Follow

Link verification would work with Twitter profiles too since they have rel="me", but Twitter obfuscates links with t.co. I don't know how to deal with that, since resolving every href on the page to check for redirects doesn't seem viable.

· · Web · 7 · 1 · 7

@Gargron Would you have to put the mastodon as your website for this to work in the first case?

@Gargron Nice. I already had a rel=me link to mastodon in the header of my blog, so this was free!

@qubyte @Gargron what is the *effectual* difference between this and Twitter's blue checkmarks. This is basically just verified accounts for celebs and pundits right? I thought mastodon was explicitly anti brand? Doesn't the joinmastodon site say that users are decommodified? You'd better take that part out huh.
@moonman @Gargron @qubyte right. Of course.
I cant wait to have all of my identity verified green checkmark brands posting funny images.

@postmasterdoggo @moonman @qubyte Hey buddy do you think this warrants a reply or what do you expect to come from these posts?

@Gargron @qubyte @moonman I'm really curious as to how you plan on mitigating this being used a blue check mark, or at least trying to figure out if you are still against that whole brand thing.

I guess I'm trying to point out that being able to verify your identity invites brand building, cause if I can't impersonate dennys without the same level of legitimacy as they have naturally then where's the decommodification.

@postmasterdoggo @qubyte @moonman What's wrong with the blue check mark is that it gatekeeps useful features and that it's selectively provided.

Voluntary identity verification that does not involve real names or documents is fine, and more than that, it's extremely useful.

Nowhere on joinmastodon.org is there anything about "decommodification" or being "anti-brand", there's a section specifically aimed at businesses though :thinkhappy:

@Gargron @moonman @qubyte I was under the impression that said page had a section on users not being com modified which represented a goal of this project.

My mistake
@nerthos
> gnu social users still mad about blocklists

Yeah how dare admins block smuglo.li and voluntaryism.club and all the people that were like "nope nothings wrong here"

Lol remember when all you silly ol gnusocial users decided to start personally DMing dzuk and masto admins that sure wasnt harassment worthy of a block huh
@nerthos wow thats a lot spaghetti you'd have to pay me to read that trash.

@Gargron But the rel=me is in the HTML, not at the other end of the link, right? So you would only have to follow links that have that attribute, not every link on the page.

@KelsonV @kurisu Nothing stops someone from putting a lot of such links on a page to keep the Mastodon thread up as long as possible.

@Gargron @KelsonV set a low timeout for the whole job, like 15s

there's many ways to DoS a mastodon instance already

@kurisu @Gargron You could also maybe limit it to checking a certain number of rel=me links per page, or only checking redirects for a specific set of known redirector hosts (t.co, bit.ly, a handful of others), with a low recursion limit on how many redirects it will follow.

@Gargron the trick I use is to rewrite twitter urls to the user intent page, which has a proper rel=me and an hcard. Eg twitter.com/intent/user?screenname=kevinmarks

@KevinMarks @jalcine @Gargron Wow thanks all, I used the rel=me in the new settings and then went back and added a link to my Mastodon account to my website. jgregorymcverry.com/ I can now use my mastodon credentials to log into stuff across the web.

@Gargron overall this is great! Thank you!
It isn't showing verification ticks for other mastodon instances (the circled ones are from github.com/Zegnat/verify-me-lo ) - also the redirection link at the top should have a rel=me on it too (and maybe a rel=canonical, though that is more aguable)
Another subtle thought - you could remove the rel=nofollow if the link is verified…

@Gargron oh, if i delete them and re-add them it verifies them. That is a bit confusing.

@Gargron do you verify links in a profile mirrored from another instance ? Or do you trust that instance to verify them and put them in the api?

@Gargron what triggers a verify check on a profile mirrored from another instance? eg if you follow xoxo.zone/@kevinmarks on mastodon.social, when will it check the rel-me links in that profile?

@Gargron Would there be any way around it, so I can "verify" my twitter, too?

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!