Interesting story from @tedium about an extortion scheme targeting prominent personalities on Bluesky who don't own their own domain.
-
Interesting story from @tedium about an extortion scheme targeting prominent personalities on Bluesky who don't own their own domain.
"Cybersquatting is not a new issue, of course, but Bluesky’s decision to tie verification to domains as social proof shows the limitations of the strategy."
https://tedium.co/2024/12/17/bluesky-impersonation-risks/
I wonder how this would play out in the fediverse.
-
T [email protected] shared this topic
-
O [email protected] shared this topic
-
DJM (freelance for hire)replied to Stefan Bohacek last edited by
@stefan Seems BS T&S is abysmally bad. There have been many more problems since last week (Singal, etc.).
The composable moderation works with smart people. Bad players will profit if the T&S team is not up to the task.
Oh and never forget that everything's public on BS, even your block list...
-
M [email protected] shared this topic
-
Adam Katz :donor:replied to Stefan Bohacek last edited by
@stefan @tedium if Mastodon were larger, it would have this same problem but worse (since there is no centralized moderation); there's nothing stopping somebody from setting up @[email protected] or @[email protected]. It's a cost of federation.
-
Stefan Bohacekreplied to Adam Katz :donor: last edited by
@adamhotep Well the real problem comes from the fact that some fediverse platforms, including Mastodon (https://docs.joinmastodon.org/user/profile/#verification) and Friendica (https://wiki.friendi.ca/docs/verify_homepage) let you verify links you put on your profile.
I see that you have a verified GitHub link on yours, with a green checkmark.
I could easily create https://github.com/therealadamhotep, and verify that on another account, making it look more authentic than just a matching username.
-
@adamhotep I still think this is overall a great way to manage verification, I suppose, as someone else said in my replies, it just has to fall on server admins to handle cases of impersonation. I think this works better in a truly decentralized system, as impersonators can't as easily get traction.
-
Stefan Bohacekreplied to DJM (freelance for hire) last edited by
@cybeardjm Yeah, after hearing how much better the safety and privacy features are on Bluesky, I was a bit surprised by reports of all these issues they've been having.
