Anyone who is surprised that BlueSky is going down the same path as Twitter (X, not withstanding) belongs on BlueSky.
Angry, disappointed users react to Bluesky's upcoming blue check mark verification system
Submitted 4 weeks ago by cyrano@lemmy.dbzer0.com to technology@lemmy.world
Comments
aeronmelon@lemmy.world 4 weeks ago
njordomir@lemmy.world 4 weeks ago
I think a few more people “get it” every time the cycle repeats, but also, a sucker is born every minute.
primemagnus@lemmy.ca 4 weeks ago
If it ends Elon, I’m gonna allow it. If Twitter fails, his stock in Tesla will have to back it. If that tanks… he’ll have to work his way out of bankruptcy. Just squeeze….
thatKamGuy@sh.itjust.works 4 weeks ago
He’s already sold Twitter/X to xAI; he’s got his arse covered when the bottom eventually falls out.
stardust@lemmy.ca 4 weeks ago
Yeah for the masses they will likely always flock to commercialized easy to use social media that reaches critical mass the fastest, so them being willing to move and keep moving is best we can hope for. For rest of us stuff like fediverse will be there to use.
moakley@lemmy.world 4 weeks ago
Would it be so bad if it follows the same path as Twitter? If it connects people and organizations in an honest and helpful way for fifteen years?
Or we could all just keep shitting on it while it facilitates social and political movements and enables rapid communication across the planet. Then more than a decade from now when some Ultra-Nazi trillionaire buys it, we can all say “I told you so,” and be real smug about it.
emb@lemmy.world 4 weeks ago
I do not see anything to be angry or disappointed about?
Verification badge was good, the dumb thing Twitter did was throw it away by letting anyone pay for it.
drmoose@lemmy.world 4 weeks ago
Nah it was not good. Domain names already do that and are accessible to all at all times. Bluesky is literally regressing.
pupbiru@aussie.zone 4 weeks ago
domain names do that for people with well known domain names, and verification processes do that for people without
emb@lemmy.world 4 weeks ago
Far from perfect, but I think it’s good to have a layer that very visibly shows ‘yes, this is the account you want’.
Domains are a worthwhile addition, but they run into almost the same problem as usernames and handles. Can be made misleading easily - sure, I could often go to the web address and verify it (if they don’t put up a convincing fake site), but that’s much lower visibilty.
Eg, you can probably register nintendo@nintendoamerico and get it by some folks just as easily as registering the Twitter handle. There’s a payment step to get the domain, but that’s about it.
The centralization problem you mention is a good point though. It was a fine system, if you felt like you could trust Twitter as a verifier. Today obviously, one could not. But Bsky seems to at least theoretically have a ‘choose your verification provider’ idea in mind, which would (again theoretically) resolve a lot of that issue.
merdaverse@lemmy.world 3 weeks ago
“Everyone should be able to setup their own domain and mess with DNS records to get a verified account”
Do you realize how utterly disconnected from reality this sounds?? Technical people that have absolutely not clue on how make good UX for end users is how we got Mastodon in the first place, and why its adoption is abysmal.
Saleh@feddit.org 3 weeks ago
If the same authority is doing verification that is also doing moderation and both ultimately in a for profit setting, that has conflict of interest.
We dont know how reliable bluesky moderation will stay. We dont know how they will respond to political pressure. We dont know how they will monetize past the growth phase and then could also argue a “service fee” for verification.
In a perfect world none of these would happen, but then everybody could still be on twitter and be fine there.
Arcka@midwest.social 3 weeks ago
They have already censored entire accounts at the request of governments.
merdaverse@lemmy.world 3 weeks ago
This is just a web of trust model, aka a decentralized model of verification. This thread is mostly people that haven’t read the details that want to confirm that “Bluesky has been enshittified”.
Arcka@midwest.social 3 weeks ago
Decentralized isn’t the right word to use for a system like this.
Even though BS is going to appoint multiple different volunteer moderators (aka “Trusted Verifiers”) for this system, ultimate authority and control are entirely centralized with BS.
Mars2k21@sh.itjust.works 4 weeks ago
idk man I haven’t seen anyone complaining about it on Bluesky
This is a net positive, nice to have a social media where verification checks are…actually used for verifying the person behind an account
cyrano@lemmy.dbzer0.com 4 weeks ago
But isn’t the domain already doing that?
nekusoul@lemmy.nekusoul.de 4 weeks ago
The problem with domains is that regular people would need to know what a domain is and what verified ownership says about the account in question.
Even then, reading domains is quite difficult, even for people who know about the topic: Humans are Bad at URLs and Fonts Don’t Matter
spongebue@lemmy.world 4 weeks ago
If they are, and there isn’t anything to display it, how are were to know what’s been vetted and what’s slipped through the cracks? Especially on a new account?
thekerker@lemmy.world 4 weeks ago
I saw some small talk about it, and it really just boiled down to domain verification is great for more tech savvy folks, but trying to get larger accounts (think politicians, celebrities, etc) is a lot harder. Having a visual check, using tools within the app or site, is a lot easier.
And personally I like the idea of verification checks as long as it remains a simple means to do just that: verify the owner of the account. Morons like Musk and his ilk always thought it was a clout thing, and for a small minority that was probably the case, but by and large before he ruined it, it was great.
BackwardsUntoDawn@lemm.ee 4 weeks ago
I feel like domain usernames are still inherently susceptible to phishing, you can get a typo or similar character to try and trick someone that your username is an official one
Natanael@infosec.pub 3 weeks ago
Domains only help you verify organizations and individuals you recognize directly.
This verification system also allows 3rd parties (it’s NOT just bluesky themselves!) to issue attestations that s given account belongs to who they say they are, which would help people like independent journalists, etc.
airportline@lemm.ee 4 weeks ago
Most of the complaints I’ve seen were about Bluesky’s lack of a formal verification system.
They could never figure out how the current system of checking the username.
setsneedtofeed@lemmy.world 3 weeks ago
Based on how verification was revoked for some users on Twitter based on their content rather than question of their identity, I’m cautious about this system turning into the status symbol it became on Twitter rather than the verification it claimed to be.
Tattorack@lemmy.world 4 weeks ago
So long as the checkmark isn’t bought through some subscription service, I’m fine with this.
The whole reason why verification exists is because other will steal the name of someone famous and masquerade as them, with real world consequences. A verification system now means that certain platforms and people will get more attracted to be there, and thus Bluesky will grow.
setsneedtofeed@lemmy.world 3 weeks ago
Unfortunately, the forecast isn’t good for the integrity of what should be a simple system. Under Dorsey, the Twitter blue checkmark had already become a tool for showing content approval by Twitter. In various instances users had their status removed based on their content and not on a question of if they were who they claimed to be.
GoMati@lemmy.world 3 weeks ago
It’s not.
Not yet 😏
Duamerthrax@lemmy.world 3 weeks ago
My default is to just assume that they aren’t the same person unless corroborated by that person.
southsamurai@sh.itjust.works 4 weeks ago
The fuck did anyone expect?
Pirata@lemm.ee 4 weeks ago
This was always bait to keep people using corporate social media instead of decentralizing. I am not sorry for the users one bit.
Wimster@lemmy.wtf 3 weeks ago
Bluesky is the new X. After canceling the accounts of Turkish protesters this is the next step for the big money behind Bluesky. That’s why I deleted my account a few days ago.
DoomProphet@lemmy.dbzer0.com 3 weeks ago
Same. Deleted my account when they started to censor the Turkish protestors. Not that I used the account really but still.
SouthEndSunset@lemm.ee 3 weeks ago
Exactly, Bluesky has been shitty for a while for lots of reasons. I’m not understanding why this is the line in the sand.
zarkanian@sh.itjust.works 3 weeks ago
What’s the story with the Turkish protesters?
yigruzeltil@lemm.ee 3 weeks ago
Bluesky has basically bowed to the Turkish regime: turkishminute.com/…/bluesky-restrict-access-72-ac…
reddig33@lemmy.world 4 weeks ago
I don’t see anything controversial in the article. Did I miss something? Just looks like a way to make sure the public figures and companies you are communicating with are who they say they are.
Zak@lemmy.world 4 weeks ago
I think the existing domain-based verification system is a better way of doing that. Something like Mastodon’s verified links might be a nice addition. This more centralized system is… not what I hoped for.
reddig33@lemmy.world 4 weeks ago
I didn’t sound like a centralized system from the article. More like they want a third party like Verisign or something.
Something will have to be done as these platforms become more popular to cut down on fraud and disinformation. You don’t want people impersonating other people or organizations, or companies. Even if Bluesky starts federating to other platforms, just knowing that they have a blue sky blue check would be an improvement if you could display that check on other clients like mastodon posts.
ICANN has already made a mess of domain names so I don’t know if relying on the domain is enough. People are using non-Roman characters to trick people into thinking a website domain is the real thing. Others are buying up all these random domains so you get things like medicare.net and medicare.org and medicare.com etc etc.
I dunno what the answer is. Just rambling out loud in frustration.
merdaverse@lemmy.world 3 weeks ago
What are you talking about? This is a web of trust model, literally a decentralized model. Not everyone on social media needs to have technical skills to verify via DNS records, verified links etc. If you want a community that gatekeeps for for computer engineers only, you already have Mastodon.
cyrano@lemmy.dbzer0.com 4 weeks ago
Verification wise there is already domain. But ultimately, it is too soon for the twitter exodus to get the blue check. All in all, this type of outrage is doomed to repeat with that type of central entity.
MangoPenguin@lemmy.blahaj.zone 4 weeks ago
It already has domain verification which is better IMO.
rpl6475@lemmy.ml 3 weeks ago
Then come over to Mastodon…
UnderpantsWeevil@lemmy.world 3 weeks ago
I can’t believe the guy who originally administered the creation of Twitter would do all the exact same things that originally made him billions of dollars selling the company to Elon Musk.
There’s no way he’s just speed-running what he did last time in hopes of another $44B buyout.
ComradeRachel@lemmy.blahaj.zone 4 weeks ago
Tbh I’ve seen more people asking for this than the people complaining.
Rocketpoweredgorilla@lemmy.ca 4 weeks ago
There’s been a lot of impersonated accounts popping up lately, so it doesn’t surprise me they’ve opted to do something like this.
TommySoda@lemmy.world 4 weeks ago
Oh yeah, they are literally everywhere. And a lot of them are impersonating people that haven’t switched from Twitter yet to take advantage of it specifically.
MangoPenguin@lemmy.blahaj.zone 4 weeks ago
Bluesky already has domain based verification which solves that perfectly, I guess people just don’t want to use it.
MangoPenguin@lemmy.blahaj.zone 4 weeks ago
How come they don’t use the already built in domain verification? It’s basically fool proof to certify that an account is owned by a specific entity.
ComradeRachel@lemmy.blahaj.zone 4 weeks ago
It’s what Twitter had and most people on blueksy just want Twitter before Elon. It sucks but that is really what the majority of people even want. They don’t care about the decentralized stuff.
RagingRobot@lemmy.world 4 weeks ago
I think having both is nice
joel_feila@lemmy.world 3 weeks ago
Something like this unavoidable.
Example, ted cruz the car mechanic in marfa Texas has just has much right to use blusky as
professional shit bagsenator ted cruz. But hiw do tell the real one from the racid sack of weasels.emeralddawn45@discuss.tchncs.de 3 weeks ago
People use usernames like they always have, and rely on reputation to distinguish themselves from the fakes? Senator ted ceuz makes an account called ‘senatortedcruz’ or if thats taken ‘therealsenatortedcruz’, and the mechanic makes one called ‘tedcruzcars’ or whatever. I dont see how your example is even relevant, because under a checkmark verification system both the mechanic ted cruz, and the senator ted cruz would be valid and deserving of a check mark, so there has to be some other way of distinguishing them anyway.
joel_feila@lemmy.world 3 weeks ago
Its whay the original lawsuit that created checkmarks was about.
sugar_in_your_tea@sh.itjust.works 3 weeks ago
It’s easy: cryptographic signatures. If you want to prove your identify, post a public key on something that you need to prove identity for (personal website or something) and sign your posts with the same key. That way everyone can tell the that the same key listed on the website is used for SM posts. Clients can check this automatically and flag anything on your “official” account that’s signed with a different key.
This is much better than a checkmark system, because accounts get hacked and whatnot. It’s really easy to check a cryptographic signature, and it’s really hard to fake. If the website gets hacked, the signature won’t match previous posts.
The main concern here is losing the key. If someone steals your key, generate a new one, and sign it with the old key and the new one. Boom, now everyone can tell you control both keys, while the attacker only controls the old one.
FourWaveforms@lemm.ee 3 weeks ago
That’s only easy for nerds, and it doesn’t help if the private key is on a device that gets compromised.
joel_feila@lemmy.world 3 weeks ago
But how would a user see that this poat was made with the right crypto key. Maybe some check mark on the Post or some sign.
umbrella@lemmy.ml 3 weeks ago
mastodon exists
TheEighthDoctor@lemmy.zip 3 weeks ago
No one disliked the check mark before “Genghis Kunt” started selling it
brucethemoose@lemmy.world 3 weeks ago
It was selectively given to institutions and “major” celebrities before that.
Selling them dilutes any meaning of “verified” because any joe can just pay for extra engagement. It’s a perverse incentive, as the people most interest in grabbing attention buy it and get amplified.
It really has little to do with Musk.
blazeknave@lemmy.world 4 weeks ago
To quote my well known journalist friend after switching from twitter “what’s that? Oh, that open source stuff? Hahaha nah bruh, mastodon is silly”
SwingingTheLamp@midwest.social 3 weeks ago
Reminds me of a meeting my co-worker and I had with the IT staff of a company that is a customer using research instruments in our facility. The meeting was to ask us to enable data synchronization through SharePoint. (We’re a Linux shop.) We asked what the issue was with getting their data files with SFTP. They said, “It’s open source.”
Then, a few beats of silence as it sinks in for us that there is no next step in the chain of logic. That is the totality of their objection.
Dsklnsadog@lemmy.dbzer0.com 4 weeks ago
Decentralized, yeah sure!
MyOpinion@lemm.ee 4 weeks ago
This shitshow sounds familiar.
_cryptagion@lemmy.dbzer0.com 4 weeks ago
I’m shocked. Shocked, I tell you.
jaemo@sh.itjust.works 3 weeks ago
ARE WE LEARNING HOW “SOCIAL MEDIA” WORKS YET HUMANITY?
Seriously. How many more fucking times do we need to go around this goddamn merry go round until we just start calling each other on the phone and meeting face to face again. You know, where the only enshittification is the one you bring with you. It’s fucking boring me now, how many of these stupid ass things I didn’t join because I’ve already, apparently, gotten the memo and how, inevitably, something like this happens, and everyone acts surprised and disappointed , as though inevitability was a concept they felt they’d been given a sabbatical from or something.
This. Shit. Ain’t. Free. There is an inherent cost, an “effort” required to communicate with others. You pay it with money, time or privacy. The overwhelming choice lately has been “privacy”, but it’s obviously something that not everyone is comfortable with, because we didn’t have the term “enshittification” before we started this flavor of our collective idiocy.
sugar_in_your_tea@sh.itjust.works 3 weeks ago
The checkmark is the wrong approach. You should never trust accounts, because accounts get hacked. We should instead use cryptographic signatures on individual posts, and clients can warn when that signature doesn’t match the account’s public key, or if that key changed recently. The private key would never live on the server, and ideally live outside the app.
This doesn’t verify identity, it just proves the key didn’t change. To establish identity, the person needs to use the same key in multiple places, such as posting it on a personal website or something. If a service wants to add their own stamp of approval, they can sign these public keys and embed them into the apl for clients to use (e.g. show a blue checkmark if Bluesky can verify the public key outside its system).
If the private key is compromised, repeat the process, potentially signing the new key with both the old and new key to prove control of both (or start from scratch if needed). Repeat whenever they get hacked.
sunglocto@lemmy.dbzer0.com 3 weeks ago
Preaching to the choir
But anyway anyone who thinks bluesky is actually decentralised will learn sooner rather than later that that’s not the case
ImmersiveMatthew@sh.itjust.works 4 weeks ago
Bluesky is like a mini example of why Communism does not work. Centralization is a drug.
Eyekaytee@aussie.zone 4 weeks ago
How does bluesky make money?
cyrano@lemmy.dbzer0.com 4 weeks ago
Embrace the fediverse
vodkasolution@feddit.it 3 weeks ago
you don’t kill a cow for a scratch on her leg (I hope the saying is understandable for everybody since it doesn’t come from English).
I’m on mastodon and bluesky: the first is even less populated than here and a big part of the interesting content comes from bot reposting popular accounts from x or reddit, while the second is far from being THE solution but it’s nowadays a -not wildly populated- compromise. I don’t condone (while I understand) the Turkish bans and I’m not interested in a verification system: if I’d like one, I’d use https://en.wikipedia.org/wiki/EIDAS.
I hope bluesky will correct its approach for what they can (the “good old” twitterin the golden era was banned in Turkey)lovewhenshe@lemmy.world 3 weeks ago
Yous are hyping it a basic verification system which can’t be bought and is handed out for the sake of showing credibility is a good thing
Supervisor194@lemmy.world 4 weeks ago
I’ve seen this movie before.
mr2meows@pawb.social 3 weeks ago
this is unnecessary with custom domains
h3mlocke@lemm.ee 4 weeks ago
You eeediots!
einkorn@feddit.org 4 weeks ago
Were only one instance exist or did I miss something?
InfiniteHench@lemmy.world 4 weeks ago
As I understand it, the protocol has the ability to decentralize built in. But the technical requirements are prohibitively high to the point only large businesses or corps could afford to do it, and I believe (someone correct me) the company hasn’t switched on the functionality yet.
Drunemeton@lemmy.world 4 weeks ago
Last heard (a few months ago) the cost is in storage. The protocol isn’t too complicated now, but it generates a shit ton of data, and IIRC you need a minimum of 3 copies.
noodlejetski@lemm.ee 4 weeks ago
my mom has always told me that I had the potential to work at NASA. but the requirements are prohibitively high
unexposedhazard@discuss.tchncs.de 4 weeks ago
The biggest thing is that you need to be manually authorized by them for federation. They will only ever federate with servers that arent serious enough competition to lead to democratization of the overall network.
Natanael@infosec.pub 3 weeks ago
Maybe you remember PDS federation not being open for a while, but it’s open now.
Running a public appview can be very expensive, but they’re working on making it cheaper to run one with a limited scope.
MangoPenguin@lemmy.blahaj.zone 4 weeks ago
Nope, it’s 100% centralized.
lone_faerie@lemmy.blahaj.zone 4 weeks ago
It’s 100% centralized, but with the ability to be decentralized. Sorta like Threads before they started federating
victorz@lemmy.world 4 weeks ago
This is a little bit more black and white compared with the other responses. 🙈
Pirata@lemm.ee 4 weeks ago
I think their initial selling point was that Eventually©®™ Bluesky would federate with the rest of the Fediverse.
Is anybody really surprised that a social media corporation didn’t make it their utmost priority to allow their userbase to connect out of their proprietary platform?
Natanael@infosec.pub 3 weeks ago
They never said they’d do so natively with other protocols - but they support Bridgy, so you already can do that.
massi1008@lemmy.world 4 weeks ago
You can easily host your own instance with a simple docker stack.
I dont know of any public instances except the main but I also havent searched.
BackwardsUntoDawn@lemm.ee 4 weeks ago
you can host your own PDS, but everyone is still using the same appview
fmstrat@lemmy.nowsci.com 3 weeks ago
I dont see this in the article.