Mastodawn

Russ Nov 20, 2022

I have a request.

Bad actors will soon figure out - if they haven't already - that setting up impersonations of important organizations now will allow them to set off an explosion of chaos and confusion at a time of their choosing.

So if you run an account for an organization (especially #LGBTQ), please set up link verification between your Mastodon account profile and your organization's website.

If not, please boost.

Instructions are here under "Link Verification":
https://docs.joinmastodon.org/user/profile/

Setting up your profile - Mastodon documentation

Get started with your new account.

@theruss I'd even say that self-hosting their account is for them the best checkmark. If Company owns company.com, then I'd trust [email protected] more than [email protected].

Opaque Lightbulb Nov 20, 2022

@KekunPlazas That strikes me as an ideal way forward from the perspective of verification, but I worry that having every company that runs a social media presence -- given most companies are small -- having to *also* maintain a Mastodon instance might start to become a lot of overhead.

mandelbrot57 🐿️ 🧶Nov 20, 2022

@OpaqueLightbulb Good point! I run two accounts for a small group of volunteers. Will ask the techies to verify my account via link asap. Alas there are trolls in my field, too.

@OpaqueLightbulb
But they don't have to run the Mastodon instance by themselves! I have my own instance hosted at httos://ossrox.org for 5€ (5 users max, larger ones don't cost much more) and I only had to point the domainname owned by me at one of their servers. 🤷‍♂️
@KekunPlazas

Daniel de Kay Nov 20, 2022

@roland And they manage the instance, do updates, backup, and be on top of security?

@danieldekay
Yes, all the technical stuff. User admin and moderation is up to the customer.

…might work for coffee…Nov 21, 2022

@roland @danieldekay
But honestly how much moderation do your own accounts need?
PR blasts out some stuff, everyone is employed/in your project.

furthermore [email protected] feels very much like brand@gmail/yahoo/aol
All the red flags instantly go off. (like the vw accounts)

And ofc there are good other self hosted plugins/solutions.

Daniel de Kay Nov 21, 2022

@mwfc @roland Fully agree that moderation on a small instance with controlled users like from within a company should be a no- issue. I guess the only work would be Incoming stuff.

…might work for coffee…Nov 21, 2022

@danieldekay @roland

But why would you moderate that? you ignore stupid requests. Done. Should not be more interaction. Or am I missing something?

Daniel de Kay Nov 21, 2022

@roland @mwfc probably not. Thanks for the heads up.

…might work for coffee…Nov 21, 2022

@danieldekay @roland

Basicly I was thinking in the lines of setting up a institution server, so I was really wondering. And given the availibility of Friendica et al I see no reason why you should not host your own instance as a brand/institute. It should be really low effort, and no need to worry about ToS and other stuff on a foreign instance + brand recognition

This is more for commercial entities tho, I find VW odd to supposedly run to mastodon.social if true

https://europe.autonews.com/automakers/vw-joins-mastodon-concerns-over-twitter-mount

VW joins Mastodon as concerns over Twitter mount

VW is among a number of major car brands that have paused advertising on Twitter following Elon Musk's buyout of the platform.

Automotive News Europe

Daniel de Kay Nov 21, 2022

@roland @OpaqueLightbulb @KekunPlazas Maybe the solution for the future of the web business card? @antzee - here’s your personalized Mastodon server hassle free, see 👆🏼

The Matrix.org Foundation Nov 20, 2022

@KekunPlazas @theruss yup.

Chris Ely Nov 20, 2022

Even self-hosted organizations should use link verification from their website.

@matrix @KekunPlazas @theruss

Russ Nov 20, 2022

@KekunPlazas @voxpelli Yeah, @TexasObserver did this, and I think it's great.

There are three reasons I didn't issue this as a blanket recommendation, though:
1) It does involve both some effort and money on an ongoing basis; it's not fire-and-forget.
2) There's also a non-zero chance of an incorrectly-configured or undermaintained instance getting pwned.
3) Some folks use the same account for personal and work stuff, and I don't want my boss to be able to lock me out of my account.

Pelle Wessman Nov 20, 2022

@theruss @KekunPlazas @TexasObserver Yeah, I’m thinking I want to be at voxpelli(at)voxpelli.com eventually or eg me(at) or simply just voxpelli.com
I do professional and personal stuff from the same account, for sure wouldn’t want to have a different professional account that represents me

steelman Nov 20, 2022

@theruss @KekunPlazas @voxpelli @TexasObserver I am afraid TO hasn't done the rel="me" bit yet.

Russ Nov 21, 2022

@steelman @KekunPlazas @voxpelli @TexasObserver

It's not necessarily obvious, but having an instance running on the TexasObserver.com domain is substantially stronger evidence than a verified link from the website.

That said, it wouldn't hurt!

steelman Nov 21, 2022

@theruss @KekunPlazas @voxpelli @TexasObserver Of course! I didn't notice they've got their own domain and I was looking at the links. OTOH they haven't used their well known domain, instead they've bought a new one and without the rel="me" bit the connection between the domains isn't clear (even whois data are redacted). Their solution will help them avoiding instance wide bans, but it does little with regards to verification.

Texas Observer Nov 21, 2022

@steelman @theruss @KekunPlazas @voxpelli We will be adding the rel="me" linkage as soon as possible.

Pelle Wessman Nov 21, 2022

@TexasObserver @KekunPlazas @theruss @steelman be sure to only add it between URL:s that represents the same identity as you, so eg. don’t add it to the footer of all pages, else identity crawlers like my old experiment will have a really tough time: https://voxpelli.com/2012/10/relspider-what-why/

RelSpider - what and why? – Pelle Wessman

Texas Observer Nov 21, 2022

@voxpelli @KekunPlazas @theruss @steelman thank you, appreciate the tip.