Dan GillmorNov 20, 2023

The self-verification system built into Mastodon should be one of its greatest selling points. This is especially true for journalists and everyone else for whom evidence of identity has huge value in the social media realm.

But anecdotally -- and I would wager for real -- most people in the craft, even a lot of technically adept folks, don't seem to know how easy self-verification can be here.

If you are trying to persuade a journalist you know to join up, please highlight this feature.

Show threadRobert Thau
@dangillmor The problem is that it's actually verification by some other website, and people who need to rely on verification don't know whether that other website is the kind of impostor you've probably seen in high-quality phishing attempts. I could register imreallytaylorswift.com right now (as I write, it is available), and verify my account with that; that doesn't make me really Taylor Swift.
Nov 20, 2023 at 10:53pmElk
Show threadMartin Vermeer FCDNov 20, 2023
@rst @dangillmor This is true in principle, but the example you give is a bit contrived. Using, as I do, my web site under a university domain ought to be 100% safe if the IT security folks at that university know their métier (as they do, it is Aalto University).
Show threadFinchHaven sfbaNov 20, 2023

@rst

Where does the "imposter" issue come from when it's initiated by the specific Mastodon user themselves, and employs either a web site over which they have direct html-write authority or is a third-party web site on which the Mastodon user is previously known and verified?

Not seeing the problem - for those who understand the process

cc @dangillmor

Show threadFemme MalheureuseNov 20, 2023

@rst @dangillmor It should NOT be a problem for media entities because their website/IT personnel should handle adding the code to the business's site.

Take either NYT or WaPo journalists — if their personal Mastodon accounts are verified on NYTimes.com or WashingtonPost.com, it is only because authorized personnel with access to those sites' code have added the verification coding.

If anything, the verification process should encourage media outlets to run their own instances.

EDIT: typo

Show threadSteve BarnesNov 21, 2023
I agree that's the situation. But since domain names are affordable and purpose-fit to represent identity and build trust around that representation, I think the actual problem is the awareness and willingness of people of wider public interest not to have availed themselves of this. When that's solved, Mastodon will already have been ready for some time.