i think organizations can run their own labellers (and maybe a third party service that helps them with it), which basically labels their employees' account however they want
An issue I've just experienced is: after switching to the recommended verification technique of using a domain name, someone grabbed my original username and started using it to post scam crypto DMs. Feels like that's something that could be easily addressed.
I would like an alias system where my custom domain would be the primary handle and the bsky. social handle would be the fallback. This would remove the need for a placeholder account and establish a fallback if any issues with the custom domain.
If aliases becomes a thing (useful to prevent people taking https://blah.bsky.social after you've migrated to a domain anyway) then perhaps they can be used somehow.
I'll be honest, I'm considerably more in favor of "verification labelers" than verification being a core concept in the platform or protocol. The former folds nicely into the existing ux and ethos, the latter is just trying to give us Twitter again.
I recognize that people are this stupid, but I can put the ☑️ emoji or whatever in my display name and fool just as many people as would be by a knock-off NYT account
I mean you could theoretically make your own handle like "newyorktimes.com" or "|NYTimes|.com," and unless you memorized what the domain handle is you wouldn't know.
For strong trademarks like NYT that isn't really a problem; they already protect themselves using the ACPA, and they have to go after cybersquatters regardless, because they don't want people to go to a website that isn't theirs.
Yea but there always will be names that slip through the cracks always it's nearly impossible to get every single one, and most people can't do that, or don't want to spend all that time trying to get those domains.
I found it really funny in a “verified politicians” pack it didn’t include @fetterman.senate.gov . As if someone is spoofing a https://senate.gov domain
It’s entirely likely the person who made the Starter Pack didn’t know he joined Bluesky. Some of the third-party account directories aren’t the best for locating every account with a specific TLD.
and it's grandma's getting scammed, so this is a safety issue not a lofty first principles design discussion. public sites have to prioritize their whole publics safety
A little too close to Xitter for me. Follower farming for engagement with a huge amount of followers doesn’t interest me anymore. Most just post and don’t even bother to reply to their commenters. Not all but too many.
im getting ideas... (creating a silly meme labeler that the whole site erupts in usage to fulfill the desire to be judged and categorized like kiki-bouba before switching all the badges to say "✔️Verified")
i suppose it just works kind of like a labeler? but looking at that account i feel like whoever this is will steal ur account or smth idk, it's not passing the sniff test even setting aside how ridiculous and redundant it is
Ikr, I thought that's what the whole point of the domain handle was for. and if you where a writer at nytimes you would have a handle like https://SomeGuy.writers.nytimes.com
Unless you have someone physically standing beside every user, batting their hand away from the computer whenever they almost fall for a scam or impersonation, someone will always miss even the most obvious of verification markers.
Idk, it's cool to have. I'm not American. I don't read NY Times daily. I just know it exists, I read something from feed sometimes, but I Don't know its domain for sure. And it's just easier for me to see a checkmark to know that it's the real NY Times, not some fake acocunt with similar domain.
only valid reasoning, but even then we are having to trust a centralized authority to decide these things. i would say make the username a clickable link but that might produce even funnier results
Comments
The hard part is verifying accounts for journalists that, for example, work at the NY Times.
i.e. showing a verified affiliation with NY Times for a journalist using a handle like @alice.bsky.social or @alice.com
And many journalists would still prefer their handle to show up as their person non work one I believe.
So these work domain affiliation handles would probably not be used on profiles in some way.
The hacky solution is to quickly register another account with your old handle but it’s not great.
Not perfect, but an easy mitigation.
also helpful for the cases where people will make spoof addresses like nytlmes or something
It seems to me that you need to boost trust for important/trusted orgs AND do a good job fighting against impersonators.
And Bluesky search is okay, but could be better.
Retyping it and trying to visually detect the domain name is a attack vector
Could imagine some group of people could like it
(Not sure if it is really possible with the protocol)
https://bsky.app/profile/mary.my.id/post/3lc5nnamx4k4b
i suppose it just works kind of like a labeler? but looking at that account i feel like whoever this is will steal ur account or smth idk, it's not passing the sniff test even setting aside how ridiculous and redundant it is
Why would anyone need a blue checkmark when they can use a domain like @steampowered.com does
i mean, centralised trust gonna centralised but wtf
It feels like a losing game.
Visually detecting the domain and maybe retyping it isn’t secure.
atproto is a scam 🤬
bsky devs are clearly trying to recreate twitter
cuz this makes no damn sense if they're *not* trying to be twitter 2.0
(Kinda the reason why phishing still works)
...so they need something that shows it clearly.
A "this account is probably not real" (reported x times) would do the same trick though.