Verification will very quickly become an issue on Fedi, I believe.
Even now, we have multiple “Linus Torvalds” accounts.
Some have thousands of followers and a few posts, but do we know if any of them are actually him? Including the newest one on .social…?
Obviously Linus should know how to paste a link into a website he owns for verification.
However, if normal users can’t do it, it’s not good enough. What happens when/if celebrities start signing up? They’re not gonna be linking to a website they own for verification.
#Fedi #Fediverse #Mastodon
@[email protected] I agree that current verification is beyond most users, but I don’t think it matters much for regular posters or lurkers.
What is your proposed solution?
Paid verification has issues both from money and personal information security management angle.
The same is true for “celebrity” verification, as it require storing personal information.The easier way to verify identity is to cross-check if they link back to existing accounts.
@[email protected] thats the wrong username you replied to.
Nonetheless, I’m not entirely sure about an alternative because I don’t know what’s possible. I’m not a programmer.
There might be a way to do it through other known profiles on other social media sites, but knowing those platforms, they’d block it.
Verification on Masto was solved long ago. Just post the adequate backlink on your site. it’s literally the easiest simplest form available, not too different than “post this verification code in your profile”.
You are right, other platforms (read: silos) would block or not even allow the system of putting a simple link or control code, but this is actually correct in that it demonstrates the point that this is not those people’s official, verifiable site, it’s the social media owner’s. And thus just as trustable.
@[email protected] I have no idea why Elk refuses to mention you properly. Might be a bug.
Relying on 3rd party platforms is far from ideal and like you mentioned unrealistic as it would require API access which would be easily blocked.
Realistically, I can only think of one idiot-proof verification system. Credit card, but that opens up instances to storing payment and identitity data or outsourcing it to a 3rd party service. Anything else would be user based and require at least some input from them.
@[email protected] the mention is a wrong username issue…it’s social.beaware.live for the domain not just BeAware.live
Just don’t trust anyone. Require multi platform sourcing/proofing for those that claim to be something important.
@[email protected] You saw that account, too?
In Linus’s case, he could put his Mastodon handle in the Linux kernel’s comments, or post it to the kernel mailing list. Of course, not everyone can do that.
Some people doing Reddit AMA’s have taken a photo of themselves holding a piece of paper with today’s date and the subreddit name. Perhaps that can be a low-tech verification solution.
Or, have someone post something on another social media site, “I’m on Mastodon at…” Again, not ideal, but doable.
@[email protected] I did see it. I followed another account on the kernal instance that I assumed was him but idk.🤷♂️
I watch introductions pretty closely and that one caught my eye immediately.
Hope nobody gets scammed.😬
Some have thousands of followers and a few posts, but do we know if any of them are actually him? Including the newest one on .social…?
Easy. Did you check the reference back-link on their profiles?
@[email protected] lol. You sure are talking like everyone has those. Let me check…nope.🤣
My approach is to treat it like an old school forum. That is, everyone is only verifiable as their username, not what their username says. If they are on an instance with a domain owned by a known org (ex. npr.org), there may be some greater assumption of officiality.
However, if normal users can’t do it, it’s not good enough. What happens when/if celebrities start signing up? They’re not gonna be linking to a website they own for verification.
This is the same principle. Without something tying to a state or other organization that can verify identity, there isn’t a good way of doing this. Further, I’d say that extant social media did a terrible job as it is. I feel it much better to not worry about verification and instead treat everything as a username - celebrities are just people anyway and there is little justification to treat them any differently on a platform level.
Is the Margot Robbie account really Academy Award-nominated character actor and producer Margot Robbie? It doesn’t matter in a manner that is material to the software that makes up the Fediverse. It’s a username for an account that has taken part in good discussions.
Is Stamets really a Star Trek character somehow dwelling in the real world like one of the episodes where a character escapes from the holodeck? I doubt it but there is no way of knowing for certain without verification by a trusted third-party. I do know that the account has been instrumental in me seeing more Star Trek shitposts.
@[email protected] the issue is, misinformation. If nobody can verify who is who. Then anyone can say anything and it wouldn’t mean anything.
Celebrities saying things on social media, frequently ends up in the news/tabloids. These things need to be verifiable.
That’s the tabloid’s problem then, and who believes shit in tabloids anyway?
“Pregnant Man Gives birth, that’s news, it’s in the Weekly World News”
Frankly I don’t give two shits whether it’s the person they claim to be…i don’t even look at usernames most of the time. I care even less about what some public figure, especially an actor, says.
If a figurehead decides to be active on any social media, I don’t pay attention to that garbage, because that’s what it is.
I absolutely agree that misinformation (and disinformation) is a problem. However, I do not think that it is something with a good software solution at this time. The traditional/corporate social media effectively implemented a non-solution to the problem and declared it solved. Not to mention, verification of identity is an issue that governments also struggle with, relying on substantial amounts of good faith.
There ARE means of tying a software identity to a verifiable and hard to counterfeit computing object. For example, a local cryptographic key pair or a hardware security module. However, without involvement of a trusted third-party, it is not currently possible to tie this computing object to a specific human being.
My thinking is that attempting to implement an identity verification component in the Fediverse, therefore, is likely a misallocation of effort that could be better spent fixing bugs, extending features, and improving stability and interoperability. There is a lot still to do in virtually every project that I’ve peeked at, whether it’s mod tools, IaC, or just plain code cleanup. I think that at this juncture, what is required is more on the social side of things, ensuring that people are aware that one cannot believe everything that they see on the Internet or the identity claims of those that they interact with, unless they undertake further verification themselves. This is what was done in pre-social media forums and BBS systems with a good degree of effectiveness.
Don’t get me wrong, I would be ecstatic to be proven incorrect but would much prefer that identity verification be shelved until such a time as crytographers are able to solve it with their dark mathematical arts than for any Fediverse project to waste time from people’s lives trying to implement a similar non-solution.