if you see "me" messaging about joining a Telegram or buying crypto, please double check the Mastodon server they're on!
I'm only on hachyderm.io, and there's now someone trying to impersonate me on a different instance, asking people to join their telegram.
remember! you can double-check that my profile belongs to me by looking at the verified links in the bio section.
if you're not familiar with how those work, any time you see a green check on a link in someone's bio you can trust that they have control over that website or page.
@molly0xfff
This worked for my first account, I moved to my current server (ohai.social), and it has not worked since, despite (duh) updating the link. I checked the html on the referenced page, the verification text appears verbatim. And it worked once, before.
I know this never happens in software, but I cannot help suspecting there is a bug.
@molly0xfff but having "something" show up green there is pretty easy to replicate. And if people do not know your home server they might also not know what other URLs are "you".
This is one of the hard problems to solve, I think.
@molly0xfff I feel like it might be too easy to impersonate people since it's a bit of a hassle to click on the bio, then go back to the post again after checking. Not only a hassle, but also you need to know about this feature.
My first thought is that maybe accounts with a verified link should get that link, with the green checkmark, added right below their name/username, in a smaller type, on each post?
@forteller it would have to somehow display which link was verified, though. i could change my username/display name to "elon musk" and keep my currently verified sites to get a tickmark, so people would need to have enough info to be able to check that the link makes sense.
truly motivated scammers could also register some other domain like mollywhite.lol and verify that, so there are always vectors to get around it, but at least they have to work for it.
@TTimo if you're just running the out-of-the-box software, you wouldn't be able to verify the links without having control over my domain.
i suppose someone could tweak the mastodon software to show falsified green links, though.
@molly0xfff At least the birdsite finally suspended mollyOxfff... Hopefully it stays that way?
It's going to take some time for people to realize usernames in a federated system aren't fully qualified and always need to be seen in a namespaced context. Local instance accounts not showing a full username adds extra confusion/risk. I wonder if there are things that can help with usability, such as allowing tagging of "I've verified this user by looking at their profile" to display specially?
@molly0xfff what if, now hear me out, we paid $8 a month to be verified?
/illshowmyselfout
Molly White
dr2chase
Joe Chott
Emil Sit
${jndi:blit32 💻
Claudius (legacy account)
Johannes 
Børge
TTimo
Erik Nygren 
Read Only
Frank Millheim 
Orc
barkflight
shrmanator
Pierre Gab