The checkmark is the wrong approach. You should never trust accounts, because accounts get hacked. We should instead use cryptographic signatures on individual posts, and clients can warn when that signature doesn’t match the account’s public key, or if that key changed recently. The private key would never live on the server, and ideally live outside the app.
This doesn’t verify identity, it just proves the key didn’t change. To establish identity, the person needs to use the same key in multiple places, such as posting it on a personal website or something. If a service wants to add their own stamp of approval, they can sign these public keys and embed them into the apl for clients to use (e.g. show a blue checkmark if Bluesky can verify the public key outside its system).
If the private key is compromised, repeat the process, potentially signing the new key with both the old and new key to prove control of both (or start from scratch if needed). Repeat whenever they get hacked.
Yeah I deleted my Bluesky. All public companies eventually turn to shit because of the shareholders unending greed.
Lots of “how dare they solve a real problem with the only method yet invented” in these replies. Gtfo losers, clutch your pearls harder. If you don’t like Bluesky don’t use it. Don’t be a whiny little bitch about it.
ARE WE LEARNING HOW “SOCIAL MEDIA” WORKS YET HUMANITY?
Seriously. How many more fucking times do we need to go around this goddamn merry go round until we just start calling each other on the phone and meeting face to face again. You know, where the only enshittification is the one you bring with you. It’s fucking boring me now, how many of these stupid ass things I didn’t join because I’ve already, apparently, gotten the memo and how, inevitably, something like this happens, and everyone acts surprised and disappointed , as though inevitability was a concept they felt they’d been given a sabbatical from or something.
This. Shit. Ain’t. Free. There is an inherent cost, an “effort” required to communicate with others. You pay it with money, time or privacy. The overwhelming choice lately has been “privacy”, but it’s obviously something that not everyone is comfortable with, because we didn’t have the term “enshittification” before we started this flavor of our collective idiocy.
this is unnecessary with custom domains
Then come over to Mastodon…
No one disliked the check mark before “Genghis Kunt” started selling it
Bluesky is the new X. After canceling the accounts of Turkish protesters this is the next step for the big money behind Bluesky. That’s why I deleted my account a few days ago.
What’s the story with the Turkish protesters?
Bluesky has basically bowed to the Turkish regime: https://www.turkishminute.com/2025/04/17/bluesky-restrict-access-72-account-turk-amid-government-pressure/
Exactly, Bluesky has been shitty for a while for lots of reasons. I’m not understanding why this is the line in the sand.
Same. Deleted my account when they started to censor the Turkish protestors. Not that I used the account really but still.
Preaching to the choir
But anyway anyone who thinks bluesky is actually decentralised will learn sooner rather than later that that’s not the case
Yous are hyping it a basic verification system which can’t be bought and is handed out for the sake of showing credibility is a good thing
The sake of credibility? What decides that though? Likes? Likes are a big problem imo. It doesn’t really do anything except create echo chambers.
IMO it’s not that blue check equals credibility, but rather it equals that you are who you say you are. This is a good thing particularly when it comes to public figures/officials — not for their sake, mind you, but for the sake of other people who may see a tweet from them. If the checkmark is there, then it’s them. If not, then it’s an impersonator. Right now it’s difficult to tell.
Tl;dr: it doesn’t make what they say real, it just makes them real.
Something like this unavoidable.
Example, ted cruz the car mechanic in marfa Texas has just has much right to use blusky as
professional shit bagsenator ted cruz. But hiw do tell the real one from the racid sack of weasels.It’s easy: cryptographic signatures. If you want to prove your identify, post a public key on something that you need to prove identity for (personal website or something) and sign your posts with the same key. That way everyone can tell the that the same key listed on the website is used for SM posts. Clients can check this automatically and flag anything on your “official” account that’s signed with a different key.
This is much better than a checkmark system, because accounts get hacked and whatnot. It’s really easy to check a cryptographic signature, and it’s really hard to fake. If the website gets hacked, the signature won’t match previous posts.
The main concern here is losing the key. If someone steals your key, generate a new one, and sign it with the old key and the new one. Boom, now everyone can tell you control both keys, while the attacker only controls the old one.
People use usernames like they always have, and rely on reputation to distinguish themselves from the fakes? Senator ted ceuz makes an account called ‘senatortedcruz’ or if thats taken ‘therealsenatortedcruz’, and the mechanic makes one called ‘tedcruzcars’ or whatever. I dont see how your example is even relevant, because under a checkmark verification system both the mechanic ted cruz, and the senator ted cruz would be valid and deserving of a check mark, so there has to be some other way of distinguishing them anyway.
Its whay the original lawsuit that created checkmarks was about.
What is? How does a checkmark help distinguish between two people that have the same name? The checkmark just shows that the person is who they say they are.
mastodon exists
So long as the checkmark isn’t bought through some subscription service, I’m fine with this.
The whole reason why verification exists is because other will steal the name of someone famous and masquerade as them, with real world consequences. A verification system now means that certain platforms and people will get more attracted to be there, and thus Bluesky will grow.
It’s not.
Not yet 😏
My default is to just assume that they aren’t the same person unless corroborated by that person.
Unfortunately, the forecast isn’t good for the integrity of what should be a simple system. Under Dorsey, the Twitter blue checkmark had already become a tool for showing content approval by Twitter. In various instances users had their status removed based on their content and not on a question of if they were who they claimed to be.
This shitshow sounds familiar.
To quote my well known journalist friend after switching from twitter “what’s that? Oh, that open source stuff? Hahaha nah bruh, mastodon is silly”
Reminds me of a meeting my co-worker and I had with the IT staff of a company that is a customer using research instruments in our facility. The meeting was to ask us to enable data synchronization through SharePoint. (We’re a Linux shop.) We asked what the issue was with getting their data files with SFTP. They said, “It’s open source.”
Then, a few beats of silence as it sinks in for us that there is no next step in the chain of logic. That is the totality of their objection.
Ok so they knew enough about software to use open source correctly in a sentence, but could not even list one reason why they didn’t want to use it.
We had to fight tooth and nail to get even a few of us able to use Ubuntu on our development machines (even though 90% of our servers are Ubuntu). The old heads in IT were like, “Uhh that open-source stuff? We use Windows for security”. Like wtf?? Lack of cognitive dissonance much? They are completely brainwashed by the old Microsoft FUD
Normies will not go on Mastodon.
