Recent searches
Search options
So, the European Union has set up its own Mastodon instance, EU Voice, as an official channel/platform for all its many institutions - what a great initiative https://social.network.europa.eu/about
#TwitterMigration #europe #Diplomacy #Transparency
@Richard_Hull It's a lovely initiative - one I hope many more organisations will follow.
I've started keeping track of these 'official' instances here:
@jpoesen @Richard_Hull I'd love to see news agencies do this so their journalists are verified just by being on the server
@TomRaftery @jpoesen There is an instance for journalists, not sure how 'official' https://journa.host/explore
#TwitterMigration
@Richard_Hull @jpoesen Sure, but I’m thinking more along the lines of bbc.news/nyt.news or similar
@Richard_Hull @jpoesen @TomRaftery
How about reuters.etc? That’s a catchy name.
@mysturji @Richard_Hull @jpoesen you don’t think Reuters.news would be better?
@jpoesen @TomRaftery @Richard_Hull
Etc. is more inclusive? Every (reputable) news outlet references them.
They could restrict their membership to reputable sources? 
@Richard_Hull @jpoesen @TomRaftery
BTW, I don’t consider BBC News a reputable source anymore.
@mysturji @Richard_Hull @jpoesen sure, doesn’t have to be bbc though. Works for any news organisations
@TomRaftery I don't think so. Anyone could have registered reuters.news, whereas I know and already trust reuters.com...
@jpoesen but if some bad actor registered Reuters.News wouldn’t ICANN step in?
@TomRaftery ICANN wouldn't.
Domain registration has always been on a first come first serve basis, except for the introduction of new top level domains (.eu, .xyz, .social, ...) which *may* offer a sunrise period where trademark holders can claim their domain before the public can, if they provide the right credentials.
For .news domains there does seem to be some kind of brand protection / cyber squatting protection in place: https://identity.digital/products-services/dpml/
No idea what it's worth though...
@TomRaftery Generally though, you're allowed to register domain names with the same name as trademarked brands as long as you do so in good faith.
If my local stamp collectors club called 'Reuters' wants to publish a newsletter at reuters.news, it can do so.
If I launch my own global news / current affairs site under the domain reuters.news, they probably have grounds to sue.
(Not a lawyer. Don't confuse my opinion with factual correctness.)
@jpoesen LOL, fair enough. In any case, as has been mentioned in the thread, it is possible to do it on the main .com domain, so all good!
@Richard_Hull @TomRaftery Hmmm... those journo instances are similar to all other community-oriented mastodon neighborhoods.
Nothing wrong with them, but for journalists I would love to see orgs run *their own* instances, if only to provide instant 'verification'.
What could be more trustworthy - identity wise - than seeing accounts like @JaneDoe@social.cnn.com?
@TomRaftery @jpoesen Yes, The #Guardian had a presence a few years ago which is dormant, but not their own server. But this does raise the question - could a bad actor set up a server pretending to be a trusted organisation? I don't know enough about how Mastodon monitors new servers/instances.
@Richard_Hull @jpoesen I’d assume ICANN would stop anyone who falsely registered a legitimate domain name
@TomRaftery @jpoesen Ahh, of course
@Richard_Hull To continue the hypothetical example:
cnn.social
would be far less trustworthy than
social.cnn.com.
The well-known domain is key here, and bad actors would only be able to abuse it by hijacking the entire cnn.com domain, which is highly unlikely to ever happen. (Though not impossible)
That doesn't mean cnn.social could never become trusted, but it would take time and resources, and the result would still be... meh.
@jpoesen Ahh, thank you
@Richard_Hull That said, it's not impossible that we'll start seeing phishing-style 'official' instances:
- @billgates@social.microsft.com
- @macron@elyseegov.fr
- ...
Though should that start to happen, I'm sure a security warning mechanism will get developed, similar to the current fedi blocklists or https://haveibeenpwned.com
@jpoesen @Richard_Hull unfortunately, a lot of organisations seem to have a track record of using weird stand alone, special purpose domains, even for secure services. One of my banks, for example, has (or had) evolved services on multiple domains for its websites, e-banking etc - made it very easily spoofed - maybe at this stage, people are a bit more aware of the need to be easily and simply verifiable.
@dkellyj Wow, was not aware that banks, of all orgs, use special purpose domain names instead of building on their main domain name that's already trusted.
It's quite likely they do this because internal processes / IT infrastructure makes it near impossible to get certain things done. So they circumvent their own rules by launching on separate domain names.
I've seen this several times when working with large orgs...
@jpoesen in this case it seems to originate from an early ‘dot com’ era marketing project that spun up their e-banking services and ATMs as funky new sub-brand, which they promoted heavily for a while. Then they changed strategy, forgot about it, rolled everything back into the main brand, but kept the legacy domains and URLs 
…
@dkellyj Well they were right to keep the domains - nothing worse than having those get snatched up by baddies.
But ideally all of those domains' request should have been redirected to the main domain, if only to a special purpose landing page explaining why they ended up there.
The larger the org, the larger the mess.
@jpoesen they also went through a period of literally breaking their own published guidance on outbound calls - asking you to prove who you were with personal details 
while calling from a withheld number. An fashioned org that was more comfortable with cheques and quills.
They’ve tightened up a lot in recent times tho
@dkellyj That must've been such a Wild West era :)
Reminds me of when I did ADSL broadband support 20-odd years ago, and we could see the users' dial-up and email passwords on our screen, and used that for identification.
(that call center company was shitty but I learned a lot about the telco industry)
@jpoesen I recently had a major telco here (a big international brand) ask me to send the following by *twitter DM*: Phone number, date of birth and full home address, including Eircode, which is the Irish equivalent of a ZIP code, but is a unique 7-char code that geolocates your house. Claiming they needed it *for* GDPR reasons lol 
I politely declined!!
#NAFO @jpoesen @Richard_Hull @TomRaftery
Mastodon can also do domain aliases do you could even have @username@cnn.com
@jmaris Ooh, that's cool. Did not know that.
@jpoesen you can also alias your existing username to your own website, so for example, if you are hosted on social.coop, but have a domain like jpoesen.me, you could alias it so people can find you by searching "me@jpoesen.me".
https://blog.maartenballiauw.be/post/2022/11/05/mastodon-own-donain-without-hosting-server.html
@jmaris Excellent. Looks just the right type of project to hack on during the xmas break, next to the fireplace, sipping hot cocoa.
And it looks like the ActivityPub #Drupal module has received some renewed love too, so I'll be looking forward to see how my site can interact with the fediverse in multiple ways.
Neat!
@Richard_Hull @TomRaftery @jpoesen - journa[.]host has done some controversial things. There is also https://newsie.social
None are in any way official.
@AmerLiberal @Richard_Hull @jpoesen That’s why I thought it better if the news organisations themselves set up their own instances
@TomRaftery @Richard_Hull @jpoesen - I agree. Those news organizations with the resources to set up Fediverse servers certainly should. and there are also lots of independent journalists and small groups.
@Richard_Hull @TomRaftery @jpoesen Oof, journa.host - it looked fine in theory but in practice it was largely unmoderated. Mix that with transphobic right wing journalists, and...
the result wasn't pretty. Many instances in here blocked journa host for repeated offenses, hosting a data scrapper, failure to kick transphobes in time, and so on.
I would trust a journalist instance if it put human rights above all.
@yuki2501 @TomRaftery @jpoesen Gosh, I didn't realise all that, thank you, good to know #journalism
@jpoesen @TomRaftery @Richard_Hull Tradicional media have historically done a terrible job moderating forums on their websites, making twitter look like a dream site. They must do far better here; otherwise, they will face legal issues.
@Tribo @jpoesen @Richard_Hull I don't see that they need to create a forum. Just setup a server instance for their employees, similar to their in-house email servers. Only give accounts to their employees so that by publishing from their "work" #Mastodon account, they're automatically verified as an employee of the news organisation
@TomRaftery @jpoesen @Richard_Hull They will have to moderate the instance, which will depend on the model they follow. Many journalists aren't that social.
@Tribo @jpoesen @Richard_Hull True, the ones who aren't social though wouldn't have to post. Just use it to consume, the same way many folks use Twitter today
@Tribo @TomRaftery @Richard_Hull Next step: outsourcing moderation to a new type of digital agency.
They already do community building and community management. Why not add custom moderation to those services, based on the org's chosen set of policies?
#FreeStartupIdea right there.
@jpoesen @Tribo @TomRaftery Wowzer, brilliant idea
@jpoesen @Tribo @TomRaftery @Richard_Hull exactly what this company has been doing for two decades: https://thesocialelement.agency/our-story
@Tribo @jpoesen @TomRaftery It is truly wonderful to see how this initiative seems to have had such a thought-provoking effect, excellent
@TomRaftery @jpoesen @Richard_Hull Yes. I'd like to see The Guardian here, tbh.
@TomRaftery @jpoesen @Richard_Hull Really feel like this is worth mentioning in regards to domain and subdomain naming:
There's a way to set up a Mastodon server to have its user accounts federate as user@organization.com while having the server itself exist at something like social.organization.com. You set LOCAL_DOMAIN to social.organization.com and WEB_DOMAIN to organization.com when setting up the server. Just like an org's mail server may exist at mail.organization.com but the email address is user@organization.com
This way, you could even have your professional social handle be exactly the same as your professional email address, but with an @ in front of it. And it makes domain verification even cleaner-looking.
@enron @TomRaftery @jpoesen cool, thanks
@enron Wish I knew that sooner…
@jpoesen @Richard_Hull @TomRaftery Some work for multiple organizations. But along those lines there could be something like the rel=me standard on the web where the journalist says I work at X and then the X site has a token completing the handshake.
@markalves @jpoesen @Richard_Hull Excellent idea 
@Richard_Hull @jpoesen @TomRaftery @TexasObserver set up their own instance for their journalists as did @restofworld and a few others so far. @tchambers has an extensive and reliable list of journalists as well.