Anyone who is surprised that BlueSky is going down the same path as Twitter (X, not withstanding) belongs on BlueSky.
Angry, disappointed users react to Bluesky's upcoming blue check mark verification system
Submitted 2 months ago by cyrano@lemmy.dbzer0.com to technology@lemmy.world
Comments
aeronmelon@lemmy.world 2 months ago
njordomir@lemmy.world 2 months ago
I think a few more people “get it” every time the cycle repeats, but also, a sucker is born every minute.
primemagnus@lemmy.ca 2 months ago
If it ends Elon, I’m gonna allow it. If Twitter fails, his stock in Tesla will have to back it. If that tanks… he’ll have to work his way out of bankruptcy. Just squeeze….
thatKamGuy@sh.itjust.works 2 months ago
He’s already sold Twitter/X to xAI; he’s got his arse covered when the bottom eventually falls out.
stardust@lemmy.ca 2 months ago
Yeah for the masses they will likely always flock to commercialized easy to use social media that reaches critical mass the fastest, so them being willing to move and keep moving is best we can hope for. For rest of us stuff like fediverse will be there to use.
moakley@lemmy.world 2 months ago
Would it be so bad if it follows the same path as Twitter? If it connects people and organizations in an honest and helpful way for fifteen years?
Or we could all just keep shitting on it while it facilitates social and political movements and enables rapid communication across the planet. Then more than a decade from now when some Ultra-Nazi trillionaire buys it, we can all say “I told you so,” and be real smug about it.
emb@lemmy.world 2 months ago
I do not see anything to be angry or disappointed about?
Verification badge was good, the dumb thing Twitter did was throw it away by letting anyone pay for it.
drmoose@lemmy.world 2 months ago
Nah it was not good. Domain names already do that and are accessible to all at all times. Bluesky is literally regressing.
pupbiru@aussie.zone 2 months ago
domain names do that for people with well known domain names, and verification processes do that for people without
emb@lemmy.world 2 months ago
Far from perfect, but I think it’s good to have a layer that very visibly shows ‘yes, this is the account you want’.
Domains are a worthwhile addition, but they run into almost the same problem as usernames and handles. Can be made misleading easily - sure, I could often go to the web address and verify it (if they don’t put up a convincing fake site), but that’s much lower visibilty.
Eg, you can probably register nintendo@nintendoamerico and get it by some folks just as easily as registering the Twitter handle. There’s a payment step to get the domain, but that’s about it.
The centralization problem you mention is a good point though. It was a fine system, if you felt like you could trust Twitter as a verifier. Today obviously, one could not. But Bsky seems to at least theoretically have a ‘choose your verification provider’ idea in mind, which would (again theoretically) resolve a lot of that issue.
merdaverse@lemmy.world 2 months ago
“Everyone should be able to setup their own domain and mess with DNS records to get a verified account”
Do you realize how utterly disconnected from reality this sounds?? Technical people that have absolutely not clue on how make good UX for end users is how we got Mastodon in the first place, and why its adoption is abysmal.
Saleh@feddit.org 2 months ago
If the same authority is doing verification that is also doing moderation and both ultimately in a for profit setting, that has conflict of interest.
We dont know how reliable bluesky moderation will stay. We dont know how they will respond to political pressure. We dont know how they will monetize past the growth phase and then could also argue a “service fee” for verification.
In a perfect world none of these would happen, but then everybody could still be on twitter and be fine there.
Arcka@midwest.social 2 months ago
They have already censored entire accounts at the request of governments.
merdaverse@lemmy.world 2 months ago
This is just a web of trust model, aka a decentralized model of verification. This thread is mostly people that haven’t read the details that want to confirm that “Bluesky has been enshittified”.
Arcka@midwest.social 2 months ago
Decentralized isn’t the right word to use for a system like this.
Even though BS is going to appoint multiple different volunteer moderators (aka “Trusted Verifiers”) for this system, ultimate authority and control are entirely centralized with BS.
Mars2k21@sh.itjust.works 2 months ago
idk man I haven’t seen anyone complaining about it on Bluesky
This is a net positive, nice to have a social media where verification checks are…actually used for verifying the person behind an account
cyrano@lemmy.dbzer0.com 2 months ago
But isn’t the domain already doing that?
nekusoul@lemmy.nekusoul.de 2 months ago
The problem with domains is that regular people would need to know what a domain is and what verified ownership says about the account in question.
Even then, reading domains is quite difficult, even for people who know about the topic: Humans are Bad at URLs and Fonts Don’t Matter
spongebue@lemmy.world 2 months ago
If they are, and there isn’t anything to display it, how are were to know what’s been vetted and what’s slipped through the cracks? Especially on a new account?
thekerker@lemmy.world 2 months ago
I saw some small talk about it, and it really just boiled down to domain verification is great for more tech savvy folks, but trying to get larger accounts (think politicians, celebrities, etc) is a lot harder. Having a visual check, using tools within the app or site, is a lot easier.
And personally I like the idea of verification checks as long as it remains a simple means to do just that: verify the owner of the account. Morons like Musk and his ilk always thought it was a clout thing, and for a small minority that was probably the case, but by and large before he ruined it, it was great.
BackwardsUntoDawn@lemm.ee 2 months ago
I feel like domain usernames are still inherently susceptible to phishing, you can get a typo or similar character to try and trick someone that your username is an official one
Natanael@infosec.pub 2 months ago
Domains only help you verify organizations and individuals you recognize directly.
This verification system also allows 3rd parties (it’s NOT just bluesky themselves!) to issue attestations that s given account belongs to who they say they are, which would help people like independent journalists, etc.
airportline@lemm.ee 2 months ago
Most of the complaints I’ve seen were about Bluesky’s lack of a formal verification system.
They could never figure out how the current system of checking the username.
setsneedtofeed@lemmy.world 2 months ago
Based on how verification was revoked for some users on Twitter based on their content rather than question of their identity, I’m cautious about this system turning into the status symbol it became on Twitter rather than the verification it claimed to be.
Tattorack@lemmy.world 2 months ago
So long as the checkmark isn’t bought through some subscription service, I’m fine with this.
The whole reason why verification exists is because other will steal the name of someone famous and masquerade as them, with real world consequences. A verification system now means that certain platforms and people will get more attracted to be there, and thus Bluesky will grow.
setsneedtofeed@lemmy.world 2 months ago
Unfortunately, the forecast isn’t good for the integrity of what should be a simple system. Under Dorsey, the Twitter blue checkmark had already become a tool for showing content approval by Twitter. In various instances users had their status removed based on their content and not on a question of if they were who they claimed to be.
GoMati@lemmy.world 2 months ago
It’s not.
Not yet 😏
Duamerthrax@lemmy.world 2 months ago
My default is to just assume that they aren’t the same person unless corroborated by that person.
southsamurai@sh.itjust.works 2 months ago
The fuck did anyone expect?
Pirata@lemm.ee 2 months ago
This was always bait to keep people using corporate social media instead of decentralizing. I am not sorry for the users one bit.
reddig33@lemmy.world 2 months ago
I don’t see anything controversial in the article. Did I miss something? Just looks like a way to make sure the public figures and companies you are communicating with are who they say they are.
Zak@lemmy.world 2 months ago
I think the existing domain-based verification system is a better way of doing that. Something like Mastodon’s verified links might be a nice addition. This more centralized system is… not what I hoped for.
reddig33@lemmy.world 2 months ago
I didn’t sound like a centralized system from the article. More like they want a third party like Verisign or something.
Something will have to be done as these platforms become more popular to cut down on fraud and disinformation. You don’t want people impersonating other people or organizations, or companies. Even if Bluesky starts federating to other platforms, just knowing that they have a blue sky blue check would be an improvement if you could display that check on other clients like mastodon posts.
ICANN has already made a mess of domain names so I don’t know if relying on the domain is enough. People are using non-Roman characters to trick people into thinking a website domain is the real thing. Others are buying up all these random domains so you get things like medicare.net and medicare.org and medicare.com etc etc.
I dunno what the answer is. Just rambling out loud in frustration.
merdaverse@lemmy.world 2 months ago
What are you talking about? This is a web of trust model, literally a decentralized model. Not everyone on social media needs to have technical skills to verify via DNS records, verified links etc. If you want a community that gatekeeps for for computer engineers only, you already have Mastodon.
cyrano@lemmy.dbzer0.com 2 months ago
Verification wise there is already domain. But ultimately, it is too soon for the twitter exodus to get the blue check. All in all, this type of outrage is doomed to repeat with that type of central entity.
MangoPenguin@lemmy.blahaj.zone 2 months ago
It already has domain verification which is better IMO.
Wimster@lemmy.wtf 2 months ago
Bluesky is the new X. After canceling the accounts of Turkish protesters this is the next step for the big money behind Bluesky. That’s why I deleted my account a few days ago.
DoomProphet@lemmy.dbzer0.com 2 months ago
Same. Deleted my account when they started to censor the Turkish protestors. Not that I used the account really but still.
SouthEndSunset@lemm.ee 2 months ago
Exactly, Bluesky has been shitty for a while for lots of reasons. I’m not understanding why this is the line in the sand.
zarkanian@sh.itjust.works 2 months ago
What’s the story with the Turkish protesters?
yigruzeltil@lemm.ee 2 months ago
Bluesky has basically bowed to the Turkish regime: turkishminute.com/…/bluesky-restrict-access-72-ac…
rpl6475@lemmy.ml 2 months ago
Then come over to Mastodon…
ComradeRachel@lemmy.blahaj.zone 2 months ago
Tbh I’ve seen more people asking for this than the people complaining.
Rocketpoweredgorilla@lemmy.ca 2 months ago
There’s been a lot of impersonated accounts popping up lately, so it doesn’t surprise me they’ve opted to do something like this.
TommySoda@lemmy.world 2 months ago
Oh yeah, they are literally everywhere. And a lot of them are impersonating people that haven’t switched from Twitter yet to take advantage of it specifically.
MangoPenguin@lemmy.blahaj.zone 2 months ago
Bluesky already has domain based verification which solves that perfectly, I guess people just don’t want to use it.
MangoPenguin@lemmy.blahaj.zone 2 months ago
How come they don’t use the already built in domain verification? It’s basically fool proof to certify that an account is owned by a specific entity.
ComradeRachel@lemmy.blahaj.zone 2 months ago
It’s what Twitter had and most people on blueksy just want Twitter before Elon. It sucks but that is really what the majority of people even want. They don’t care about the decentralized stuff.
RagingRobot@lemmy.world 2 months ago
I think having both is nice
UnderpantsWeevil@lemmy.world 2 months ago
I can’t believe the guy who originally administered the creation of Twitter would do all the exact same things that originally made him billions of dollars selling the company to Elon Musk.
There’s no way he’s just speed-running what he did last time in hopes of another $44B buyout.
joel_feila@lemmy.world 2 months ago
Something like this unavoidable.
Example, ted cruz the car mechanic in marfa Texas has just has much right to use blusky as
professional shit bagsenator ted cruz. But hiw do tell the real one from the racid sack of weasels.emeralddawn45@discuss.tchncs.de 2 months ago
People use usernames like they always have, and rely on reputation to distinguish themselves from the fakes? Senator ted ceuz makes an account called ‘senatortedcruz’ or if thats taken ‘therealsenatortedcruz’, and the mechanic makes one called ‘tedcruzcars’ or whatever. I dont see how your example is even relevant, because under a checkmark verification system both the mechanic ted cruz, and the senator ted cruz would be valid and deserving of a check mark, so there has to be some other way of distinguishing them anyway.
joel_feila@lemmy.world 2 months ago
Its whay the original lawsuit that created checkmarks was about.
sugar_in_your_tea@sh.itjust.works 2 months ago
It’s easy: cryptographic signatures. If you want to prove your identify, post a public key on something that you need to prove identity for (personal website or something) and sign your posts with the same key. That way everyone can tell the that the same key listed on the website is used for SM posts. Clients can check this automatically and flag anything on your “official” account that’s signed with a different key.
This is much better than a checkmark system, because accounts get hacked and whatnot. It’s really easy to check a cryptographic signature, and it’s really hard to fake. If the website gets hacked, the signature won’t match previous posts.
The main concern here is losing the key. If someone steals your key, generate a new one, and sign it with the old key and the new one. Boom, now everyone can tell you control both keys, while the attacker only controls the old one.
FourWaveforms@lemm.ee 2 months ago
That’s only easy for nerds, and it doesn’t help if the private key is on a device that gets compromised.
joel_feila@lemmy.world 2 months ago
But how would a user see that this poat was made with the right crypto key. Maybe some check mark on the Post or some sign.
TheEighthDoctor@lemmy.zip 2 months ago
No one disliked the check mark before “Genghis Kunt” started selling it
brucethemoose@lemmy.world 2 months ago
It was selectively given to institutions and “major” celebrities before that.
Selling them dilutes any meaning of “verified” because any joe can just pay for extra engagement. It’s a perverse incentive, as the people most interest in grabbing attention buy it and get amplified.
It really has little to do with Musk.
blazeknave@lemmy.world 2 months ago
To quote my well known journalist friend after switching from twitter “what’s that? Oh, that open source stuff? Hahaha nah bruh, mastodon is silly”
SwingingTheLamp@midwest.social 2 months ago
Reminds me of a meeting my co-worker and I had with the IT staff of a company that is a customer using research instruments in our facility. The meeting was to ask us to enable data synchronization through SharePoint. (We’re a Linux shop.) We asked what the issue was with getting their data files with SFTP. They said, “It’s open source.”
Then, a few beats of silence as it sinks in for us that there is no next step in the chain of logic. That is the totality of their objection.
Dsklnsadog@lemmy.dbzer0.com 2 months ago
Decentralized, yeah sure!
MyOpinion@lemm.ee 2 months ago
This shitshow sounds familiar.
_cryptagion@lemmy.dbzer0.com 2 months ago
I’m shocked. Shocked, I tell you.
jaemo@sh.itjust.works 2 months ago
ARE WE LEARNING HOW “SOCIAL MEDIA” WORKS YET HUMANITY?
Seriously. How many more fucking times do we need to go around this goddamn merry go round until we just start calling each other on the phone and meeting face to face again. You know, where the only enshittification is the one you bring with you. It’s fucking boring me now, how many of these stupid ass things I didn’t join because I’ve already, apparently, gotten the memo and how, inevitably, something like this happens, and everyone acts surprised and disappointed , as though inevitability was a concept they felt they’d been given a sabbatical from or something.
This. Shit. Ain’t. Free. There is an inherent cost, an “effort” required to communicate with others. You pay it with money, time or privacy. The overwhelming choice lately has been “privacy”, but it’s obviously something that not everyone is comfortable with, because we didn’t have the term “enshittification” before we started this flavor of our collective idiocy.
sugar_in_your_tea@sh.itjust.works 2 months ago
The checkmark is the wrong approach. You should never trust accounts, because accounts get hacked. We should instead use cryptographic signatures on individual posts, and clients can warn when that signature doesn’t match the account’s public key, or if that key changed recently. The private key would never live on the server, and ideally live outside the app.
This doesn’t verify identity, it just proves the key didn’t change. To establish identity, the person needs to use the same key in multiple places, such as posting it on a personal website or something. If a service wants to add their own stamp of approval, they can sign these public keys and embed them into the apl for clients to use (e.g. show a blue checkmark if Bluesky can verify the public key outside its system).
If the private key is compromised, repeat the process, potentially signing the new key with both the old and new key to prove control of both (or start from scratch if needed). Repeat whenever they get hacked.
sunglocto@lemmy.dbzer0.com 2 months ago
Preaching to the choir
But anyway anyone who thinks bluesky is actually decentralised will learn sooner rather than later that that’s not the case
ImmersiveMatthew@sh.itjust.works 2 months ago
Bluesky is like a mini example of why Communism does not work. Centralization is a drug.
Eyekaytee@aussie.zone 2 months ago
How does bluesky make money?
cyrano@lemmy.dbzer0.com 2 months ago
Embrace the fediverse
vodkasolution@feddit.it 2 months ago
you don’t kill a cow for a scratch on her leg (I hope the saying is understandable for everybody since it doesn’t come from English).
I’m on mastodon and bluesky: the first is even less populated than here and a big part of the interesting content comes from bot reposting popular accounts from x or reddit, while the second is far from being THE solution but it’s nowadays a -not wildly populated- compromise. I don’t condone (while I understand) the Turkish bans and I’m not interested in a verification system: if I’d like one, I’d use https://en.wikipedia.org/wiki/EIDAS.
I hope bluesky will correct its approach for what they can (the “good old” twitterin the golden era was banned in Turkey)Supervisor194@lemmy.world 2 months ago
I’ve seen this movie before.
lovewhenshe@lemmy.world 2 months ago
Yous are hyping it a basic verification system which can’t be bought and is handed out for the sake of showing credibility is a good thing
mr2meows@pawb.social 2 months ago
this is unnecessary with custom domains
h3mlocke@lemm.ee 2 months ago
You eeediots!
einkorn@feddit.org 2 months ago
Were only one instance exist or did I miss something?
InfiniteHench@lemmy.world 2 months ago
As I understand it, the protocol has the ability to decentralize built in. But the technical requirements are prohibitively high to the point only large businesses or corps could afford to do it, and I believe (someone correct me) the company hasn’t switched on the functionality yet.
Drunemeton@lemmy.world 2 months ago
Last heard (a few months ago) the cost is in storage. The protocol isn’t too complicated now, but it generates a shit ton of data, and IIRC you need a minimum of 3 copies.
noodlejetski@lemm.ee 2 months ago
my mom has always told me that I had the potential to work at NASA. but the requirements are prohibitively high
unexposedhazard@discuss.tchncs.de 2 months ago
The biggest thing is that you need to be manually authorized by them for federation. They will only ever federate with servers that arent serious enough competition to lead to democratization of the overall network.
Natanael@infosec.pub 2 months ago
Maybe you remember PDS federation not being open for a while, but it’s open now.
Running a public appview can be very expensive, but they’re working on making it cheaper to run one with a limited scope.
MangoPenguin@lemmy.blahaj.zone 2 months ago
Nope, it’s 100% centralized.
lone_faerie@lemmy.blahaj.zone 2 months ago
It’s 100% centralized, but with the ability to be decentralized. Sorta like Threads before they started federating
victorz@lemmy.world 2 months ago
This is a little bit more black and white compared with the other responses. 🙈
Pirata@lemm.ee 2 months ago
I think their initial selling point was that Eventually©®™ Bluesky would federate with the rest of the Fediverse.
Is anybody really surprised that a social media corporation didn’t make it their utmost priority to allow their userbase to connect out of their proprietary platform?
Natanael@infosec.pub 2 months ago
They never said they’d do so natively with other protocols - but they support Bridgy, so you already can do that.
massi1008@lemmy.world 2 months ago
You can easily host your own instance with a simple docker stack.
I dont know of any public instances except the main but I also havent searched.
BackwardsUntoDawn@lemm.ee 2 months ago
you can host your own PDS, but everyone is still using the same appview
fmstrat@lemmy.nowsci.com 2 months ago
I dont see this in the article.