Thomas Theunen 🦏
henry ✷btw, if you want to verify a link to a site but don’t necessarily want to backlink to mastodon, you can use `link rel=me` in your `<head>` instead of an anchor tag like mastodon suggests.
ahh, this might be obvious to folks and if it is obvious to you then gosh how i admire your intellect, and i envy the inevitable life of hedonistic delight you must live but i'm not very smart personally so i had to try it out for myself
Ras Fincher@henry Needed it too. My personal site is a gatsby static site and couldn’t for the life of me figure out the best place to put it.
Dave 🧱 
@henry dang I I needed this, thank you!
CodexNotFound@henry I expected this to work, but never saw it documented anywhere, so I assumed it wouldn't. Good to know.
Daniel Schildt@henry That is also useful if one has accounts on multiple Mastodon servers, but only wants to point new followers to one of those. Many good reasons for having multiple accounts, for variety of reasons.
mortendk 🤘
Michael Knepprath@henry oh nice ty
Kevin Marks@henry this is true but having a visible link on the page is good confirmation for people who click through as well. The rel=me pattern is designed as a machine readable version of the existing "I link my sites together" pattern.
If you are an organisation linking to staff mastodon pages, it's better to do that from the individual's profile page on your site than from the main page, as that is clearer to maintain in most cases, especially when staff change.
If you are an organisation linking to staff mastodon pages, it's better to do that from the individual's profile page on your site than from the main page, as that is clearer to maintain in most cases, especially when staff change.
Marijke Luttekes@henry I would have known this before starting a few hours of website upgrade frenzy prior to *actually adding the link* last week 🥲
(Repost because I forgot to tag the original toot)
(Repost because I forgot to tag the original toot)
Nafeon the Bear@henry actually haven't thought about it and put it into a footer that just doesn't render ^^``
I should fix that. Thank you.
I should fix that. Thank you.
tarasis@henry thanks, much more preferable
Pat Patterson@henry Nice - thank you! Now I can remove the empty <a> tag from my blog front page!
Nuzz 🧋@henry I was wondering if this was the case, but I wasn’t sure and didn’t try it. Thanks for testing it! I’ll probably switch to this in short order.
VerticalBlank@henry @samdeane Thinking aloud here. My full Mastodon ID is public. Therefore Mallory Mal-Actor can add such a link to *any* website of theirs.
So the presence of the link merely verifies that Mallory controls their *own* sites.
Because there is no challenge/response mechanism, such as used by LetsEncrypt, there is no assurance that *I myself* control the site.
So, correct me if I'm wrong (it often happens) this is just security theatre and not worth wasting time on?
@VerticalBlank @samdeane I mean. If Bad Actor adds a <link rel="me" href="your mastodon URL"/> to their site and then links to it from their Mastodon instance then it will not be verified. Maybe I'm not understanding the scenario you're suggesting? The verification is only added if the `href=""` for `rel="me"` matches the referring user's Mastodon URL.
@henry @samdeane As I said, just thinking aloud.
Essentially you are saying that if Mallory posts my <link rel="me" href="your mastodon URL"/> to his server then that is not a risk.
I am saying that trusting such a link, which literally anyone can create and post, is fundamentally a bad basis for any kind of verification model.
@VerticalBlank @samdeane yeah, so the good news is, it doesn't verify the account or the user, it just verifies that the person who says they own a particular site actually owns that site. You can read more about this here. https://indieweb.org/rel-me
Sam Deane@VerticalBlank @henry my understanding is that the basis for verification is you asserting that you own a site by placing a link to it in your profile.
Which only you can do.
The back-pointing rel=“me” link is proof of that assertion, but on its own it does nothing.
@samdeane @henry Thanks both, I have found this which explains a lot <https://youtu.be/aiXYu-Zz38c?t=468>
If you are a public figure then having your own, recognized website confirm your Mastodon handle suddenly makes much more sense.
How To Mastodon - Pt 3 - Get Verified, Move Instances
@henry thanks for the tip!
Cezzre@henry still not getting verified. Not sure why.
Dustin Dikes@henry It didn't occur to me that this was an option, that's great to know, thank you for sharing!