Simple Social Network

{"p":"","h":{"iv":"ROXSYW+cfvEbFHu5","at":"ocxplSQjdRC3tXEtB/9/wg=="}}

Darius Kazemi

2y ·
Public

·
friend.camp

I wrote up a blog post in an "intelligence brief" style for Meedan (where I work) talking about the current situation around verification of journalists and trusted institutions on federated social media.

https://meedan.com/post/users-are-moving-to-the-decentralized-web-after-musks-twitter-takeover-heres-what-that-means-for-verification

(Please read the whole thing before replying to me here, thanks. I will try to respond to replies but might not have time because this week is shaping up to be my busiest in a long time.)

Darius Kazemi

One thing I'll preemptively put here is that often people say "Isn't the solution for a newspaper to run, say, social.nytimes.com and the journalists have accounts on there?"

That works for some subset of verification but consider:

- freelance journalists who need an *affiliation* verified but are not employees
- what happens when your employer owns your entire social media presence (you'd want to separate identities similar to how you in theory don't use work email for personal stuff)

Local Dad, Ben Hamill

@darius @wilkie I am unclear if you intended to leave things open-ended or not. It seems like you’re implying a world where, say, my local paper has a staff profile page for each journalist, which that journalist can use to fulfill the link verification interface. This way the paper wouldn’t have to have a their own fedi instance on their own domain and a journalist might be able to keep their same account on whatever instance if they move jobs to a different paper. Does that seem right?

opendna⚙️

@darius Publishers should allow their contributors to add rel="me" links to their profiles, or at least to the metadata of their profiles.

In the spirit of PoC Or GTFO, a proof of concept: https://github.com/mckinnon/simple-mastodon-verification/blob/main/README.md

Arturo

@darius Good piece 👌🏽 These are exciting challenges. I think something more or less like Backchannel (https://www.inkandswitch.com/backchannel/) might work in theory although, of course, it doesn’t seem like it has been tested at scale yet.

Don Melton

@darius This is a great overview of the issues. Thanks for writing this up! 👍

CMDR Yojimbosan UTC+(12|13)

@darius Who validates the rel=me status?
It seems to be the server hosting the account, which is hardly independent :-) and means I have to validate the server the account is on as well as the account itself - that works well for some places, but not so well for others ...

It might be my own instance server doing the validation when it constructs the Profile page for me to see, which is a little better ...

But I can't see any reason that the browser shouldn't be doing the validation checking instead ... ?

Obviously we still have to agree on what standard we'll trust, and oh so many things seem to be falling back to "well, the DNS says ..." which is really not designed to make these types of statements (DNS rebinding attacks notwithstanding).

Dylan Masson (he/him)

@darius I'll be reading this in a few, but I had to chime in after your name popped up. It's been forever since the Turbine days/daze.