Post ASu19PVyo2gTGodm8e by wogan@mastodon.africa
(DIR) More posts by wogan@mastodon.africa
(DIR) Post #ASsDwER1bG6iEJRuts by wogan@mastodon.africa
2023-02-20T14:32:10Z
0 likes, 0 repeats
I'm wondering about verification/impersonation on mastodon.africa.On the one hand, I don't want to go whole-hog RICA-style verification (I don't want to hold on to that PII, thanks), but on the other hand, I don't want scammers setting up and impersonating public figures and brands on here.Related, I've been debating reaching out to local publications and organizations about setting up accounts here.Interested if anyone here has thoughts on that! #MastodonAfrica
(DIR) Post #ASsEKZ0cl0buzPhdke by wogan@mastodon.africa
2023-02-20T14:36:33Z
0 likes, 0 repeats
My rough thoughts right now are:1. Anything goes until you set up an account that looks/feels like an identifiable human or a brand.2. Reactive verification - if we receive and confirm reports that you're not who you say you are, you've gotta change your handle/avatar or delete the account.3. Anti-squatting policy - if you park a handle but don't use it in 30/60/90 days it's disabled and then purged to release it.
(DIR) Post #ASsEXT0cNPx493qvoG by uastronomer@mastodon.monoceros.co.za
2023-02-20T14:38:52Z
0 likes, 0 repeats
@wogan Are you worried about legal concerns? Or just want to avoid celebrity impersonators?While your instance is still small enough, the easiest thing to do might be simply asking them to send you some publicity photos and then have a quick video chat to confirm that they match. But if you need something more robust then I dunno.
(DIR) Post #ASsEg40ignjTDj02T2 by wogan@mastodon.africa
2023-02-20T14:40:28Z
0 likes, 0 repeats
@uastronomer I'm thinking ahead to the sort of instance I want this to be.In an ideal world, we start getting real-world brands and organizations on here, as an alternative to Twitter. There are already folks setting up elsewhere on the fediverse, but they'll run into the "Sorry, this is not South Africa" when the first legal processes kick off.So I'm trying to prepare for that, by making sure this is a place that people who actually post content, would want to use.
(DIR) Post #ASsF44428sWiKtzhDc by jeffZA@hachyderm.io
2023-02-20T14:44:46Z
0 likes, 0 repeats
@wogan It is surely a #Mastodon-wide issue? I saw an Elon M impersonation here yesterday (with photo).Most organizations advertise (on TV, print, electronic) their presence on FB, IG, Tw with links but I have yet to see 'Follow me on #Mastodon'. Is this what you are getting at?
(DIR) Post #ASsFEgNcXVAO4CDd6O by wogan@mastodon.africa
2023-02-20T14:46:41Z
0 likes, 0 repeats
@jeffZA Fediverse-wide there is zero solution to impersonation π But mastodon.africa runs under the banner of a Pty Ltd that has more options than just "well shucks" when it comes to stuff like this.And yes, most organizations advertise their social links, but that didn't just come out of nowhere. Sales teams pushed hard to drive that adoption. I definitely think it's plausible to expect a "Follow us on Mastodon" link at some point.
(DIR) Post #ASsFboDxXbUp3UjA8G by jeffZA@hachyderm.io
2023-02-20T14:50:51Z
0 likes, 0 repeats
@wogan You hit it on the head. There is a commercial incentive to 'push hard' which is lacking in this federated, never to be owned model.
(DIR) Post #ASsGa4AxMWxZu43W8e by wogan@mastodon.africa
2023-02-20T15:01:47Z
0 likes, 0 repeats
@jeffZA I guess that's somewhat true, but it doesn't need to be universally so - just because the fediverse is free and open doesn't mean it has to be shitty, awash with spammers and scammers.At least not as far as specific, well-maintained instances are concerned. I'd wager that the things people wanted on Twitter, are still the same things they want here (entertaining content, realtime news, mirror engagement, etc), and I'm debating whether or not to cater for that.
(DIR) Post #ASsIkoWm58DGSuVtyK by kaasbaas@social.oevents.co.za
2023-02-20T15:26:06Z
0 likes, 0 repeats
@wogan One suggestion/comment re point 3 - maybe consider NOT purging.And then add a comment on the server desc/rules to contact the admin should they want to use a disabled account.Otherwise, the squatters will just come back... bots are cheap to build.And motivated persons are...motivated π€·
(DIR) Post #ASsaAqfwPvC5sPnjuq by simonzerafa@infosec.exchange
2023-02-20T18:41:17Z
0 likes, 0 repeats
@wogan Generally all Mastdon users need to verify their account. This would apply to brands even more.Give brands a grace period and then perhaps verification needs to be mandatory and enforced? π€π€·ββοΈAny verified brand will then be able to spot scammers and fakes easily and report them.
(DIR) Post #AStxf1TzIDXQBaWkQS by hnygd@mastodon.africa
2023-02-21T10:39:11Z
0 likes, 0 repeats
@wogan Why don't you start out with the #verification process already built into #mastodon?I verified @honeyguide and this account via our corporate website and any large institution can do the same. Built on top of that, one could request from mastodon.africa that the account is highlighted as being "verified" (beyond the at the moment somewhat hidden information) if that is possible?
(DIR) Post #AStxlPn9pCAVJiXeHg by wogan@mastodon.africa
2023-02-21T10:40:21Z
0 likes, 0 repeats
@hnygd I've seen some instances of Mastodon (probably running on a non-standard fork) that can show "Official" badges everywhere. I might look into something like that.The verification built into Mastodon itself will definitely work for known/reputable organizations though!The bigger question is whether that's something the instance should pursue: Should I start reaching out to these folks to see if I can get them on board in an official capacity?
(DIR) Post #AStyiiJsaAYdri7ge0 by hnygd@mastodon.africa
2023-02-21T10:51:03Z
0 likes, 0 repeats
@wogan Yes, I definitely like the idea that #PoliticalParty|s, #media, #journalists, companies, #government institutions etc set up accounts on mastodon.africa. I am missing the kind of engagement that would be possible if they were here (and I like what e.g. the social.bund.de instance offers to German government entities).Maybe @carteblanchetv or @LeYayJay might want to chime in?
(DIR) Post #ASu0TJi7zlaL6gFciO by wogan@mastodon.africa
2023-02-21T11:10:42Z
0 likes, 0 repeats
@hnygd That's the sort of thing I'm thinking - given the choice, I'd rather this instance evolve into the "gold standard" for responsible public engagement, vs just another "has-ran" instance that ends up swarmed with spammers and scammers.Would be interested to hear if the admins of @carteblanchetv and @LeYayJay have any thoughts on this!
(DIR) Post #ASu0XZbWqTAdYfC556 by wogan@mastodon.africa
2023-02-21T11:11:29Z
0 likes, 0 repeats
@hnygd @carteblanchetv @LeYayJay With specific focus on the fact that mastodon.africa, being domiciled and operated out of SA, will have more/better routes to deal with things like spam, harassment, infringement, impersonation etc vs large international instances that aren't focused on the South African market.
(DIR) Post #ASu0bFNE0LCbyKFsRM by uastronomer@mastodon.monoceros.co.za
2023-02-21T11:12:07Z
0 likes, 0 repeats
@wogan @hnygd I still think the best way to manage this is through small, dedicated instances. Most entities needing verification, especially commercial ones, already have established identities through their websites, email domains, etc. If they have their own instance, on their existing domain name, and restrict account creation then there's no need for verification because authenticity is already guaranteed.Now obviously not everybody is gonna want this - pretty common to want to outsource, or to prefer to use an established service - but it seems the most seamless to me.
(DIR) Post #ASu0k2koIEtjRITuMq by wogan@mastodon.africa
2023-02-21T11:13:43Z
0 likes, 0 repeats
@uastronomer @hnygd Not everyone wants to run a social media company though - the FT tried exactly this, for exactly those reasons, and bailed because of the time overhead.Technologically speaking, yes, it's "easy" to just spin up an instance under your domain, on a server you already have.Does the org have the manpower to monitor, deal with spam/harassment, deal with flags and escalations, deal with DDOS attacks and downtime?In my experience: Not so much! Most orgs do minimal in-house IT.
(DIR) Post #ASu0vhLHj94eVV6ESW by wogan@mastodon.africa
2023-02-21T11:15:50Z
0 likes, 0 repeats
@uastronomer @hnygd https://thoughtleader.co.za/ is a great example of this. They've been around since before 2007, are built/operated by a team inside M&G, and it basically hangs on by a thread. As of today, the site seems effectively dead, but even during its' heyday, it was a challenge to allocate resources from M&G proper to look after it.Mastodon will be even harder, since it's unmoderated UGC from potentially tens of thousands of users.
(DIR) Post #ASu19PVyo2gTGodm8e by wogan@mastodon.africa
2023-02-21T11:18:18Z
0 likes, 0 repeats
@uastronomer @hnygd So the business case is actually kinda bad:"Can we have budget to run a software stack we don't really understand, to create a channel for our content that hardly anyone will use, increase our IT/reputation attack surface area with no escalation paths, no vendor support from Mastodon GmbH, where the best case scenario is we generate a trickle of traffic to our site, worst-case we get hacked/defaced and end up in a big scandal?"Guessing the answer will be a flat "no"
(DIR) Post #ASu1EyzgK6R4kqBrpg by uastronomer@mastodon.monoceros.co.za
2023-02-21T11:19:18Z
0 likes, 0 repeats
@wogan @hnygd All fair points, but I've noticed a perception that "Running your own instance" automatically includes all those problems when I don't think it has to.A closed commercial interest might only have 3 or 4 accounts - one that makes customer announcements, one that accept complaints/feedback, that sort of thing. There's no spam, no moderation, no responsibility for 3rd party actions because it's all in-house. And if it's outsourced to a hosting provider, then the tech problems aren't a thing either. It's no longer spinning up an instance and maintaining it, it's buying a service.