” timeline. Previously, the Bluesky app would feature popular posts in a “What’s Hot” feed. That feed has since been replaced with an algorithmic and personalized “Discover” feed featuring more than just trending content. 

For new users, Bluesky introduced a “Starter Pack” feature, which creates a curated list of people and custom feeds to follow in order to find interesting content right out of the gate. You can find TechCrunch’s Starter Pack right here.

User profiles contain the same sort of features you’d expect: a profile pic, background, bio, metrics and how many people they’re following. Profile feeds are divided into two sections, like X: posts and posts & replies. In January 2025, Bluesky also added a new video tab to user profiles.

There is also a “Discover” tab in the bottom center of the app’s navigation, which offers more “who to follow” suggestions and a running feed of recently posted Bluesky updates. In January 2025, Bluesky also introduced a vertical video feed to compete with TikTok.

We’ve also put together a helpful guide on how to use Bluesky here.

Who’s on Bluesky?

By the beginning of July 2023, when Instagram’s Threads launched, Bluesky topped a million downloads across iOS and Android. Notable figures like Rep. Alexandria Ocasio-Cortez, Mark Cuban, Quinta Brunson, Dril, Weird Al Yankovic, Guillermo del Toro, Barbra Streisand, and Brazil President Luiz Inácio Lula da Silva have migrated to Bluesky.

Bluesky is also home to news organizations like Bloomberg, The Washington Post, and of course, TechCrunch! Since August 2024, Bluesky is also now allowing heads of state to sign up and join the platform for the first time.

In 2025, some prominent U.S. political figures set up accounts on the platform, like Barack Obama and Hillary Clinton.

Does Bluesky work just like X?

In many ways, yes. When it first started, Bluesky was much more pared down and didn’t even have DMs, but this key feature has since been implemented, even with emoji reactions. But DMs on Bluesky are currently limited to one-to-one messages, not group messages. Bluesky has also said it is interested in implementing something similar to X’s Community Notes feature. Additionally, X does not use a decentralized protocol like ActivityPub or AT. Bluesky has also been testing a Trending Topics feature and developing its own photo sharing app called Flashes, which is expected to be released in beta soon.

In October 2024, Elon Musk announced that X’s block feature would work differently than it has in the past. The new block functionality allows users you have blocked to view your posts and your profile, but not the ability to interact with your posts. Some users believe this update to be a safety concern, leading to an influx in Bluesky sign-ups as its block feature is more traditional.

In another move that separates Bluesky from X, the social network said it has “no intention” of using user content to train generative AI tools as X implemented a new terms of service that allows the platform to train AI models on public posts. But that doesn’t stop third parties from doing so.

While Bluesky was initially kicked off as a project convened by Jack Dorsey in 2019 when he was CEO of Twitter, the social app has been an independent company since its inception in 2021.

Is Bluesky free?

Yes, and it is now open to the public.

How does Bluesky make money?

Bluesky’s goal is to find another means to sustain its network outside of advertising with paid services, so it can remain free to end users. On July 5, 2023, Bluesky announced additional seed round funding and a paid service that provides custom domains for end users who want to have a unique domain as their handle on the service. Bluesky has also emphasized that it does not want to “require selling user data for ads” in order to monetize its platform.

In November 2024, Bluesky announced it raised a $15 million Series A round and is developing a subscription service for premium features. Bluesky, however, noted its subscription model will not follow in the footsteps of X’s “pay to win” premium offerings. Users have spotted mockups teasing the subscription feature, dubbed Bluesky+, which could include features like higher quality video uploads and profile customizations.

In December 2024, Peter Wang announced a $1 million fund, dubbed Skyseed, that will offer grants to those building on Bluesky’s open source AT Protocol.

Is Bluesky decentralized?

Yes. Bluesky’s team is developing the decentralized AT Protocol, which Bluesky was built atop. In its beta phase, users can only join the bsky.social network, but Bluesky plans to be federated, meaning that endless individually operated communities can exist within the open source network. So, if a developer outside of Bluesky built their own new social app using the AT Protocol, Bluesky users could jump over to the new app and port over their existing followers, handle and data.

“You’ll always have the freedom to choose (and to exit) instead of being held to the whims of private companies or black box algorithms. And wherever you go, your friends and relationships will be there too,” a Bluesky blog post explained.

What third-party apps are built on the AT Protocol?

Many developers are building consumer-facing apps on Bluesky or its underlying AT Protocol. These apps are built on open technology, as opposed to being siloed within big tech’s centralized, opaque ownership.

Some social apps include Flashes, a photo viewing client; Spark, a TikTok-like app; and Skylight Social, which is backed by Mark Cuban.

Check out our more comprehensive list at various apps built within this ecosystem, including cross-posting apps, music apps, feed builders, and livestreamers.

Is Bluesky secure?

In October 2023, Bluesky added email verification as part of a larger effort to improve account security and authentication on the network. The addition is an important step forward in terms of making Bluesky more competitive with larger networks like X, which have more robust security controls. In December 2023, Bluesky allowed users to opt out of a change that would expose their posts to the public web following backlash from users. 

Is Bluesky customizable?

Yes. In May 2023, Bluesky released custom algorithms, which it calls “custom feeds.” Custom feeds allow users to subscribe to multiple different algorithms that showcase different kinds of posts a user may want to see. You can pin custom feeds that will show up at the top of your timeline as different tabs to pick from. The feeds you pin, or save, are located under the “My Feeds” menu in the app’s sidebar.

In March 2024,​​ the company announced “AT Protocol Grants,” a new program that will dole out small grants to developers in order to foster growth and customization. One of the recipients, SkyFeed, is a custom tool that lets anyone build their own feeds using a graphical user interface. 

Is Bluesky on iOS and Android?

Yes. Bluesky has rolled out to Android users after it was initially launched to iOS users. Users can access Bluesky on the web here.

How does Bluesky tackle misinformation?

After an October 2023 update, the app will now warn users of misleading links by flagging them. If links shared in users’ posts don’t match their text, the app will offer a “possibly misleading” warning to the user to alert them that the link may be directing them somewhere they don’t want to go.

In December 2024, the Bluesky Safety team posted that the company updated its impersonation policy to be “more aggressive,” adding that “impersonation and handle-squatting accounts will be removed.” The company said it is also exploring alternatives to its current domain handle verification process.

Has Bluesky had any controversies?

Bluesky has been embattled with moderation issues since its first launch. The app has been accused of failing to protect its marginalized users and failing to moderate racist content. Following a controversy about the app allowing racial slurs in account handles, frustrated users initiated a “posting strike,” where they refused to engage with the platform until it established guardrails to flag slurs and other offensive terms in usernames.

In December 2024, Bluesky also faced criticism when writer and podcast host Jesse Singal joined the platform. Singal has been cataloged by GLAAD’s Accountability Project for his writings on transgender issues and other matters. Bluesky users have reported Singal’s account en masse, leading the company to ban him, reinstate him, and then label his account intolerant by its moderation service.

What moderation features does Bluesky have?

In December 2023, Bluesky rolled out “more advanced automated tooling” designed to flag content that violates its Community Guidelines that will then be reviewed by the app’s moderation team. Bluesky has moderation features similar to ones on X, including user lists and moderation lists, and a feature that lets users limit who can reply to posts. However, some Bluesky users are still advocating for the ability to set their accounts to private. 

In March 2024, the company launched Ozone, a tool that lets users create and run their own independent moderation services that will give users “unprecedented control” over their social media experience. In October 2024, Bluesky joined Instragram’s Threads app in an effort to court users who were frustrated by Meta’s moderation issues.

In January 2025, Bluesky published its 2024 moderation report that said it saw a 17x increase in moderation reports following the rapid growth on the platform. The report also noted that the largest number of reports came from users reporting accounts or posts for harassment, trolling, or intolerance — an issue that’s plagued Bluesky as it’s grown. To meet the demands caused by this growth, Bluesky increased its moderation team to roughly 100 moderators and will continue to hire.

Bluesky revamped its Community Guidelines in August 2025, with some of the changes representing an effort by Bluesky to purposefully shape its community and the behavior of its users.

What’s the difference between Bluesky and Mastodon?

Though Bluesky’s architecture is similar to Mastodon’s, many users have found Bluesky to be more intuitive, while Mastodon can come off as inaccessible: Choosing which instance to join feels like an impossible task on Mastodon, and longtime users are very defensive about their established posting norms, which can make joining the conversation intimidating. To remain competitive, Mastodon recently simplified its sign-up flow, making mastodon.social the default server for new users.

However, the launch of federation will make it work more similarly to Mastodon in that users can pick and choose which servers to join and move their accounts around at will. 

Who owns Bluesky?

Though Jack Dorsey funded Bluesky, he is not involved in day-to-day development and no longer sits on the company’s board. The CEO of Bluesky is Jay Graber, who previously worked as a software engineer for the cryptocurrency Zcash, then founded an event-planning site called Happening.

If you have more FAQs about Bluesky not covered here, leave us a comment below. 

This story was originally published in May 2023 and is updated regularly with new information.

The Trump administration continues to meddle with semiconductor giant Intel.

The U.S. government is reportedly in discussions to take a stake in Intel, according to reporting from Bloomberg. This deal would be structured to help the company expand its U.S. manufacturing efforts, including its much-delayed Ohio chip factory.

This news comes less than a week after President Donald Trump insisted that Intel CEO Lip-Bu Tan resign because of perceived conflicts of interest. While Trump didn’t provide a reason, this came after Republican U.S. Sen. Tom Cotton wrote to Intel’s board asking about Tan’s alleged ties to China.

Tan met with the Trump administration on August 11 to quell the administration’s fears and figure out ways for the company to work with the government. This meeting is what sparked discussions of the U.S. government taking a direct stake in the company, according to Bloomberg.

Intel declined to comment.

“Intel is deeply committed to supporting President Trump’s efforts to strengthen U.S. technology and manufacturing leadership,” an Intel spokesperson said in a statement. “We look forward to continuing our work with the Trump Administration to advance these shared priorities, but we are not going to comment on rumors or speculation.”

We’re always looking to evolve, and by providing some insight into your perspective and feedback into TechCrunch and our coverage and events, you can help us! Fill out this survey to let us know how we’re doing and get the chance to win a prize in return!