@Richard_Hull It's a lovely initiative - one I hope many more organisations will follow.
I've started keeping track of these 'official' instances here:
@TomRaftery ICANN wouldn't.
Domain registration has always been on a first come first serve basis, except for the introduction of new top level domains (.eu, .xyz, .social, ...) which *may* offer a sunrise period where trademark holders can claim their domain before the public can, if they provide the right credentials.
For .news domains there does seem to be some kind of brand protection / cyber squatting protection in place: https://identity.digital/products-services/dpml/
No idea what it's worth though...
@TomRaftery Generally though, you're allowed to register domain names with the same name as trademarked brands as long as you do so in good faith.
If my local stamp collectors club called 'Reuters' wants to publish a newsletter at reuters.news, it can do so.
If I launch my own global news / current affairs site under the domain reuters.news, they probably have grounds to sue.
(Not a lawyer. Don't confuse my opinion with factual correctness.)
@Richard_Hull @TomRaftery Hmmm... those journo instances are similar to all other community-oriented mastodon neighborhoods.
Nothing wrong with them, but for journalists I would love to see orgs run *their own* instances, if only to provide instant 'verification'.
What could be more trustworthy - identity wise - than seeing accounts like @[email protected]?
@Richard_Hull To continue the hypothetical example:
cnn.social
would be far less trustworthy than
social.cnn.com.
The well-known domain is key here, and bad actors would only be able to abuse it by hijacking the entire cnn.com domain, which is highly unlikely to ever happen. (Though not impossible)
That doesn't mean cnn.social could never become trusted, but it would take time and resources, and the result would still be... meh.
@Richard_Hull That said, it's not impossible that we'll start seeing phishing-style 'official' instances:
- @[email protected]
- @[email protected]
- ...
Though should that start to happen, I'm sure a security warning mechanism will get developed, similar to the current fedi blocklists or https://haveibeenpwned.com
@dkellyj Wow, was not aware that banks, of all orgs, use special purpose domain names instead of building on their main domain name that's already trusted.
It's quite likely they do this because internal processes / IT infrastructure makes it near impossible to get certain things done. So they circumvent their own rules by launching on separate domain names.
I've seen this several times when working with large orgs...
@dkellyj Well they were right to keep the domains - nothing worse than having those get snatched up by baddies.
But ideally all of those domains' request should have been redirected to the main domain, if only to a special purpose landing page explaining why they ended up there.
The larger the org, the larger the mess.
@dkellyj That must've been such a Wild West era :)
Reminds me of when I did ADSL broadband support 20-odd years ago, and we could see the users' dial-up and email passwords on our screen, and used that for identification.
(that call center company was shitty but I learned a lot about the telco industry)
@jpoesen @Richard_Hull @TomRaftery
Mastodon can also do domain aliases do you could even have @[email protected]
@jpoesen you can also alias your existing username to your own website, so for example, if you are hosted on social.coop, but have a domain like jpoesen.me, you could alias it so people can find you by searching "[email protected]".
https://blog.maartenballiauw.be/post/2022/11/05/mastodon-own-donain-without-hosting-server.html
@jmaris Excellent. Looks just the right type of project to hack on during the xmas break, next to the fireplace, sipping hot cocoa.
And it looks like the ActivityPub #Drupal module has received some renewed love too, so I'll be looking forward to see how my site can interact with the fediverse in multiple ways.
Neat!
@Richard_Hull @TomRaftery @jpoesen Oof, journa.host - it looked fine in theory but in practice it was largely unmoderated. Mix that with transphobic right wing journalists, and...
the result wasn't pretty. Many instances in here blocked journa host for repeated offenses, hosting a data scrapper, failure to kick transphobes in time, and so on.
I would trust a journalist instance if it put human rights above all.
@Tribo @TomRaftery @Richard_Hull Next step: outsourcing moderation to a new type of digital agency.
They already do community building and community management. Why not add custom moderation to those services, based on the org's chosen set of policies?
#FreeStartupIdea right there.
@TomRaftery @jpoesen @Richard_Hull Really feel like this is worth mentioning in regards to domain and subdomain naming:
There's a way to set up a Mastodon server to have its user accounts federate as [email protected] while having the server itself exist at something like social.organization.com. You set LOCAL_DOMAIN to social.organization.com and WEB_DOMAIN to organization.com when setting up the server. Just like an org's mail server may exist at mail.organization.com but the email address is [email protected]
This way, you could even have your professional social handle be exactly the same as your professional email address, but with an @ in front of it. And it makes domain verification even cleaner-looking.
MichelleL
Richard Hull
jpoesen
Tom Raftery
Mysturji
David K
Korny
Jordan Maris 🇪🇺 🇺🇦 #NAFO
Jonathan-FL 🇺🇸🇺🇦🇵🇸⚛️💙
Cyber Yuki
Antonio Santos 🇵🇹
Dr James Morris
Marverde
Enron Hubbard
lertsenem
Mark Alves
Siun