Frostbeard So what's the plan with handling impersonators? Usernames are only unique per server, right? I've already seen people pretending to be, for example, Twitter.
Si Dawson ✅@Frostbeard <sigh> I'd be curious about this too. Getting the same name on every instance seems... quite ridiculous.
Simeon✨@sidawson @Frostbeard IMO that's the wrong way to solve the problem.
How do you know if an email is being impersonated? Or a website?
Best course is to look for correlation. If I buy a copy of the NYT, it has the same stories as their webstie, their Twitter links to articles on the site, their site links to Twitter, the paper mentions both the site and Twitter ... well, that's all pretty good evidence that the other mediums are real.
Same thing here.
@Frostbeard @sidawson If you have a website that other people know, link your Mastodon account, have your Mastodon account link to the site.
If you want to follow a Interesting Person but none of their social media accounts mention their @[email protected] account, it's probably not the real deal.
My concern is more like what about people grabbing something like @[email protected] or @[email protected] and make an effort to have their branding look like the legit @[email protected]. Lots of potential for abuse and destruction there.
@Frostbeard @sidawson Sure, but what if I snag ny-times.com or nvtimes.com?
At least with Mastodon you have the option of heading back to their instance and checking their follower/following/toot count.
Decentralization has benefits, but one of the obvious drawbacks is you don't have a central authority to say "yep, this is the real New York Times." Of course it's not (and doesn't have to be) for everyone.
@sidawson @Frostbeard A couple years ago my answer would be "users need to learn and become savvy." That's the line I've been following so far. But to be honest it's a very real and surprisingly tricky problem.
People get phished, scammed, tricked, and duped every day. Real people of all skill and intelligence levels. Closed ecosystems have a real advantage here. I don't know that we (software people) have a good, human answer to this.
Andrew Roach ✅@Frostbeard There is no plan, at the moment. Identity validation is not a mastodon specific problem.
plsburydoughboy (I/het/him)@Frostbeard not vs the rules, but the plan is we kinkshame them
Sam Clark ⁉️@Frostbeard you would set up a verified organization toot server...So if you are an actor you could get a screen actors guild id?
@samrocksc Yeah, that could make some sense. It might still have the risk of people creating an instance that looks like the legit one but isn't though.
@Frostbeard I think that's an internet in general issue...I think as you see different Mastodon mods there will be a more collective effort on this. I am already working on modding the mailer to use an API for mail instead of SMTP. The good thing about open source.... We all get to be in on the fix!