@darius y u p

@darius yeah felt very much like “let me appoint myself as s central authority for a technology that I don’t understand”.

@darius There is literally no way of proving who I am without this. Not multiple years of post and interaction history, not my single-user instance with my name in the username and domain name, nothing.

@darius Totally agree. I participated in that list when it first launched because I thought it was just going to be a list people checked when trying to find people they followed on twitter. I have no interest in them turning that into being an "authority" based on rel=me links to their own list.

@darius So personally I tend to look at my project websites as something my *social media profiles point to*, rather than something that *drives traffic to my social media profile*. I have *never* linked my social media from my professional websites, because my websites are my professional face and my social media are where I talk about dicks and tits and such. I include my project websites on my resume and I don't want an employer seeing my (personal) social media.

@darius Getting verified should be: my account is hosted at the domain that gives me legitimacy.

@darius to me the whole verification thing is only needed because there's a single namespace - if say, @tim_cook@apple.com is a thing, who needs verification if it's on apple's domain?

@darius My understanding (from the person who created it) is that it is only meant as a temporary thing, to help people who were following journalists on the birdsite know that they were following the same journalist here on Mastodon. But you're right; it's a human-powered project which must be very time-consuming, and since we can verify ourselves in other ways, I wonder how many people actually do use it.

@darius another thing that works: Big organizations that might _need_ verification, like parties, should simply run their own server from their own domain. I know if an account is on social.bund.de that it is a legitimate german government account

@darius In addition to the concept being a hack the admin of #fedified seems to lack appreciation for data privacy law, especially in the EU. The "ask forgiveness after instead of permission before" attitude to privacy and consent I have seen so far raises red flags for me. I also dislike the use of CloudFlare services in hosting this directory of information.

I would suggest to recent Twitter migrants to avoid participation in fedifed in any capacity. There are better ways to find and verify people than this...thing.

@darius And for the "buying an old domain" thing: If you really need "deeper" validation, get an Extended Validation SSL certificate. At 20 bucks per month it pays at the third blue tick. And it shows available technology chains nicely.

If it's verification for financial transactions, probably best use a trusted independent third party that uses a formal KYC process. If its for confidential communications PGP is best. If you want to know if you are reading a post written by the Real Jesus instead of lyin' Saran that sounds like a real challenge. I mean i guess jesus could only have a link on heaven.com and satan on heathen.com

Well I think many instances of identify verification can be handled, such as 1) government officials 2) news organizations 3) corporate/business. They set up their own federated system on their own domain. Presumably they have the same control in place for email accounts.

And there's the Forbes problem, they let anyone post an article on the forbes domain, they the articles show up in "news" on google news, for example. They don't go through an editorial process. My favorite example is someone wrote a long article about NASA getting into crypto currency and even had NASA logos and stuff. But it was actually supposed to be the NSA, it was some random blogger person in a different country or something wrote the article and it showed up on google news as a forbes article. So one has to look at the byline and see if it says "Forbes Staff Writer" or something like that, if it's legit, otherwise it's a bunch of boo-boo probably.

@darius It would be good if there were other methods than rel=me for sites where you don't have access to the HTML, especially other social media sites. Perhaps something like a plain link to your Mastodon profile with ?rel=me appended could have the same effect?

@darius Anyone can just link their profile in their twitter profile anyways

@darius Actually, it is not really a hack, but a darn great idea. You go where you feel safe and wanted - your instance. Then you can reach out in the #Fediverse to follow who you do trust. You can easily block users or entire instances should it be necessary. You get used to it.

@darius I thought about a democratic vouching system but I’m not skilled enough to write it. (Each voucher could also be vouched for within the system)

@darius 100% agreed

I asked #SquareSpace support to add an easy way to insert rel=me on their hosted sites (they support custom headers if you have premium service, but not the regular service). If lots of folks make similar requests, support should come. It's a trivial feature to add.

of course, lots of web hosting services already have the hooks