Inspiration
Every major social platform today has the same broken promise: an algorithm decides what you see, and you have no idea why. Combined with the rise of AI-generated content, it's become nearly impossible to tell what's real, who to trust, or why a post landed in front of you. We wanted to build the opposite — a social network where trust and transparency are the actual mechanics of the product, not a marketing slogan.
What it does
Signal is a trust-native social platform built around three ideas:
- Topic-specific trust, not blind following. You don't follow people — you trust them on specific subjects. Trusting someone on "AI & Machine Learning" doesn't mean you trust their opinions on anything else. Trust propagates through a real graph: if you trust Priya on AI, and Priya trusts someone else on AI, that person's posts can reach you too — with a visible Trust Provenance Card explaining the exact chain.
- A fully transparent algorithm. Your feed ranking is controlled by three sliders — Trust Chain Weight, Topic Relevance, and Recency — that you can see and adjust live. A plain-English summary sentence translates the current weights into a sentence anyone can understand, no jargon required. There's an explicit Algorithm Promise: no ads, no paid amplification, no rage-bait optimization, no hidden ranking signals.
- Human Authenticity Scoring. Every native post gets a real-time score computed from genuine behavioral signals captured during composition (typing cadence, edit count, paste detection, time spent). Every post — native or imported — displays this score and an honest explanation of how it was computed.
We also built a real integration with Bluesky's AT Protocol, in two layers. A topic-based Discover feed pulls real public Bluesky posts by subject and scores them for authenticity. Beyond that, we implemented genuine per-user OAuth (PKCE + DPoP, federated PDS discovery) — so a Signal user can connect their own Bluesky account and see their actual personal timeline inside Signal, scored the same way, with a "Your Network" tab showing real posts from real people they follow.
How we built it
Backend / Database: Amazon DynamoDB with a deliberate single-table design (table signal-app) — users, posts, trust edges, and algorithm preferences all share one table via prefixed composite keys (USER#id, POST#id, TRUST#topic#userId). Two GSIs support efficient queries by author and by topic. DynamoDB's TTL feature auto-expires OAuth handshake state during the Bluesky login flow, which removed the need for any manual cleanup job. AWS Secrets Manager stores the application's persistent ES256 signing key used to authenticate the Bluesky OAuth client, fetched once per warm serverless instance and cached.
Frontend: Next.js 16 (App Router) deployed on Vercel, with NextAuth handling Google and GitHub login. The UI is built on a custom design system — CSS variable-based tokens supporting full dark/light theming, a lightweight Three.js ambient background, and physically-interactive 3D tilt effects on cards, all built mobile-first and responsive across breakpoints.
Bluesky integration: We used the official @atproto/oauth-client-node package to implement a real OAuth client — including hosting our own client-metadata and JWKS discovery endpoints, generating and securely storing an ES256 keypair, and building DynamoDB-backed state and session stores that satisfy the library's required storage interfaces.
Challenges we ran into
The Bluesky AT Protocol's OAuth flow is genuinely complex because of its federated design — every user can be on a different Personal Data Server, so the client has to dynamically discover each user's authorization server rather than talking to one fixed endpoint. We also discovered partway through that Bluesky's public search API now requires authentication even for read-only queries, which meant pivoting our Discover feature to use a backend service-account login rather than fully anonymous access. On the authenticity scoring side, our first version of the algorithm gave almost every legitimate post a flat 90% score — we had to redesign it around graduated, multi-signal scoring (text length, engagement balance, hashtag/link density) so genuine variance shows up naturally instead of only reacting to red flags.
What we learned
How much production discipline a "simple" social app actually needs once you take authenticity and transparency seriously — designing a scoring algorithm that's honest rather than just plausible-looking is harder than it sounds. We also learned the real shape of AT Protocol OAuth, which is meaningfully different from standard OAuth providers due to its decentralized architecture.
What's next for Signal
DynamoDB Streams to propagate trust changes in real time across the graph, expanding the authenticity engine with more behavioral signals, and extending the same "connect your real account" pattern we built for Bluesky to other open platforms as their APIs become accessible.
Built With
- amazon-dynamodb
- amazon-web-services
- at-protocol
- aws-secrets-manager
- bluesky-oauth
- for
- github-oauth
- google-oauth
- next.js
- nextauth
- react
- sdk
- tailwind-css
- three.js
- typescript
- vercel


Log in or sign up for Devpost to join the conversation.