 The self-verification system built into Mastodon should be one of its greatest selling points. This is especially true for journalists and everyone else for whom evidence of identity has huge value in the social media realm. But anecdotally -- and I would wager for real -- most people in the craft, even a lot of technically adept folks, don't seem to know how easy self-verification can be here. If you are trying to persuade a journalist you know to join up, please highlight this feature. 7 comments
 @rst @dangillmor This is true in principle, but the example you give is a bit contrived. Using, as I do, my web site under a university domain ought to be 100% safe if the IT security folks at that university know their métier (as they do, it is Aalto University). Where does the "imposter" issue come from when it's initiated by the specific Mastodon user themselves, and employs either a web site over which they have direct html-write authority or is a third-party web site on which the Mastodon user is previously known and verified? Not seeing the problem - for those who understand the process cc @dangillmor @rst @dangillmor It should NOT be a problem for media entities because their website/IT personnel should handle adding the code to the business's site. Take either NYT or WaPo journalists — if their personnel Mastodon accounts are verified on NYTimes.com or WashingtonPost.com, it is only because authorized personnel with access to those sites' code have added the verification coding. If anything, the verification process should encourage media outlets to run their own instances.  @dangillmor One problem I think is that many reporters don’t have their own site or blog, just their publication (e.g. Philadelphia Inquirer or Newsweek, etc) And those *publications* themselves aren’t doing the (simple) work of adding that verification code to the writer bio pages (although I’m sure it’s simple to add a Twitter profile link)  @dangillmor I stand by my still untested theory that if we can just identify or create an activity, mission or tool here that they are compelled to participate in or with, and which they cannot get over there, a migration might be much more organic and less contentious than it is now. I have one such an activity in mind, but I think there must be many more to be thought of out there.  @dangillmor on top of that news orgs could run their own instances... Just like they do for emails. Verification will be implicit when you can trust the domain. |
Gregory's Server
@dangillmor The problem is that it's actually verification by some other website, and people who need to rely on verification don't know whether that other website is the kind of impostor you've probably seen in high-quality phishing attempts. I could register imreallytaylorswift.com right now (as I write, it is available), and verify my account with that; that doesn't make me really Taylor Swift.