@Ronflaix the REAL @Gargron would never have disabled animated avatars

@jk yeah! @Gargron, give back to us our gloriously rotating animals!

@jk @Gargron @Ronflaix (hint: hover over the avatar)

@andlabs @Gargron @jk (hint : already knew but thanks)

@angristan @Gargron read here: https://ryanmaynard.co/mastodon-keybase

@Gargron you should add your mastodon contact information to the top of zeonfederated.com ! bump twitter a notch or two ;)

@Gargron I still think rel="me" (and maybe rel="notme") is a better answer than adding yet another thing to check as a key.

@Gargron what stops people from doing a copypasta on the thing you just published?

@ajroach42 The message says "I am Gargron@mastodon.social" 😂

@Gargron oh. Derp. I guess that make sense.

@memeity @ajroach42 You can't do that because you don't have my private key that I sign it with.

@memeity @Gargron right, but you couldn't encrypt that against his private key.

Anyone who is actually using keybase//pgp can now verify that this account is real and the imposter accounts are not.

(The problem is that a minority of people actually use cryptography.)

@Gargron BEGIN FOOBAR ALLYPOURBASE SIGNED MESSAGE -2-@+8℅£=`¥×NSNZJJnskkzo+#+#++2=£=£=$=¢ END AWESOME MESSAGE this is linked to my example.com domain through the amazing technology of interwebs between youporn.com and bit.ly in the presence of jupiter. Can't be called a toot without it!

@deadsuperhero @Gargron no. because if you do something like copy that into a file and then do something like `keybase verify < file` it's linked to his keybase, but also has a message that includes username @ instance

@Gargron @deadsuperhero someone _could_ just copy/paste that but it wouldn't do them any good

@Gargron @deadsuperhero you can verify it using keybase.. https://ryanmaynard.co/mastodon-keybase

@donnerdrummel @Gargron Sorry, I don't think this is entirely clear. Maybe I'm missing something.

I get that only one person can generate an authentic signature; an imitator cannot easily generate their own. That said, can't the text in the top-level post here be copied and pasted into an entirely new status by an imitator, and still essentially be a valid signature that checks out? It's not like accounts are tethered to Keybase accounts.

@deadsuperhero @donnerdrummel The signed text names my account

@Gargron @donnerdrummel Got it, that seems pretty practical.

@bob @donnerdrummel @Gargron There are pros and cons in deciding whether to store those credentials on the server somewhere, or shift the dependencies to a third party.