I really like the green checkmark system in Mastodon, but when relying on them for trust it's important to keep in mind *what* you are trusting:
* The security of the remote site (hacked site could vouch for an attacker)
* The security of the Mastodon instance (same)
* The integrity of the Mastodon instance (a modified version could let the owner disable the remote check)
This is one reason why I like self-owned instances on the account owner's domain.
#security #trust #GreenCheckmark
@tivasyk For any proprietary software or network: you must anchor your trust in that organization and its employees and you are dependent upon their ability to secure their property.
@kyle For $8/mo I'll keep a list of accounts that are for realsies real.
@shawnp0wers If someone had enough trust from the community and there were sufficient demand I could actually see that kind of service where someone performs strong identity verification and vouches for accounts from their site.
@kyle @shawnp0wers Government institutions or employers maybe?
The German federal government runs it's own instance for example for German government institutes and also for some local German states:
https://social.bund.de/explore
And it is on their domain.
The same for the European Union:
@kyle yep!
p.s. why not do the same enumeration for t? and f? should be an interesting excercise methinks.