this post was submitted on 18 Apr 2025
51 points (100.0% liked)
Technology
38579 readers
248 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Isn't owning the domain proof enough already?
Nobody else could possibly use max-p.me as their handle, and proving control of the domain is plenty for security sensitive things like LetsEncrypt.
Anyone you'd care to mark verified already brought their own domain.
Copying a comment from Reddit:
This neither centralizes nor decentralizes. It's exactly just as centralized as before (which, as they are one company, is total).
Whether Bluesky issues a checkmark, or whether Bluesky tells someone else that they are trusted (by Bluesky), and thus can also issue them, Bluesky is the one who is in control of checkmarks.
Unless Bsky sets up some kind of decentralized council that they don't control to manage this list, it's just a form of deputization , and deputies are all subordinate to the 'sheriff'.
Grants of revocable authority are not decentralization.
I like the idea, but then who gets to decide who is and isn't a credible source? Is it only intra-account verifying? Can anyone verify anyone else, or do you need to be authorized by bluesky to start verifying others?
It's open to abuse and exploitation the same way domains are in general. An enterprising faker could register a domain that looks legit, but isn't.
And centralization solves this how? The other social networks are giving more checkmarks to grifters and scammers than they are giving them to honest people because, spoiler alert, con artists are very good at both building a following and paying bribes.
I think their plan is for it to be like how website cert verification works. You have a set of trusted authorities that issue certs (or in this case verifications) and that can revoke them if needed.
Sounds like centralization to me. Who decides whether to vest authority in this group? Who selects the members of this group?
Unless there is some method for each host/ user to nominate members and it changes dynamically based on total votes at any given time, you've just permanently entrenched centralized authority in your (supposedly moving to) 'decentralized' app.
I expect the trusted authorities would be selected by the server where the user account resides. I.e. if a server's admin does not recognize a certain authority, it would not show their verifications to users logged in to their server.
It's possible that it could extend to user selections of trusted verifiers as well, but I think implementing that level of granularity would be more of pain than it's worth to Bluesky. Still, I could be surprised.
That's not what the current PR lays out, and I'm not going to give them preemptive credit for future maybes. Right now they're just X v2.
Once they actually release the server software for self-hosting, i.e. once the app is actually at all even a little decentralized, and not just selling themselves on a feature that doesn't exist, we can see how much decentralization the trusted reviewers have.
Yeah that's a pretty good point. As a technical user that seems solid but for the average user that makes sense.
Automation can verify that realdomain.com has much higher traffic/status/web-presence/google-ranking than raeldomain.com