Email or username:

Password:

Forgot your password?
Emma

do not trust hello.coop and their verified identities, or their verified.coop and press.coop instances

they use their "verification" service to make a false claim of association for accounts such as BBC and NPR at their press.coop instance, despite them not being at all official

they then use a fake checkmark badge and tag their Twitter mirroring accounts on press.coop with this verification to mislead people into thinking they're official

20 comments
Jerry Bell :verified_paw: :donor: :verified_dragon: :rebelverified:​

@siguza @winload_exe @ipg @Gargron it’s just another instance dedicated to reposting twitter accounts into the fediverse - they seem focused on news outlets. I don’t think they’re particularly problematic and I see that there are several thousand follows on Infosec.exchange of accounts there. I think we all would prefer the BBC to join here in person

Rairii

@jerry @siguza @winload_exe @ipg @Gargron it's still using social engineering tricks to make people believe the accounts are somehow official when they're not

Emma

@jerry @siguza @winload_exe @Gargron i think there is a clear difference between an innocent mirror and something that is intentionally misleading people into thinking it's associated or official (the "verified" link claims that the person behind the fedi account owns the twitter account, and the use of a verified checkmark - while they don't *mean* anything, it seems fairly sinister to imply something that isn't true)

Hughster

@ipg @jerry @siguza @winload_exe @Gargron Agreed—they should be blocked for the false claim of ownership alone. Why would they want to make such false claims just to get followers for a bunch of mirror accounts?

smitten
@ipg @jerry @siguza @winload_exe I'm a bit skeptical of the utility of those green checks because it's always a false sense of security to some degree. It just means that one particular server is claiming it's verified. This definitely highlights the flaw.
Simon Zerafa :donor: :verified:

@jerry @siguza @winload_exe @ipg @Gargron

Absolutely for all reputable news organisations and businesses. I would love to be able to completely ditch my Twitter account.

They also need to be encouraged to self-verify when they or any business / organisation has an account 🙂

Tokyo Outsider (337ppm)

@ipg @kushal I have a feeling this is the same people who tries something similar with "mediastodon" (now retired). Thought they'd learned their lesson. Disappointing.

foxmoss
@ipg i mean they're not official they're just copying all of the bbc's posts
A Very Nervous Gamedev

@ipg i had a feeling this would happen sooner or later

CauseOfBSOD :fediverse:

@ipg@wetdry.world well, if this is indeed true, those instances are asking to be defederated then

CauseOfBSOD :fediverse:

@ipg@wetdry.world well, if this is indeed true, those instances are asking to be defederated then

Pusher Of Pixels

@ipg this is why orgs need to self host here. It auto verifies them. Just like an email address is legit because it came from BBC.org or whatever

David Slifka

@ipg I think it’s reasonable to question the gold badge and such, but the project of bringing content to the fediverse seems helpful. How do you think those balance out?

Nora Reed

@ipg good to know, thanks for the heads up

jack
@ipg that might violate the dot coop agreements, you should talk to them. Coop’s aren’t supposed to make movement look bad it’s in rochdale principles as an inverse of a rule on inter cooperation.
Baka emmie

@ipg realized they exist 1-d days ago when I saw the NPR account on their, really don't know how to deal with this...

On one hand I agree with having some place that is willing to faithfully mirror those news outlets

On the other hand I agree the profile green checks are a bit too misleading. Even for someone familiar with the fediverse it takes quite a bit of effort to realize the profile green check is fabricated

Tired Bunny :bunhdcomfysleep:

@ipg “Do not trust .. verified identities”

Several other official sources check (such as websites and Linkedin profiles, for example) + common sense check (helps against hacked official accounts to some extent) is always better, and the best is instances like kernel.org’s one which is linked to organization’s official website domain

Go Up