Post APbIlMLLI8fgr1JTZw by darius@friend.camp
(DIR) More posts by darius@friend.camp
(DIR) Post #APbIlKwqTjTwWkqOky by darius@friend.camp
2022-11-14T16:43:25Z
1 likes, 0 repeats
Just woke up and learned about #fedified. I literally work at my day job on technology to aid verification of sources and let me tell you: it seems like a pretty big hack of a project that misses the point. Basically you have to trust the humans who run that site. What we actually need is buy-in from organizations to provide rel=me linkbacks to their various representatives. And for unaffiliated people who want verification, you add it to your website. That's it. We already have it on Mastodon
(DIR) Post #APbIlLUWSWQ8DCbIFU by john@sauropods.win
2022-11-14T16:59:47Z
0 likes, 0 repeats
@darius Getting verified should be: my account is hosted at the domain that gives me legitimacy.
(DIR) Post #APbIlLe5sw4ogt4wAS by darius@friend.camp
2022-11-14T16:45:30Z
0 likes, 0 repeats
I saw the creator of #fedified say "well you can just buy any old domain name and pretend to be whatever org you want" and like... Uh you can check that against a Google search easily. There's no way to know that I can trust whoever is running #fedified or to verify THEIR claims
(DIR) Post #APbIlMLLI8fgr1JTZw by darius@friend.camp
2022-11-14T16:48:31Z
0 likes, 0 repeats
Funny thing: I was going to set up some meetings at work this morning to talk with, you know, actual experts on content and identity verification to see if we can come up with some tools to AID rather than SUPPLANT the already rather good and decentralized system we have. (For example, your employer might literally just be unwilling to add a rel=me for you for baroque IT reasons. So how do we make that easier for them? Etc)Anyway I'm still gonna do this
(DIR) Post #APbIouvRAkGQyftPNo by john@sauropods.win
2022-11-14T17:00:03Z
0 likes, 0 repeats
@darius Getting verified should be: my account is hosted at the domain that gives me legitimacy.
(DIR) Post #APbIx5JMRS3bVOyevI by darius@friend.camp
2022-11-14T17:01:53Z
0 likes, 0 repeats
@john almost correct - it is possible that 1) you wish you verify you are employed somewhere 2) you don't want your social media hosted by your employerRel=me links are a good way to account for this
(DIR) Post #APbN1wTL8G2RM9DUUS by john@sauropods.win
2022-11-14T17:47:34Z
0 likes, 0 repeats
@darius True, I was being a bit flippant. Both should happen.
(DIR) Post #APbNjTtYk5i5T3F2Zc by darius@friend.camp
2022-11-14T17:55:27Z
0 likes, 0 repeats
@john agreed! I'm really happy to see that there are already some orgs (like @DAIR ) that are hosting their own social media presence here!
(DIR) Post #APbPMdjUCUMhE4lYe0 by libc@snack.social
2022-11-14T17:08:26.756241Z
1 likes, 0 repeats
@darius to me the whole verification thing is only needed because there's a single namespace - if say, @tim_cook@apple.com is a thing, who needs verification if it's on apple's domain?
(DIR) Post #APbbfjHL0HoNNXT8K0 by mcc@mastodon.social
2022-11-14T16:51:28Z
0 likes, 0 repeats
@darius So personally I tend to look at my project websites as something my *social media profiles point to*, rather than something that *drives traffic to my social media profile*. I have *never* linked my social media from my professional websites, because my websites are my professional face and my social media are where I talk about dicks and tits and such. I include my project websites on my resume and I don't want an employer seeing my (personal) social media.
(DIR) Post #APbbfjtchwR7IHNhzs by darius@friend.camp
2022-11-14T16:52:54Z
0 likes, 0 repeats
@mcc fwiw the rel=me just has to be somewhere in the DOM. I have it set to display:none on several sites
(DIR) Post #APbbfkKv4SGqew9VXk by clarity@xoxo.zone
2022-11-14T16:54:59Z
0 likes, 0 repeats
@darius @mcc you can also put it in <head> as a <link> instead of an <a>
(DIR) Post #APbbfkp3GQNEAOFZVg by mcc@mastodon.social
2022-11-14T17:04:23Z
0 likes, 0 repeats
@clarity @darius Be that as it may I do believe that people look at "page source" sometimes, and that does add to the size of my front page html (currently minimal in size).
(DIR) Post #APbbfkqp9pn8Ft4zGy by mcc@mastodon.social
2022-11-14T16:54:26Z
0 likes, 0 repeats
@darius Now that I run a company, my company website links the social media of *the company itself*, but not my personal website, since if I want someone to buy my product I don't necessarily want to confuse them by making them aware of eg my personal politics. I definitely would not link *other* employees since people looking for support contacts might get confused and go after EG an artist to talk about a bug in the game.
(DIR) Post #APbbflIpTiC1ekBLvM by mcc@mastodon.social
2022-11-14T17:04:38Z
0 likes, 0 repeats
@clarity @darius I'm not saying that I think this external-organization thing is a good idea EITHER, but the rel=me feature in its current form is something I simply would not use. My ideal form of that feature would be if there were some robots.txt alternative (identity.txt?) for the rel=mes, and if there were an option to use nonreversible keys (IE a hash that verifies a particular social media account is mine, but doesn't by itself allow you to read identity.txt and know my social media URLs)
(DIR) Post #APbbflmFiJjF7zwqmm by mcc@mastodon.social
2022-11-14T17:06:22Z
0 likes, 0 repeats
@clarity @darius Oh, one other hilarious hole in the rel=me approach: It's entirely unusable for verifiably linking a Mastodon/Fediverse account *to another Mastodon/Fediverse account*. If I want to put "Main project: @mermaidindustries" in my profile, that can't be a verified link because I don't control the html of https://mastodon.social/@MermaidIndustries .
(DIR) Post #APbbfmH5reOmfeNTrE by jleedev@mastodon.social
2022-11-14T17:57:10Z
0 likes, 0 repeats
@mcc @clarity @darius Mastodon adds rel=me to links in the [Profile metadata] section, if you write them as a URL instead of in the @-form.
(DIR) Post #APbbfn1B6JGIyZwHgm by mcc@mastodon.social
2022-11-14T18:00:43Z
0 likes, 0 repeats
@jleedev @clarity @darius That's very interesting, and makes sense. It seems to me if I were designing the feature, I would make it work for @s in addition to links, and maybe have a forcible off switch somewhere (For example imagine someone put "Wife: @username4334" in the metadata box. That's not exactly a rel=me. Then again, it might be an appropriate place for a verified checkmark, effectively treating the symmetric links as verification she's really your wife?)
(DIR) Post #APbbfnX5BgmaZWrlQ0 by darius@friend.camp
2022-11-14T18:03:22Z
1 likes, 0 repeats
@mcc @jleedev @clarity @s rel=wife☠️ DANGER: SEMANTIC WEB APPROACHING ☠️
(DIR) Post #APbbfptUPLtVtbMgca by mcc@mastodon.social
2022-11-14T17:07:58Z
0 likes, 0 repeats
@clarity @darius I should probably admit at this point I'm ambivalent on whether I believe having my social media profiles verified would be to my benefit at all -- I see little upside and some potential downside -- so even if all these problems were fixed I'm not sure I'd participate. But even if I were interested, the current feature seems to ask a lot of me.
(DIR) Post #APbqsRDKydOGQh7Ehc by smadin@better.boston
2022-11-14T16:45:28Z
1 likes, 0 repeats
@darius I'd honestly describe fedified as an actual attack, in the infosec sense, on the integrity of the decentralized self-verification system
(DIR) Post #APcAvsYrksvHCJ6Uwy by msh@coales.co
2022-11-14T17:31:35Z
0 likes, 1 repeats
@darius In addition to the concept being a hack the admin of #fedified seems to lack appreciation for data privacy law, especially in the EU. The "ask forgiveness after instead of permission before" attitude to privacy and consent I have seen so far raises red flags for me. I also dislike the use of CloudFlare services in hosting this directory of information.I would suggest to recent Twitter migrants to avoid participation in fedifed in any capacity. There are better ways to find and verify people than this...thing.