Anyone who is surprised that BlueSky is going down the same path as Twitter (X, not withstanding) belongs on BlueSky.
Angry, disappointed users react to Bluesky's upcoming blue check mark verification system
Submitted 1 month ago by cyrano@lemmy.dbzer0.com to technology@lemmy.world
Comments
aeronmelon@lemmy.world 1 month ago
njordomir@lemmy.world 1 month ago
I think a few more people “get it” every time the cycle repeats, but also, a sucker is born every minute.
primemagnus@lemmy.ca 1 month ago
If it ends Elon, I’m gonna allow it. If Twitter fails, his stock in Tesla will have to back it. If that tanks… he’ll have to work his way out of bankruptcy. Just squeeze….
thatKamGuy@sh.itjust.works 1 month ago
He’s already sold Twitter/X to xAI; he’s got his arse covered when the bottom eventually falls out.
stardust@lemmy.ca 1 month ago
Yeah for the masses they will likely always flock to commercialized easy to use social media that reaches critical mass the fastest, so them being willing to move and keep moving is best we can hope for. For rest of us stuff like fediverse will be there to use.
moakley@lemmy.world 1 month ago
Would it be so bad if it follows the same path as Twitter? If it connects people and organizations in an honest and helpful way for fifteen years?
Or we could all just keep shitting on it while it facilitates social and political movements and enables rapid communication across the planet. Then more than a decade from now when some Ultra-Nazi trillionaire buys it, we can all say “I told you so,” and be real smug about it.
emb@lemmy.world 1 month ago
I do not see anything to be angry or disappointed about?
Verification badge was good, the dumb thing Twitter did was throw it away by letting anyone pay for it.
drmoose@lemmy.world 1 month ago
Nah it was not good. Domain names already do that and are accessible to all at all times. Bluesky is literally regressing.
pupbiru@aussie.zone 1 month ago
domain names do that for people with well known domain names, and verification processes do that for people without
emb@lemmy.world 1 month ago
Far from perfect, but I think it’s good to have a layer that very visibly shows ‘yes, this is the account you want’.
Domains are a worthwhile addition, but they run into almost the same problem as usernames and handles. Can be made misleading easily - sure, I could often go to the web address and verify it (if they don’t put up a convincing fake site), but that’s much lower visibilty.
Eg, you can probably register nintendo@nintendoamerico and get it by some folks just as easily as registering the Twitter handle. There’s a payment step to get the domain, but that’s about it.
The centralization problem you mention is a good point though. It was a fine system, if you felt like you could trust Twitter as a verifier. Today obviously, one could not. But Bsky seems to at least theoretically have a ‘choose your verification provider’ idea in mind, which would (again theoretically) resolve a lot of that issue.
merdaverse@lemmy.world 1 month ago
“Everyone should be able to setup their own domain and mess with DNS records to get a verified account”
Do you realize how utterly disconnected from reality this sounds?? Technical people that have absolutely not clue on how make good UX for end users is how we got Mastodon in the first place, and why its adoption is abysmal.
Saleh@feddit.org 1 month ago
If the same authority is doing verification that is also doing moderation and both ultimately in a for profit setting, that has conflict of interest.
We dont know how reliable bluesky moderation will stay. We dont know how they will respond to political pressure. We dont know how they will monetize past the growth phase and then could also argue a “service fee” for verification.
In a perfect world none of these would happen, but then everybody could still be on twitter and be fine there.
Arcka@midwest.social 1 month ago
They have already censored entire accounts at the request of governments.
merdaverse@lemmy.world 1 month ago
This is just a web of trust model, aka a decentralized model of verification. This thread is mostly people that haven’t read the details that want to confirm that “Bluesky has been enshittified”.
Arcka@midwest.social 1 month ago
Decentralized isn’t the right word to use for a system like this.
Even though BS is going to appoint multiple different volunteer moderators (aka “Trusted Verifiers”) for this system, ultimate authority and control are entirely centralized with BS.
Mars2k21@sh.itjust.works 1 month ago
idk man I haven’t seen anyone complaining about it on Bluesky
This is a net positive, nice to have a social media where verification checks are…actually used for verifying the person behind an account
cyrano@lemmy.dbzer0.com 1 month ago
But isn’t the domain already doing that?
nekusoul@lemmy.nekusoul.de 1 month ago
The problem with domains is that regular people would need to know what a domain is and what verified ownership says about the account in question.
Even then, reading domains is quite difficult, even for people who know about the topic: Humans are Bad at URLs and Fonts Don’t Matter
spongebue@lemmy.world 1 month ago
If they are, and there isn’t anything to display it, how are were to know what’s been vetted and what’s slipped through the cracks? Especially on a new account?
thekerker@lemmy.world 1 month ago
I saw some small talk about it, and it really just boiled down to domain verification is great for more tech savvy folks, but trying to get larger accounts (think politicians, celebrities, etc) is a lot harder. Having a visual check, using tools within the app or site, is a lot easier.
And personally I like the idea of verification checks as long as it remains a simple means to do just that: verify the owner of the account. Morons like Musk and his ilk always thought it was a clout thing, and for a small minority that was probably the case, but by and large before he ruined it, it was great.
BackwardsUntoDawn@lemm.ee 1 month ago
I feel like domain usernames are still inherently susceptible to phishing, you can get a typo or similar character to try and trick someone that your username is an official one
Natanael@infosec.pub 1 month ago
Domains only help you verify organizations and individuals you recognize directly.
This verification system also allows 3rd parties (it’s NOT just bluesky themselves!) to issue attestations that s given account belongs to who they say they are, which would help people like independent journalists, etc.
airportline@lemm.ee 1 month ago
Most of the complaints I’ve seen were about Bluesky’s lack of a formal verification system.
They could never figure out how the current system of checking the username.
setsneedtofeed@lemmy.world 1 month ago
Based on how verification was revoked for some users on Twitter based on their content rather than question of their identity, I’m cautious about this system turning into the status symbol it became on Twitter rather than the verification it claimed to be.
Tattorack@lemmy.world 1 month ago
So long as the checkmark isn’t bought through some subscription service, I’m fine with this.
The whole reason why verification exists is because other will steal the name of someone famous and masquerade as them, with real world consequences. A verification system now means that certain platforms and people will get more attracted to be there, and thus Bluesky will grow.
setsneedtofeed@lemmy.world 1 month ago
Unfortunately, the forecast isn’t good for the integrity of what should be a simple system. Under Dorsey, the Twitter blue checkmark had already become a tool for showing content approval by Twitter. In various instances users had their status removed based on their content and not on a question of if they were who they claimed to be.
GoMati@lemmy.world 1 month ago
It’s not.
Not yet 😏
Duamerthrax@lemmy.world 1 month ago
My default is to just assume that they aren’t the same person unless corroborated by that person.
southsamurai@sh.itjust.works 1 month ago
The fuck did anyone expect?
Pirata@lemm.ee 1 month ago
This was always bait to keep people using corporate social media instead of decentralizing. I am not sorry for the users one bit.
reddig33@lemmy.world 1 month ago
I don’t see anything controversial in the article. Did I miss something? Just looks like a way to make sure the public figures and companies you are communicating with are who they say they are.
Zak@lemmy.world 1 month ago
I think the existing domain-based verification system is a better way of doing that. Something like Mastodon’s verified links might be a nice addition. This more centralized system is… not what I hoped for.
reddig33@lemmy.world 1 month ago
I didn’t sound like a centralized system from the article. More like they want a third party like Verisign or something.
Something will have to be done as these platforms become more popular to cut down on fraud and disinformation. You don’t want people impersonating other people or organizations, or companies. Even if Bluesky starts federating to other platforms, just knowing that they have a blue sky blue check would be an improvement if you could display that check on other clients like mastodon posts.
ICANN has already made a mess of domain names so I don’t know if relying on the domain is enough. People are using non-Roman characters to trick people into thinking a website domain is the real thing. Others are buying up all these random domains so you get things like medicare.net and medicare.org and medicare.com etc etc.
I dunno what the answer is. Just rambling out loud in frustration.
merdaverse@lemmy.world 1 month ago
What are you talking about? This is a web of trust model, literally a decentralized model. Not everyone on social media needs to have technical skills to verify via DNS records, verified links etc. If you want a community that gatekeeps for for computer engineers only, you already have Mastodon.
cyrano@lemmy.dbzer0.com 1 month ago
Verification wise there is already domain. But ultimately, it is too soon for the twitter exodus to get the blue check. All in all, this type of outrage is doomed to repeat with that type of central entity.
MangoPenguin@lemmy.blahaj.zone 1 month ago
It already has domain verification which is better IMO.
Wimster@lemmy.wtf 1 month ago
Bluesky is the new X. After canceling the accounts of Turkish protesters this is the next step for the big money behind Bluesky. That’s why I deleted my account a few days ago.
DoomProphet@lemmy.dbzer0.com 1 month ago
Same. Deleted my account when they started to censor the Turkish protestors. Not that I used the account really but still.
SouthEndSunset@lemm.ee 1 month ago
Exactly, Bluesky has been shitty for a while for lots of reasons. I’m not understanding why this is the line in the sand.
zarkanian@sh.itjust.works 1 month ago
What’s the story with the Turkish protesters?
yigruzeltil@lemm.ee 1 month ago
Bluesky has basically bowed to the Turkish regime: turkishminute.com/…/bluesky-restrict-access-72-ac…
rpl6475@lemmy.ml 1 month ago
Then come over to Mastodon…
ComradeRachel@lemmy.blahaj.zone 1 month ago
Tbh I’ve seen more people asking for this than the people complaining.
Rocketpoweredgorilla@lemmy.ca 1 month ago
There’s been a lot of impersonated accounts popping up lately, so it doesn’t surprise me they’ve opted to do something like this.
TommySoda@lemmy.world 1 month ago
Oh yeah, they are literally everywhere. And a lot of them are impersonating people that haven’t switched from Twitter yet to take advantage of it specifically.
MangoPenguin@lemmy.blahaj.zone 1 month ago
Bluesky already has domain based verification which solves that perfectly, I guess people just don’t want to use it.
MangoPenguin@lemmy.blahaj.zone 1 month ago
How come they don’t use the already built in domain verification? It’s basically fool proof to certify that an account is owned by a specific entity.
ComradeRachel@lemmy.blahaj.zone 1 month ago
It’s what Twitter had and most people on blueksy just want Twitter before Elon. It sucks but that is really what the majority of people even want. They don’t care about the decentralized stuff.
RagingRobot@lemmy.world 1 month ago
I think having both is nice
UnderpantsWeevil@lemmy.world 1 month ago
I can’t believe the guy who originally administered the creation of Twitter would do all the exact same things that originally made him billions of dollars selling the company to Elon Musk.
There’s no way he’s just speed-running what he did last time in hopes of another $44B buyout.
joel_feila@lemmy.world 1 month ago
Something like this unavoidable.
Example, ted cruz the car mechanic in marfa Texas has just has much right to use blusky as
professional shit bagsenator ted cruz. But hiw do tell the real one from the racid sack of weasels.emeralddawn45@discuss.tchncs.de 1 month ago
People use usernames like they always have, and rely on reputation to distinguish themselves from the fakes? Senator ted ceuz makes an account called ‘senatortedcruz’ or if thats taken ‘therealsenatortedcruz’, and the mechanic makes one called ‘tedcruzcars’ or whatever. I dont see how your example is even relevant, because under a checkmark verification system both the mechanic ted cruz, and the senator ted cruz would be valid and deserving of a check mark, so there has to be some other way of distinguishing them anyway.
joel_feila@lemmy.world 1 month ago
Its whay the original lawsuit that created checkmarks was about.
sugar_in_your_tea@sh.itjust.works 1 month ago
It’s easy: cryptographic signatures. If you want to prove your identify, post a public key on something that you need to prove identity for (personal website or something) and sign your posts with the same key. That way everyone can tell the that the same key listed on the website is used for SM posts. Clients can check this automatically and flag anything on your “official” account that’s signed with a different key.
This is much better than a checkmark system, because accounts get hacked and whatnot. It’s really easy to check a cryptographic signature, and it’s really hard to fake. If the website gets hacked, the signature won’t match previous posts.
The main concern here is losing the key. If someone steals your key, generate a new one, and sign it with the old key and the new one. Boom, now everyone can tell you control both keys, while the attacker only controls the old one.
FourWaveforms@lemm.ee 1 month ago
That’s only easy for nerds, and it doesn’t help if the private key is on a device that gets compromised.
joel_feila@lemmy.world 1 month ago
But how would a user see that this poat was made with the right crypto key. Maybe some check mark on the Post or some sign.
TheEighthDoctor@lemmy.zip 1 month ago
No one disliked the check mark before “Genghis Kunt” started selling it
brucethemoose@lemmy.world 1 month ago
It was selectively given to institutions and “major” celebrities before that.
Selling them dilutes any meaning of “verified” because any joe can just pay for extra engagement. It’s a perverse incentive, as the people most interest in grabbing attention buy it and get amplified.
It really has little to do with Musk.
blazeknave@lemmy.world 1 month ago
To quote my well known journalist friend after switching from twitter “what’s that? Oh, that open source stuff? Hahaha nah bruh, mastodon is silly”
SwingingTheLamp@midwest.social 1 month ago
Reminds me of a meeting my co-worker and I had with the IT staff of a company that is a customer using research instruments in our facility. The meeting was to ask us to enable data synchronization through SharePoint. (We’re a Linux shop.) We asked what the issue was with getting their data files with SFTP. They said, “It’s open source.”
Then, a few beats of silence as it sinks in for us that there is no next step in the chain of logic. That is the totality of their objection.
Dsklnsadog@lemmy.dbzer0.com 1 month ago
Decentralized, yeah sure!
MyOpinion@lemm.ee 1 month ago
This shitshow sounds familiar.
_cryptagion@lemmy.dbzer0.com 1 month ago
I’m shocked. Shocked, I tell you.
jaemo@sh.itjust.works 1 month ago
ARE WE LEARNING HOW “SOCIAL MEDIA” WORKS YET HUMANITY?
Seriously. How many more fucking times do we need to go around this goddamn merry go round until we just start calling each other on the phone and meeting face to face again. You know, where the only enshittification is the one you bring with you. It’s fucking boring me now, how many of these stupid ass things I didn’t join because I’ve already, apparently, gotten the memo and how, inevitably, something like this happens, and everyone acts surprised and disappointed , as though inevitability was a concept they felt they’d been given a sabbatical from or something.
This. Shit. Ain’t. Free. There is an inherent cost, an “effort” required to communicate with others. You pay it with money, time or privacy. The overwhelming choice lately has been “privacy”, but it’s obviously something that not everyone is comfortable with, because we didn’t have the term “enshittification” before we started this flavor of our collective idiocy.
sugar_in_your_tea@sh.itjust.works 1 month ago
The checkmark is the wrong approach. You should never trust accounts, because accounts get hacked. We should instead use cryptographic signatures on individual posts, and clients can warn when that signature doesn’t match the account’s public key, or if that key changed recently. The private key would never live on the server, and ideally live outside the app.
This doesn’t verify identity, it just proves the key didn’t change. To establish identity, the person needs to use the same key in multiple places, such as posting it on a personal website or something. If a service wants to add their own stamp of approval, they can sign these public keys and embed them into the apl for clients to use (e.g. show a blue checkmark if Bluesky can verify the public key outside its system).
If the private key is compromised, repeat the process, potentially signing the new key with both the old and new key to prove control of both (or start from scratch if needed). Repeat whenever they get hacked.
sunglocto@lemmy.dbzer0.com 1 month ago
Preaching to the choir
But anyway anyone who thinks bluesky is actually decentralised will learn sooner rather than later that that’s not the case
ImmersiveMatthew@sh.itjust.works 1 month ago
Bluesky is like a mini example of why Communism does not work. Centralization is a drug.
Eyekaytee@aussie.zone 1 month ago
How does bluesky make money?
cyrano@lemmy.dbzer0.com 1 month ago
Embrace the fediverse
vodkasolution@feddit.it 1 month ago
you don’t kill a cow for a scratch on her leg (I hope the saying is understandable for everybody since it doesn’t come from English).
I’m on mastodon and bluesky: the first is even less populated than here and a big part of the interesting content comes from bot reposting popular accounts from x or reddit, while the second is far from being THE solution but it’s nowadays a -not wildly populated- compromise. I don’t condone (while I understand) the Turkish bans and I’m not interested in a verification system: if I’d like one, I’d use https://en.wikipedia.org/wiki/EIDAS.
I hope bluesky will correct its approach for what they can (the “good old” twitterin the golden era was banned in Turkey)Supervisor194@lemmy.world 1 month ago
I’ve seen this movie before.
lovewhenshe@lemmy.world 1 month ago
Yous are hyping it a basic verification system which can’t be bought and is handed out for the sake of showing credibility is a good thing
mr2meows@pawb.social 1 month ago
this is unnecessary with custom domains
h3mlocke@lemm.ee 1 month ago
You eeediots!
einkorn@feddit.org 1 month ago
Were only one instance exist or did I miss something?
InfiniteHench@lemmy.world 1 month ago
As I understand it, the protocol has the ability to decentralize built in. But the technical requirements are prohibitively high to the point only large businesses or corps could afford to do it, and I believe (someone correct me) the company hasn’t switched on the functionality yet.
Drunemeton@lemmy.world 1 month ago
Last heard (a few months ago) the cost is in storage. The protocol isn’t too complicated now, but it generates a shit ton of data, and IIRC you need a minimum of 3 copies.
noodlejetski@lemm.ee 1 month ago
my mom has always told me that I had the potential to work at NASA. but the requirements are prohibitively high
unexposedhazard@discuss.tchncs.de 1 month ago
The biggest thing is that you need to be manually authorized by them for federation. They will only ever federate with servers that arent serious enough competition to lead to democratization of the overall network.
Natanael@infosec.pub 1 month ago
Maybe you remember PDS federation not being open for a while, but it’s open now.
Running a public appview can be very expensive, but they’re working on making it cheaper to run one with a limited scope.
MangoPenguin@lemmy.blahaj.zone 1 month ago
Nope, it’s 100% centralized.
lone_faerie@lemmy.blahaj.zone 1 month ago
It’s 100% centralized, but with the ability to be decentralized. Sorta like Threads before they started federating
victorz@lemmy.world 1 month ago
This is a little bit more black and white compared with the other responses. 🙈
Pirata@lemm.ee 1 month ago
I think their initial selling point was that Eventually©®™ Bluesky would federate with the rest of the Fediverse.
Is anybody really surprised that a social media corporation didn’t make it their utmost priority to allow their userbase to connect out of their proprietary platform?
Natanael@infosec.pub 1 month ago
They never said they’d do so natively with other protocols - but they support Bridgy, so you already can do that.
massi1008@lemmy.world 1 month ago
You can easily host your own instance with a simple docker stack.
I dont know of any public instances except the main but I also havent searched.
BackwardsUntoDawn@lemm.ee 1 month ago
you can host your own PDS, but everyone is still using the same appview
fmstrat@lemmy.nowsci.com 1 month ago
I dont see this in the article.