So an idea that has been floating around for some time is that you can verify that a link a person puts in their profile belongs to them, by checking if the linked site links back to the profile (with a special attribute that signifies intention), and that it can be used to, indirectly, verify that a profile is "real"
Okay I didn't mention what the "special attribute" was because I didn't want to alienate the non-dev audience, but I'm getting a lot of suggestions for complicated things, so yeah, I meant microformats rel="me", it's the simplest thing, why would you even bother with TXT records or public keys
@dotUser @Gargron login/account/identity schemes frequently conflate identity, security, privacy and authority. they are very much not the same concerns and persisting in 2018 to use rocks to try and drive in screws looks ridiculous. a random number (which is all a pubkey is when you’re not using it to do work) doesn’t prove anything that a rel=“me” link doesn’t.
@zensaiyuki @dotUser While I am for rel=me based verification, public key based verification is not just putting your public key somewhere. You generate a signature of the link with your private key you never upload anywhere, and put that on that link, and clients confirm this signature matches up with your public key. No one else can replicate that.
@Gargron @dotUser that actually proves less than the rel=“me” scheme- it proves you have a particular private key, which is useful given a number of complicated prerequisites most people won’t bother with. rel=“me” proves you have access to modify that website.
of course, your private key can be stolen and your website can be hacked, or modified by someone who works in your website for you.
@Gargron @dotUser so is the actual goal to prevent someone from impersonating a celebrity, journalist or politician? or just any joe shmo. the real question is how much proof of identity is sufficient for the actual goal at hand. in the case of the twitter verified mark- the point of contention is that public remarks by public figures, if taken as genuine, have potentially serious consequences.
@gargron I think highlighting links on the profile page that link back with rel=me would definitely be valuable. Note sure it translates in to something you can decorate their username with elsewhere in the UI though.
The original server operated by the Mastodon gGmbH non-profit