Bluesky's use of domains to verify users has led to cybersquatting and impersonation, as domains don't offer enough social proof for the average person (Ernie Smith/Tedium)
-
Bluesky's use of domains to verify users has led to cybersquatting and impersonation, as domains don't offer enough social proof for the average person (Ernie Smith/Tedium)
https://tedium.co/2024/12/17/bluesky-impersonation-risks/
http://www.techmeme.com/241217/p38#a241217p38 -
-
@Techmeme @ernie Yep. I voiced some similar concerns about this system a month ago https://bsky.app/profile/shellsharks.com/post/3lbk3a2eij22e. It's really only useful for folks who already have well-established, reputable domains that the wider public associates with them. So... good for tech nerds, bloggers, reporters and maybe government officials (if they decided to leverage it)
-
@shellsharks @Techmeme I was thinking out loud about a solution to this and what I came up with was:
- Only allow easy passthrough for domains over a certain age (like a year)
- Add a verification step to the registration of domains through Bluesky
- For non-Bluesky domains, require a one-time domain verification process for a small feeThe domain is useful in certain cases, but the problem is that it alone is weak social proof if you aren’t already known or famous.
-
@ernie @Techmeme Yeah, they should just change their tune/language around domain verification. They've marketed it as a way to "verify yourself” similar to what Twitter had, but as we both know, it only verifies that you own a domain, not that you are who you say you are / are implying you are. Maybe cat's too out of the bag on that one by now though? Seems like they're cooking up a more robust (paid) verification capability now anyways.
Not the first questionable security thing they've done
-
-
oooh, ooh
what are some things on the spectrum of robustness for social proof?
e.g.,
domain proof: mostly automated
paid proof: expensive for spammers
ID verification/real names: privacy concernsare there ones that have more benefits or nuanced problems?
-