GioCities - tech

Verification on Bluesky is already perfect

2024-12-03T00:00:00-06:00

Bluesky has very quickly become a serious social media platform. This means it’s having to deal with all the problems social media platforms have to deal with, including impersonation. A lot of people flocked to Bluesky from Twitter, and so recreating something like Twitter’s verification system seems like a natural step.

Bluesky Safety@safety.bsky.app
6/ We also hear your feedback: users want more ways to verify their identity beyond domain verification. We’re exploring additional options to enhance account verification, and we hope to share more shortly.
2024-11-29T20:46:33.430Z

But you don’t need to do that! Bluesky’s current verification system is actually very good and does what verification is supposed to do.

In 2022 I wrote a retrospective essay about the “verified account” design pattern on Twitter, which tried to preempt this conversation a little bit, but unfortunately got bogged down a little with Elon breaking Twitter verification. This piece will talk about a lot of the same ideas, but applied more specifically to Bluesky’s ecosystem.

Bluesky handle verification

Bluesky already has a very good self-verification system called domain handles. The idea is simple: if you have a website, your bluesky handle can be that website, and that verifies that the bluesky account is also the person who manages the site.

There are a number of ways to confirm your identity for this; if you own the DNS record you can verify yourself through DNS, but you can also verify yourself by putting code in the body of a page. This means any “real” website you administer, including things like neocities, can be used as verification. These domains can also be provided by an employer, like <name>.nytimes.com

Other services, including mastodon, have a similar system for self-verifying based on web domains. Bluesky’s verification stands out better though, since it uses your website for your handle. Any verification on the account will show up in every post, at the very top. You don’t need to dig through someone’s profile to confirm their identity, everyone wears it on their sleeve.

Don’t overload verification

One of my main points from The Failure of Account Verification was that the reason the blue check was ineffective was that it was semantically overloaded. It wasn’t clear what it was supposed to mean, because it could mean so many things. Does it confirm you’re who you claim to be? Or does it confirm that you’re a celebrity? Or does it constitute endorsement by the platform? Or does it mean you’re a first-class citizen of Elon Musk’s X The Everything App?

Bluesky has the perfect opportunity to short-circuit this problem, because verification is already explicitly defined. It means you control a specific web domain.

Web domains

Web domains are a heirarchial system. The components of the domain name are separated by .s, and each component is a subdomain of the domain to its right. So mail.google.com means com has the subdomain google, which has the subdomain mail. google controls mail.google.com, and com (an ICANN top-level domain) controls google.com.

A really useful feature of this system is that the trust chain is visible in the domain name, and you can understand the hierarchical relationship a domain represents at a glance. This means you don’t have to memorize every domain that exists, as some people have ludicrously argued. You just have to be able to read a domain name, which is not much to ask. It’s not an esoteric skill, it’s basic literacy.

This trust-chain-in-the-name feature is what lets verification work for domains like neocities or senate.gov: If you have a neocities account, you control <site>.neocities.com. You can’t pose as neocities itself, or a different neocities user, because you only have access to that one subdomain.

Dylan Freedman@dylanfreedman.nytimes.com
Update: I'm now @dylanfreedman.nytimes.com!
2024-12-02T20:09:36.196Z

Non-verified Bluesky handles conform to this system too. If you have a <user>.bsky.social handle, that just means bsky.social has you as a user. The hierarchy is still there and it’s still correct.

What do you want verification to do?

If you want a “pure” system of verification that verifies the authenticity — and only the authenticity — of accounts, Bluesky already has exactly what you want: an unambiguous, purely technical verification system that isn’t dependent on value judgements from human moderators. It doesn’t mean someone is “trustworthy”, it just means they are who they say they are. “Legit” is not an intrinsic property a person can have. Domain verification communicates one thing, and does it well: this person is the same person from this website.

Trying to add an additional verification system (like a badge) that adds other connotations (like prestige) can only add confusion to this signal.

I’ve seen lots of people on Bluesky complaining that domain verification is “insufficient” because people can make generic impersonation accounts under bsky.social, or that there’s some need for a “real” verification system. But this logic doesn’t hold up.

Having a blue checkmark in your name won’t stop people from making unverified accounts impersonating you on the generic bsky.social domain, obviously. The blue check only helps in comparing a fake account to the real one, because the real one will have authenticating information in the handle. This is, of course, exactly the same thing domain verification does.

Problems with Bluesky verification

Just because the current system is “pure” and “unambiguous” doesn’t mean there aren’t issues. I don’t think any of these are helped by a badge system, but I do think they’re weaknesses it’s good to be aware of.

Revocation

If your verified Bluesky handle is <name>.<newsroom>.com, to verify that you’re currently employed by newsroom, what happens when you quit? Assuming newsroom correctly deactivates your page (hopefully leaving it up for historical purposes, but removing the verification code), what happens on Bluesky?

There has to be a system to periodically re-check these verified handles to see if something has changed in the domain verification chain, like your company no longer authenticating you as an active member. If that happens, what happens to your Bluesky handle? Is there action required to fix it (i.e. the “invalid handle” state), or are you reassigned a generic name again? What happens to links to your old name; can you leave a redirection notice?

Currently, in this case, Bluesky will revert the account to a .bsky.social handle, but accounts will keep their history and followers.

Bad actor domains

Domains themselves can be fake. We already see this as part of phishing attack chains: you get an email from your bank with a link to <bankname>.net, but you don’t realize bankname’s real domain is <bankname>.com!

Now, imagine the same attack but with Bluesky handles. You’re contacted by service.<bankname>.net, and it seems like they’ve verified themselves as authorized representatives of bankname. But they’re not!

Comfortably Numb@numb.comfortab.ly
Speaking of verification via domain name handle. This is fake.
2024-12-04T01:38:30.821Z

There are a few ways to handle this. Accounts that are engaged in malicious impersonation can still be banned by Bluesky moderation, regardless of their handle. But in this case, the top-level domain and ICANN can also exert pressure from the domain side. Web hosts do not want to be responsible for phishing campaigns, and reputable top-level domains don’t want to implicitly approve fake subdomains. In the above example, .net itself can moderate the fake site, and even remove it from the .net domain.

It doesn’t mark who the angels are

This is what everybody wants, right? I think a lot boils down to this.

People want a filter they can put over the world that tells them who they can trust and who they can’t, ingroup-outgroup membership signifies, friend-or-foe colors. People want shinigami eyes. But that’s just not how society works! It’s not how trust works, it’s not how people work. And if you take this vague, impossible wish, and try to build a technical system to accomplish it, you end up making a confused, overloaded system that just injects more bad information.

Domain verification is good

It’s a good system! It does exactly what it says it does. Compared to domain handles, a human-approved badge system would add more room for errors in judgement, not less.

My Pal Sorter

2023-07-10T00:00:00-05:00

I’ve decided to do a short write-up on a tool I just call “Sorter”. Sorter is something I built for myself to help me organize my own files, and it looks like this:

It’s designed to do exactly one thing: move files into subfolders, one file at a time. You look at a file, you decide where it goes, and you move it accordingly. It’s the same behavior you can do with Explorer, but at speed.

You can download it if you want (although it might not be easy to build; check the releases for binaries) but for now I just wanted to talk through some of the features, why I built it the way I did, and the specific features I needed that I couldn’t find in other software.

I made Sorter with pure python and tkinter interface components. Do not make a GUI program with pure pythona and tkinter interface components. It, and its relevant documentation, is ancient and abandoned. From what I’ve seen the modern GUI toolkit to use for a program like this is PyQT, although I haven’t worked with it yet.

Sorter has a “current working directory” you open when you start the program. It expects all “loose” files to be loose in the root of the working directory, or in a folder titled “Unsorted”. Additionally, if there’s an “Unsorted” folder and loose files, it will offer to move them to Unsorted for you.

It creates a list of those loose files and seeks through the list one file at a time. You can filter this list by fileglob; the current default is *.png, *.jpg, *.bmp, *.jpeg, *.tif, *.jfif, *.tga, *.pdn, *.psd, *.gif, *.gifv, *.webm, *.mp4, *.mov, *.webp for images and image-like files.

The “candidate folders” the current file can be moved into are on the list on the left. In the “Move to Folder ID” box, typing a string that matches one of the candidate folders moves the file to that folder.

Crucially, this matching is done aggressively. With only a few subfolders, you usually only need to type one letter to get an unambiguous match.

There are more sophisticated rules that kick in if the first few letters are frequently common. For example, “j e” matches “john ebgert” and not “john arbuckle”. You can even turn on extremely aggressive fuzzy matching that matches freely inside strings, so “u” matches even “qwertyuiop”.

The goal is to make the mechanical operation of moving the folder as fast as possible. For each file, you should be spending as close to 100% of your as possible making decisions about filing, not doing the mechanical act of filing. That’s what computers are for!

Trying to do this with explorer is miserable. The best way I found of doing it is drag-and-drop with two windows open, which means you’ll spend most of your time hunting for the folder in the list and dragging your mouse to the right place. That’s fine for general-purpose use, but it’s no good for bulk sorting.

There are plenty of blazing-fast, efficient tools for moving and manipulating files, but they’re mostly command-line utilities that can’t inspect images. Sorter makes that operation almost instant, and does the moving operation itself in the background, so you can focus on decision making, which is the one thing the computer can’t do.

There are other controls on the left, too. “Move to new folder” ignores the candidate folders and moves the file as-is to a new folder it creates. “Rename” changes the name of the file without moving it, and “Rename Prefix” adds the prefix you specify to the filename. (This is good for adding indexes or page numbers or anything you want to easily sort on!)

Sorter mainly focused around quickly inspecting images, but there are also some fallbacks for other formats, like grabbing the first frame of a video, or getting a list of a zip file’s contents, or just reading the windows metainfo of the file.

The Joy of RSS

2021-10-17T00:00:00-05:00

During the years when Homestuck updated regularly, I usually had some sort of update notifier that pinged me when a new page was posted. But since Homestuck usually updated daily, I ended up just keeping a tab open and refreshing it. And that’s pretty much how I kept up with other serial media on the internet, for years. A writing blog that posts regular updates? Keep a dedicated tab open and refresh it occasionally. Comic? Tab. To this day, I have a “serial” browser window that’s just tabs of sites I check regularly. (Or imagine I might want to check regularly, at least.)

please don’t tell anyone how I live

Of course, this is terrible. The biggest problem is browser tabs are expensive. If you have a tab open, that takes up a dedicated chunk of memory, even when you’re not reading anything. CPU too, probably, if the site has JavaScript running on it (which is to say, is either decades out of date, or this one). Not to mention the clutter.

Unfortunately, dedicated browser tabs fit specific use case of keeping up with serial media well. Social media feeds — all of them, Twitter, Facebook, Tumblr, Reddit, YouTube — are explicitly “media aggregators”, services that combine multiple media sources into one feed. This is no good for serial media. If you’re following multiple sources, they likely update on different schedules, and updates from the more active ones will bury updates from those slower. Even email updates have this problem. No, you need a dedicated space for each source (but not each update), which a dedicated browser tab will get you.

There is a good system for this, though: RSS.

RSS (Really Simple Syndication) is a fantastic technology that has fallen out of favour in the mainstream lately. It works like this: the media source puts up a small file somewhere that notes the dates, titles, and (optionally) content of posts. And that’s it. There’s no API, it’s just a file people can read if they want. It’s like traditional syndication, but instead of selling articles to multiple distributors (as with syndicated cartoons), you’re distributing articles to many consumers directly.

I’m generally speaking in terms of articles and posts and written content here, but RSS is designed for a wide variety of media. Most notably, RSS is the backbone of podcasting. Podcasts are just RSS feeds: lists of links to audio files annotated with episode titles and descriptions¹. Podcast apps (“podcatchers”, as people who try to describe things accurately sometimes call them) just collect and display that information.

RSS people will immediately jump to pining the loss of Google Reader. For years, Google Reader was the de facto RSS reader, but since it was a web application — and one run by Google, no less — it was killed in 2013 with no viable alternative. For a while, anyway; people have since written some pretty nice RSS apps, but there was a huge hole for a long time.

A browser-based RSS reader

Despite RSS being perfect, as I mentioned already, RSS isn’t popular anymore. Not popular among media sources, anyway. A lot of sites do still have RSS feeds hidden away somewhere, although some require an additional tool like RSS Bridge to act as a middleman. But, in general, there’s been a huge push over the past 20 years to move away from user-controlled content management and toward content vehicles like Twitter and Facebook, where Platforms² can sell ads, direct you towards the content they think you’ll be interested in, and generally “optimize engagement”. This can be good, of course in cases — recommendations for related accounts and YouTube channels are a great discovery mechanism — but it’s obviously not the right thing for all cases.

And so, without RSS or an equivalent solution in the mainstream, most people are left with just a handful of bad options.

Just a few months ago I broke down and got a dedicated desktop feed reader, Fluent Reader. You can configure categories of sources, set up notifications, and configure when and how FR checks sources for updates. It’s still an application running in the background, but it’s leagues better than keeping tabs open.

Hey, guess what you can subscribe to with RSS? This blog right here. That’s what this little guy is about:

Also, even cooler, if you make a comment on a post and want to know if someone replies, you can subscribe to the RSS feed for the comments.

RSS reader options

Ashley Lake@AshleyLatke
kids these days literally have no idea that RSS existed
I had all my posts everywhere in one feed, chronological order. Twitter, LiveJournal, newspapers, newsgroups, forum posts
They’re like “that would be an amazing invention”
The internet was ruined for short term profit
Sat Mar 11 23:58:47 +0000 2023

Some horrible modern dedicated “podcasting” apps and non-podcasting-but-used-for-podcasting apps like SoundCloud don’t actually have RSS feeds backing them anymore, but I refuse to acknowledge those as podcasts. That’s not a podcast, that’s a mistake. ↩
Also, non-platforms. There was a brief panic about people republishing the full content of articles that publishers included in their RSS feeds, from people who didn’t seem to understand that publishers didn’t actually have to do that to use RSS, and who didn’t understand that “making computers easier for everyone to use” meant the people who were already scraping websites for content could do so slightly more easily when sites were more accessible. Industrial-scale plagiarism for profit is, of course, illegal, regardless of the technology used, and involving RSS in the conversation because it was the specific content delivery mechanism used is silly. “Accessibility is bad because it helps everybody, not just people I like” is a very foolish argument that unfortunately still persists, and people who still make it deserve to be ridiculed and kicked out of polite society. ↩