The approach they've taken ("trusted verifiers") is an approach aligned with their values, as it is an extension of the labelling concept that is already well established in the ecosystem. As an idealist, it is a shame that they gave up, I think they could have had an impact on shifting how non-technical people view domain names and understand digital identity... but as a pragmatist, this is the right choice. Bluesky has to pick their battles, and this isn't a hill to die on.
[1] https://handles.net [2] https://news.ycombinator.com/item?id=42749786
That just leaves me wondering why they bothered with a new separate system instead of just using the existing label system. A "verified by bsky.social" or "verified by nyt.com" or whatever label would do the job perfectly well, no?
> they can apply on a per-post granularity as well as a per-account granularity
I might want my verification to apply on a per-post granularity. For example: if I'm speaking on behalf of my employer, then my post should reflect that, whereas my usual shitposting and pet projects probably should not reflect that. Currently the only solution there is to have entirely separate accounts (which might not be unreasonable even with post-level verification, but still).
I'm also left wondering about the temporal aspects of verification. My employer might verify me as one of their employees now, but not necessarily a year from now. Per-post verification would reflect that I was authorized to speak on my employer's behalf at the time I made posts to that effect, without retroactively implying that for posts I made before I worked for that employer, and without that verification needing revoked for those posts after I stop working for that employer.
This is all admittedly a long ways off from what Bluesky probably intends with its new verification feature, but I guess what I'm getting at is that if labels can already do per-account and per-post granularity then having a second kind of label that's only per-account and doesn't offer anything that normal labels can't already do doesn't seem all that valuable.
> you can lose your blue check if you change your handle or display name, but labels stay the same no matter what.
That seems reasonable (but IMO questionably necessary) for handle changes, but rather unreasonable for display name changes.
Sure, what I'm trying to describe is the various differences so we can speculate why they may have made the decisions that they did. "more flexibility is always better" is a valid choice, but it may not be theirs.
> That seems reasonable (but IMO questionably necessary) for handle changes, but rather unreasonable for display name changes.
I call this the "jaboukie problem," and it's effectively necessary for this kind of feature. Jaboukie Young-White is a comedian who, every time Twitter verified him, would change his account to impersonate another, and then make an inflammatory post "as them." The blue check lent legitimacy to this. It was hilarious, don't get me wrong, but it does undermine trust in the feature.
Bewildering to me that seemingly any move in the right direction for social media is criticized with even more venom. How exhausting it must be to be stuck in such a frame of mind.
Showing users that these ideas work is a win, it doesn't matter what Bluesky does in the future.
Fine with this albeit very 'manual'...but not clear if any other choice. I do really like the domain username scheme and if anything this news just draws more attention to that because there's sooo many organizations/news outlets etc not taking advantage.
If these orgs don't have IT departments, then, well, pay me $20 and I'll do it for you.
Put another way, a Bluesky post saying "BREAKING: Trump dies from natural causes" from an employed NYT journo carries a different salience than the same post from a random Bluesky user.
I think it's pretty hilarious that the Times, of all people, count as 'trusted'. It makes me automatically distrust BlueSky verification, which doesn't sound like the intention.
In practical terms, no, they are status markers.
Why? Who do you trust?
News organizations have in recent years started selling so-called "contributor" positions. Anyone with enough money can be a journalist and influence public opinion. And NYT and similar outlets are not trustworthy sources either way, they sneak edit articles when they get caught spreading misinformation but regularly don't disclose what was actually changed. Basically rewriting their reporting as the narrative changes.
On a technical level, any account can "verify" any other account.
On a practical level, blue checks are shown only if that verification comes from someone BlueSky trusts. Right now, that's bsky.app and nytimes.com.
The only difference is that Bluesky won't show a blue check for just any verification, only ones from accounts they trust. That's a social relationship, not a technical one, and so I'm sure if the NYT decided to go rogue, Bluesky would have them not be an input into the blue check any more.
Which ones? I've heard of that with lower credibility organizations (Forbes, I think), but nothing like the NYT.
> they sneak edit articles when they get caught spreading misinformation but regularly don't disclose what was actually changed.
I think they correct things. I'm not sure they have ever been in the habit if notifying people of every correction, though it would be interestesting to have an edit history with diffs.
I’m a proponent of verification only for “important people”. Yes, the definition of important is funny, and people may feel slighted by it: but I’ve yet to find a system that helps me identify high quality sources so immediately on a social media platform.
The trouble with what platforms like Twitter did was by trying to stick to some definition of important, they took what should be a mundane "yep, this is the person it looks like" icon and made it into a status symbol that everyone wanted. Twitter had a hard time defining the boundaries: Shouldn't they verify their most influential users even if they're not real world celebrities or public figures? What happens if someone who is verified says something that they don't like? How do you prevent corruption when you give other organizations special privileges for verification?
For Twitter and Instagram verification, people were bribing employees and getting verification just because they joined an organization (like an eSports team or a news organization.) This was not a good status quo.
Bluesky is probably headed towards the same problem if they try to be the bearer of who's important. Obviously, you can't verify any Joe Schmoe, but honestly you can just set a reasonable threshold based on their status in the platform for as to whether or not they should be eligible to get verification. When you do stuff like say "You should be able to be verified because you work for NYT", that's just weird. Being a journalist doesn't magically make you important, or mean that your posts will be worthy of greater consideration, yet that's what you're setting people up for when you make verification into a big ordeal like this, and it's the reason why Twitter would unverify people for e.g. having an opinion too far outside the Overton window. And using in-platform metrics to determine eligibility seems reasonable anyways... If you have like 10 followers, your verification status is utterly meaningless anyways.
I think if they want to solve the problem for journalists they should've verified the organizations and then made this separate from verifying individuals. Then accounts under that domain could just have some sort of special badge. This especially makes sense because otherwise you could literally just have your personal account become verified by having a couple month stint at the NYT or something, which is non-sensical.
Is that a reference to something? Haven't heard that phrase before.
https://www.turkishminute.com/2025/04/17/bluesky-restrict-ac...
They landed on country-specific moderation, which is all publicly accessible and documented, allowing countries to label specific posts/contents and have them hidden in the country. Again, this is only on the Bluesky client; other clients can ignore the 'hide' label if they choose.
This is an article that details it pretty well and links to a few tools that allow you to view everything hidden by any country moderation team: https://fediversereport.com/bluesky-censorship-and-country-b...
And then "soft forks" like https://deer.social/
We need a way to reflect that human "social trust" is born distributed, and centralising trust subverts it. But here, while they introduce third party verifiers, rather than individuals deciding which verifiers to trust, bsky is going to bless some. So this is just centralised trust with delegation.
Keybase got acquired back in 2020 and it's popularity -- at least among cypherpunks, seems to have dropped off.
feels like identity + trust systems keep coming back around but never quite stick. maybe too hard to balance usability, decentralization, and adoption all at once.
Could use follows, retweets, etc instead of page links
And what ever happened to Keybase? That seemed like a good solution. Verify by public private key? It really seems like that could be extended. I mean we have things like attribute keys and signing keys. It seems like a solvable solution but just the platforms need to create a means for the private bodies to integrate their keys.
Hell, I wish we'd have verification keys for cops and gov employees. So me a badge? No, show me a badge with a key I can scan and verify your identity. It's much harder to forge a badge with a valid key than it is to forge a badge that just looks good enough
They got acquired by Zoom and promptly put Keybase into maintenance mode.
DNS for your average user is too complicated. Also what should the domain name be for a journalist at the NYT? What if they leave the NYT?
> DNS for your average user is too complicated.
In fact, I don't think I want most users verified. It then creates a reverse incentive where anonymous accounts are distrusted by default and too much trust is given to verification. An important part of a system with free speech and not governable (the point of distributed) is to be able to freely speak. Sometimes that means hiding your identity. Especially for those in countries or societies with particularly authoritarian rule. The best way to keep people quiet is to make them afraid of their neighbor.
> what should the domain name be for a journalist at the NYT?
> What if they leave the NYT?
Everyone has the bsky.social handle, so you revert. I'd even be happy if optional profiles could show former affiliations. But it doesn't seem like a big problem. I mean NYT shouldn't be verifying a journalist if that journalist is no longer at NYT. Their new employer should.
Part of the problem here is consistent identity over time. People do not like changing their handles unless they want to. I'm steveklabnik.com now, but if I started working at the NYT, and had to switch to steveklabnik.nyt.com, old links break to my posts, etc. And what happens if I want to be verified by more than one org at a time? Domains (at present) can't do that.
I do agree that multiple domain-based identities would be a nice feature though.
> old links break to my posts
> People do not like changing their handles unless they want to
> what happens if I want to be verified by more than one org at a time?
Second off, I agree that this is a desirable thing to have. It is why I was suggesting something similar to keybase (keyoxide?) or attribute keys. It definitely seems like Bluesky is intending to do something similar to the attribute keys but there's some details lacking and seems like an existing verified user needs to vet an entity prior to their ability to distribute keys. I'd also be quite happy if there was a publicly visible ledger so one could see former verifications (it's all visible via the firehose anyways, right?).
[0] And there's the classic problem on typing "@" and then the person's name and not actually finding them because the search system is fucked up and is looking for the address handle. I've seen this on both sites, more frequently twitter, and even when typing the address handle directly. Apparently this is a harder problem than I'd have thought (particularly replying to someone in the thread...)
I went to one of my posts and clicked "copy link to post." that gives me an URL like this:
https://bsky.app/profile/steveklabnik.com/post/3lndppxy7xc2a
If I change my account to `steveklabniklol.com`, then this URL wouldn't work, as that url turns into
https://bsky.app/profile/steveklabniklol.com/post/3lndppxy7x...
See here for more: https://github.com/bluesky-social/social-app/issues/1221
> People are paying attention to the Display Handle and not the address one
I agree, and that's why people don't like changing it.
> it doesn't seem like Bluesky's implementation will do this
It does.
I think that doing this raises a lot of product questions, so I'm not shocked they haven't done it. But I'd like it if they would.
An automated version of this system might say "we verify anybody who at least N people within 3-4 steps of your followers graph are also following."
In a big city, you go to the store that's labeled "Butcher" and figure that, because the building is quite permanent and there's a lot of butchery stuff in there and it seems clean and there are people going in and out, then it's probably a fine butcher shop. No real "social" trust involved.
An automated version of this is probably domain checking, follower count, checking that N other 'verified' accounts follow it, some basic "is this a known malicious actor" checks, waiting until the account has some age, etc. Still kind of distributed, but not really relying on your own social trust metrics.
What's fun is that Bluesky allows you to implement both of those mechanisms yourself.
Domain verification was genuinely all the verification needed. This checkmark system is just a copy-paste troublemaker from Twitter, and we all saw how well that turned out whenever a celebrity or billionaire's account got hacked to shill grifto schemes. Training users to only look for a symbol just desensitizes them to the complexities of identity and sanctioned speech.
This is what their users are looking for. They don't want complexity, they want to know who they're supposed to listen to.
After all, we already have an established and highly-monitored set of sibling "trust roots" — we call them Certificate Authorities.
And we already have an identity-validation system coupled onto X.509 FQDN-as-CN (i.e. TLS) certificates — certificate validation levels.
BlueSky could just:
1. require a domain username for verification;
2. require that the domain presents an Organization Validated (OV) cert for verification as a "public individual" (i.e. the kind with a "personal brand" — which usually implies "worth registering as an LLC");
3. require that the domain presents an Extended Validation (EV) cert for verification as a corporation.
...and the whole problem of identity validation becomes outsourced, and federated, and decentralized. (Federated because multiple sibling CAs; decentralized because every computer administrator gets to decide for themselves which CAs their machine should trust.)
---
A rebuttal might be that "EV certs can't be used for this, because EV certs are too expensive, take too long to get, and don't integrate well with automatic per-subdomain DV cert issuance via ACME."
But (IMHO) that's not a problem to be worked around; that's a problem to be fixed. Why leave a broken generalized web-of-trust infrastructure sitting there unused?
If an online casino can KYC/AML you in two minutes with a passport scan and a 3D camera photo, it shouldn't be impossible to do for OV+EV validation what we did for DV validation with ACME. (Ideally in such a way that you can do the interactive process once, receiving not a cert, but some kind of collateral; and then, later on, any ACME server should accept that collateral during an interactive domain ownership probe, to upgrade the DV cert it's issuing you into an OV/EV cert.)
---
The other neat thing about this approach is that, in a "fat" native BlueSky app (i.e. not just an Electron wrapper), the app wouldn't have to trust the BlueSky service to say who's verified. The app could TLS-validate each domain username itself, to compute the appropriate badge for that user — just as a web browser does when you visit a website. And it would presumably use your machine's OS TLS CA store for that validation, just as (some) browsers do.
2. I've been programming and hosting websites for a decade+ and I would have no idea where to start with any of the things that you propose they "just" require.
3. The OV requirement seems kind of hokey. There's no such thing as "worth registering as an LLC" — anything can be an LLC. You could have an LLC that just holds your dog's assets and call it Internal Revenue Service (LLC), assuming someone else hasn't already grabbed that name in your state, and that would be completely valid.
All of this would make it way too difficult to navigate verification for normal people, and I'm not convinced it would do anything to stop determinated bad actors.
That's because OV/EV certification are (currently) viewed/remembered mostly as "a bunch of bullshit that nobody sees the point in", and/or "a money-making scheme designed to allow big companies to throw money at the problem of looking 'more secure' than small companies, by showing up with a prettier lock icon/address bar state in web browsers" — ignoring the fundamental value provided by the design of the system, due to the pragmatics and politics of existing and previous (mostly previous) implementations of the design.
A site presenting an EV cert used to look like e.g. this in Firefox: https://upload.wikimedia.org/wikipedia/commons/6/63/Firefox_...
And this in IE/Edge: https://www.thesslstore.com/blog/wp-content/uploads/2010/06/...
Once browsers stopped visually differentiating sites signed by OV/EV certificates from sites signed by DV certificates with the big "green for go" coloration, corporations no longer had any motivation to get EV certificates, so everybody forgot they existed. This happened a decade+ ago.
(And then, in 2019, the last vestige of this distinction was removed, when EV certs stopped making browsers show the identified company name beside the lock icon: https://www.leaderssl.com/news/492-google-and-mozilla-will-s...).
Because of this, nobody today is really familiar with EV certs. But that doesn't mean they're hard or arcane; they're just obscure. And the process for getting one is clunky — but it used to be that the process for getting regular (DV) certs was clunky, too. The EV cert process just hasn't been updated with the times to match the ease of getting a DV cert, because nobody has cared to do so, because there's no demand.
But neither of those things mean that EV certs aren't fundamentally a good way to secure identity in a web of trust. Every code signing certificate is an EV cert, for example. And all cross-signed CA certs are EV certs. EV certs are still there, quietly underpinning much of X.509's security model, in TLS and elsewhere.
And as such, it's silly to recreate the EV validation ecosystem, but worse, for something (identity verification on BlueSky) that is pretty much exactly "the green address bar" use-case all over again — when we could instead just revive the dormant infrastructure that powered things the last time we cared about federated identity verification, and polish it up a bit for use in 2025.
> All of this would make it way too difficult to navigate verification for normal people
If they wanted, BlueSky could match what they're doing today by 1. setting up their own X.509 CA, and then 2. delegating the constrained ability to issue OV+EV certs to users from this CA, to named entities (like the NYT, as mentioned in the announcement.) Then you wouldn't have to do anything; everything could be handled on their end, with a BlueSky-CA-issued OV or EV cert just magically appearing bound to your BlueSky account.
(And they could — but wouldn't have to — get this CA into default trust stores of client devices. The BlueSky webapp backend would have the BlueSky CA explicitly in its trust store; as would any first-party native fat clients. Any third-party native fat clients would need to add the CA cert into the app and configure their HTTP client to use it. X.509 is not one global system; every X.509 root-of-trust creates its own tree-of-trust, which is only a web-of-trust insofar as multiple roots-of-trust can [but don't have to] cross-sign things.)
The point here is just that with X.509, big entities who BlueSky is unwilling to delegate identity-verification authority to, or who don't trust BlueSky — or, as BlueSky themselves say, the existing userbase at the point where BlueSky itself becomes adversarial to them — can step outside of this de-facto centralized trust model, by instead getting an different X.509 CA of choice to issue EV certs for any entities they want identity-verified; and then uploading (or in the case of a native app, installing) these certs to bind them to their BlueSky accounts.
In a bigcorp MDM domain, your EV cert allowing you to speak as @bigcorp_pr or whatever, would just get MDM-installed onto your device and you'd never even think about it. You'd just know that you actually can't log into that BlueSky account on any non-company device, despite knowing the password to the account, because no other device has the cert installed.
> and I'm not convinced it would do anything to stop determinated bad actors.
It does as much and as little as what BlueSky's announced approach — have human moderators check identity verifications using their common sense — does.
That's all EV validation is, in the end: collecting a bunch of information and then having a human look at it and say "yeah, this is really who should be getting certified to say they own this domain" or "no, this seems to be some kind of domain hijacking attempt." (Or even "this domain seems created to typosquat a popular brand, so I'm not granting the cert, even if the person really does own the domain." Denying typosquatters EV certificates is/was an explicit feature of most CAs' EV processes — although the term "typosquatting" hadn't been coined yet, so it was referred to as "trademark protection" or somesuch.)
The only difference, in leaning on X.509 infrastructure to do this, would be that you wouldn't have to rely on "BlueSky moderators" as your only group of people willing to put their reputations on the line to assert "yeah, this is who they say they are; they're really in charge of this business; and this business is a real thing—the one you'd think of when you see the name." You can go out and ask any company specialized in "having a reputation for making identity-validation assertions that everyone trusts" (i.e. an X.509 CA) to do it for you.
Can't be that hard to have this
They describe it as a "blue check" when in fact it is a white check on a blue circular background.
Just nit-picking I guess but sometimes I read a passage that describes something and I conjure an image in my mind of what I would see should I open my eyes with it all laid out in front of me. This does not fit the image that is described in the post and makes we want to question the author's observational skills.
Something like
bluesky user X is equivalent(has control)
to domain A(domain verification)
to youtube account B (youtube verification)
to mastodon account C (mastodon verification)
to D@nytimes.com (email verification)
The problem is that some domains would have no problem standing up this sort of verification. The Times only benefits from verifying it's employees. However I can see fellow social media sites balking as this equivalency weakens their walls that keep people in.
Not sure how big of a priority this is for the team that runs it, but I would probably use it 20x more if it was ran competently.
It's politics I can't avoid there, not pornography.
Granted, I'm probably part of the problem, since I do post (and repost) some political stuff every once in awhile, but still.
https://news.ycombinator.com/item?id=40298552#40298804
Delegation similar to bluesky's "NYT org issues certs to journalist" is also possible and done in a far more versatile manner.
If you have a domain and want the ability to issue certs to others, email me...this will just be for experimenting of course :)
All I’m saying is that if weak moderation has had a positive effect somewhere, it’s worth showcasing that. Otherwise the evidence is decisively in favor of strong moderation.
In terms of how to keep the moderation team from deteriorating, other platforms could learn a thing or two from HN: put someone competent in charge of the team, and give them lots of incentives to do well.
Because those conversations do end up happening elsewhere, this site is famous for leaving readers with a strongly false impression of what viewpoints are actually popular among whatever you would want to call this Silicon Valley hacker / VC scene space.
The highly insidious thing about censorship is not only you don't know what you're not seeing but you don't know you're not seeing it -- you don't know what's missing.
On a technical level, this sort of works like a Root CA: anyone can verify anyone by publishing a `app.bsky.graph.verification` record to their PDS. Bluesky then chooses to turn those from trusted accounts into the blue check, similar to browsers bundling root CAs into the browser.
* https://pdsls.dev/at://did:plc:z72i7hdynmk6r22z27h6tvur/app.... <- bluesky verifying me. it's coming from at://bsky.app, and therefore, blue check
* https://pdsls.dev/at://did:plc:3danwc67lo7obz2fmdg6jxcr/app.... <- me verifiying people I know. it's coming from at://steveklabnik.com, and therefore, no blue check.
I am not 100% sure how I feel about this feature overall, but it is something that a lot of users are clamoring for, and I'm glad it's at least "on-protcol" instead of tacked on the side somehow. We'll see how it goes.
You don't trust the NYT to verify its own reporters?
Also, why do you say that in any circumstance? Who do you trust?
Hilariously, it's kind of less centralized than I expected: there's no "Bluesky is the web of the root of trust" here, only "Bluesky chooses which records convert to UI" which leaves the whole system open for others.
I’m on Bsky as well but haven’t seen any such updates.
I think this makes sense, because 1. most people want this sort of feature for news and 2. the kinds of people they verified technically are likely to play around with it and see how sound it is, which is who I'd want to be kicking the tires.
I'm not sure when they'll verify more people, but this is only the beginning, for sure.
I hear you. I haven't investigated every account that got the badge, but it feels to me like they picked people who are both technical and engaged with the protocol, so not entirely arbitrary. That naturally will have some correlation with "I know someone at bsky". I know I've seen accounts that I think are cooler than I am who didn't get verified yet! I'm sure they'll be expanding soon, which will dilute this sort of association.
The concept of verification and Bluesky's original mission of decentralization are two very at-odds concepts, and I think they've bridged that pretty well and left a lot of options for themselves to expand it in the future. I'm just worried about the very visible parallels to the Twitter ecosystem emerging.
My opinions on this will change if I join the verified elite, in case any bsky employees are in the thread.
Not necessarily. Consider the PGP Web-of-Trust model. Centralization of trust is choice, nothing inherent in verification as such.
Trust is always going to be a game of cat and mouse, and this seems like just another move.
It seems to me that BlueSky is trying to rewind the clock and be the pre-Elon Twitter. They had a decent chance to become what Signal is to messaging, but looks like they are trying to be just another Social Media company.
We’re truly in the post-social media age.
haha
The web really was better with more pseudonyms. I don't care if you are you, I can read your text, judge it on it's merits (according to my yardstick) and I basically don't care if you or other people consume information that is true or false.
Am I missing something?
The ability to put fake blue checks on your website isn't the point.
Bluesky (and the web at large) is slowly becoming filled with spam and AI-generated content. Even if you're OK with more spam (not sure why you would be but you do you), why would you be OK with more content generated by non-humans (the vast majority of which attempts to pass as human)? This just makes it harder to find needles of authentic human content in a haystack of slop.
Various levels of verification make it easier to distinguish what's real from not real, for whatever definition of "real" you prefer. Without any such verification, the web just becomes a bigger wasteland.
Can a country I don't like verify it's president that I don't like neither?
Prime minister? Members of the Senate? All citizens? Their own bot farm?
Internet was intended to be anonymous.
If I am verified by 2 parties each of whom is verified by 10 parties each of whom is verified by 1 party then my verification score would be 20 (= 2 x 10 x 1).
Then people could trust me beinhg me 20 x more than somebody who is only verified by one party who is only verified by one party who is not verified by anybody?
It doesn't mean "this person is trustworthy" it means "this person is who they claim to be". But people desperately want it to be the former, or some sort of club.
But these are completely orthogonal concepts that demand different solutions.
Bluesky should do better here though, their definition of "verified" is buried in the blog post as "authentic and notable". This is okay I guess, sort of matches old Twitter. But a bit wishy-washy.
One idea could be to link verification badges to Wikipedia (or Wikidata) entities so you understand who is confirming what about the account. "This Mark Cuban Bluesky account is the same as the Mark Cuban in this Wikipedia article" and let the Wikipedia editors fight over noteworthiness etc.
greyface-•8h ago
How is this compatible with Bluesky's internal cultural vision of "The company is a future adversary"[1][2][3]? With Twitter, we've seen what happens with the bluecheck feature when there's a corporate power struggle.
[1]: https://news.ycombinator.com/item?id=35012757 [2]: https://bsky.app/profile/pfrazee.com/post/3jypidwokmu2m [3]: https://www.newyorker.com/magazine/2025/04/14/blueskys-quest...
hombre_fatal•7h ago
The problem with Twitter (before the whole blue check system was gutted into meaninglessness) was that not enough verification badges were handed out. It's not exactly a dangerous situation.
Bluesky's idea of verified orgs granting verification badges to its own org members would be an example of a much more robust and hands off system than what Twitter had.
The dangerous scenario is what happened to Twitter after the Elon takeover: verification becomes meaningless overnight while users still give the same gravity to verification badges which causes a huge impersonation problem. But that possibility is not a reason to have zero verification.
righthand•6h ago
d4mi3n•6h ago
The WoT model works but as GPG has shown it requires your end users (people? BlueSky client developers?) to manage who they trust as an authority on anything.
godelski•6h ago
What was the problem with the current DNS system? I definitely think there could be improvements like displaying domain instead of TLD but still.
And why not move into a system like multiparty keys? Keys assigned by domain holder, need to be signed, and verified accounts must login with a private key that validates. That way you don't just get that the account is validated but the post is too. Yeah, this would require more technical expertise to do but the organizations we're usually most concerned about would have no problem with that. Besides, tooling gets easier when there's meaningful pushes to make it available to general audiences
verdverm•5h ago
d4mi3n•5h ago
> What was the problem with the current DNS system? I definitely think there could be improvements like displaying domain instead of TLD but still.
As commenters earlier in this thread have noted, one property BlueSky claims it wants to develop/maintain is resistance against BlueSky itself becoming an adversarial party--say in the event it is bought out by an eccentric multi-billionaire who may take steps to discredit certain parties or reduce their reach or reputation.
I don't think the current DNS verification methodology helps or hurts in a BlueSky is hostile scenario. I think the only issues with the current DNS username verification system as I understand it are the same issues with any DNS based verification system in that vanilla DNS was not a protocol designed to be resistant to adversarial use and as a result there are many ways for people to tamper with DNS records, DNS queries, and confuse systems that incorrectly trust DNS records to be trustworthy or well-formed. DNS cache poisoning is a thing. Domain takeovers have and will continue to happen.
Now, if we're talking about what technologies are suitable for username verification in a word where BlueSky is adversarial, we have a very different conversation. I think the scope of such a scenario extends a lot further than usernames. If your primary interface into the AT Protocol feed is the BlueSky website or the official BlueSky application, you are trusting BlueSky to validate usernames. An adversarial BlueSky could easily decide if your interface marks someone as trusted or untrusted without your knowledge.
The only way I could think to avoid this would be to use a different interface to the global feed, but then you run into new problems that are more difficult to avoid: the fact that most BlueSky users don't host their own data (though this is doable with https://atproto.com/guides/self-hosting). BlueSky also manages the global feed, so barring a competitive global index, you'll still be consuming a feed curated by BlueSky's AT Protocol services and implementation.
I'd close this by saying I am _not_ an expert in the AT Protocol, BlueSky's systems, or this space in general. This is a very fast and loose risk assessment I made after reviewing the AT Protocol and a bit of research on how BlueSky says it provides it's services. My current assessment is that if the community wants to be robust against BlueSky becoming adversarial, there needs to be a lot more support for self-hosting of PSPs and similar data stores, alternative global indexes, and likely also independent governance of the AT Protocol itself.
godelski•4h ago
Were you given the ability to make a trustless or more decentralized system is there some route you would pursue? Maybe ignoring the AT protocol so I (and others?) can get a better sense of how such systems might be employed to ensure that an arbitrary organization can build defenses against themselves becoming adversaries (seems like a fairly useful mindset in general).
d4mi3n•2h ago
There are ways to do this, but being trustless in the context of a social network is a thorny problem I'm not sure I can provide an answer to. The whole purpose of such networks is to enable communication with people you may not necessarily know (or trust). Furthermore, you implicitly trust the medium in which you use to communicate (BlueSky, Twitter, SMS, Zoom, etc.).
There are ways to make things difficult for a service provider; you see many of them in high security contexts. For example, when storing data on AWS GovCloud or similar, you have the option have AWS use user or company provided encryption that they do not have control over. Should AWS be compromised in some way, they would still need to have your cryptographic keys in order to access unencrypted data (https://docs.aws.amazon.com/AmazonS3/latest/userguide/Server...).
Another approach is message signing. An example of that is PGP signing of emails or files. You can use these cryptographic signatures to verify a message (email) or binary blob (file) has not been tampered with.
Another common approach, which you have alluded to, is some kind of multi-party scheme. Many cryptographic blockchains are good examples of this: You need a majority of parties in such schemes to agree on something for it to be considered valid or true.
A combination of these things can be used to make it more difficult for a service provider to be compromised or act against their user's interests. Sadly, this does not make it _impossible_ for them to do so. A user or customer who doesn't want to tolerate the worst case scenarios here still needs to make their own back ups, decide what entities to trust, and ensure they have robust procedures for doing things like trusting new entities or managing cryptographic material.
I'll also note that there are in fact live examples of such systems if you look for them. See IPFS for one such example: https://ipfs.tech/
derefr•6h ago
> For example, the New York Times can now issue blue checks to its journalists directly in the app. Bluesky’s moderation team reviews each verification to ensure authenticity.
dymk•5h ago
steveklabnik•3h ago
verdverm•5h ago
steveklabnik•3h ago
EDIT: so does bksy.app, actually.
steveklabnik•5h ago
Now, how those are displayed is up to the display software. BlueSky themselves get to decide who gets a blue check based on verification records, but if you wrote your own software, you could do whatever you'd like. There's a bsky fork that already has an account option to let you hide blue checks in your own view.
FlyingSnake•4h ago
steveklabnik•4h ago
Mind you, just because anyone can create a verification record doesn't mean that the default client shows them.
> Why do we need these “Blue Checks”?
Normie users care about this sort of feature.
FlyingSnake•4h ago
That’s a really weak argument because normie users want TikTokified social media with a clout based caste system. I thought BlueSky had a different goal in mind.
steveklabnik•4h ago
anon7000•2h ago
erichocean•1h ago
If true, they are failing—badly.
TiredOfLife•6h ago
mattl•6h ago
comeonbro•5h ago
https://techcrunch.com/2017/11/15/twitter-removes-verified-c...
Not pictured: innumerable other accounts which were never granted a blue check in the first place, despite being the easily verifiable real accounts of journalists and public figures.
It was de facto a caste system of political favor and connections.
dijit•4h ago
No matter how prominent someone might be on this side of the Atlantic, it never mattered, meanwhile mid-managers and coders at no-name startups had blue checks because, I mean, they knew someone at Twitter- and who else is verifying people? I don’t really fault them for verifying people they personally knew.
But it meant that you had a situation where (and no offence meant to them) “nobodies” (as in, non-promenant figures) were “in the club” with heads of state, companies and heads of industry.
So there was a definite whiff of nepotism, because it was a de-facto status symbol.
albedoa•3h ago
When GP says "that’s not true though" I can't even tell which part he is talking about. This is fairly recent and well-documented stuff.
fortran77•5h ago
What twitter starting doing was removing blue checks from people who were causing problems for the platform (but not behaving bad enough to kick off). This made no sense because people still needed to know if a person was who he claimed to be (e.g., Milo Yiannopoulos) even if the person was controversial or problematic or just plain nasty.
Blue Checks weren't "gutted". Now they just mean something else -- you're a premium subscriber.
wyclif•5h ago
burningChrome•5h ago
https://www.youtube.com/watch?v=7_Egh9mW5y4
NelsonMinar•3h ago
ein0p•3h ago
tedunangst•5h ago
wmf•4h ago
yellowapple•3h ago
snotrockets•26m ago
If Bluesky becomes evil, you just configure your AppView not to trust their verifications.
Of course, that's the problem: right now we mostly have one AppView (bsky.app), which is the current SPOF in the mitigation plan against the "Bsky becomes the baddies" scenario.