Free Bluesky DID resolver with handle history
Resolves any Bluesky handle or DID to the full identity history. Returns the permanent did:plc:... identifier, the current profile, all prior handles the account has used, every PDS (Personal Data Server) migration, and every cryptographic key rotation — sourced from the public PLC directory audit log. Pure browser-side; no API key, no signup, no logging.
For OSINT and threat-intel investigators: Bluesky's biggest advantage over X/Twitter is that the DID is permanent. Even if a target changes their handle daily, the audit log preserves every previous identity. Document the DID first, then pivot from the handle history to find earlier accounts on the same person across other platforms — old handles often resurface unchanged on Mastodon, GitHub, Telegram, and elsewhere.
For real-time monitoring of public posts without alerting the target, every Bluesky profile exposes an RSS feed at bsky.app/profile/{handle}/rss. For raw repository inspection, the repoview.com tool shows the on-disk record structure. For block-list and labeller investigation, see ClearSky.
Frequently asked questions
Why is the DID more important than the handle?
On Bluesky / the AT Protocol, the handle (e.g. @alice.bsky.social) is just a human-friendly alias. The DID (did:plc:... or did:web:...) is the permanent cryptographic identifier — it never changes, regardless of how many times the user renames themselves, switches domains, or migrates between Personal Data Servers. For investigations, always document the DID first.
What is the PLC directory?
The PLC (Public Ledger of Credentials) is a centralized directory operated by Bluesky PBLLC that stores the canonical operation log for every did:plc: identity. Every change to a user's identity — handle changes, key rotations, PDS migrations — is logged with a timestamp and a cryptographic signature. The full audit log for any DID is publicly readable at plc.directory/{did}/log/audit.
Will did:web entries show history?
No. did:web: identities are self-hosted (the DID document lives at https://example.com/.well-known/did.json) and don't use the PLC ledger. Their history is whatever the host chooses to expose. The handle resolution and profile data still works for did:web; just not the audit log.
Can I find a Bluesky account that's been deleted?
Partially. If you have the DID, the PLC audit log persists forever even after account deletion — you can see when it was created, every handle it ever had, and when it was tombstoned. The actual posts, however, live on the user's PDS and are deleted with the account. Some third-party indexers may have cached posts.
Why do I sometimes see "nullified" entries?
PLC operations can be revoked by a higher-priority rotation key — usually because of a compromise recovery or operator-initiated action. Nullified entries are kept in the log for transparency but are not part of the canonical identity state. They're shown faded above for completeness.
How does this connect to OSINT investigation?
Three workflows: (1) persistence — record the DID early so handle changes don't break your trail; (2) aliasing — the alsoKnownAs list shows every prior handle, which is gold for cross-platform OSINT pivots; (3) infrastructure — the PDS endpoint reveals whether the account is on bsky.social or a self-hosted server, which can hint at technical sophistication and operational ties.