Recent searches
Search options
So, the European Union has set up its own Mastodon instance, EU Voice, as an official channel/platform for all its many institutions - what a great initiative https://social.network.europa.eu/about
#TwitterMigration #europe #Diplomacy #Transparency
@Richard_Hull It's a lovely initiative - one I hope many more organisations will follow.
I've started keeping track of these 'official' instances here:
@jpoesen @Richard_Hull I'd love to see news agencies do this so their journalists are verified just by being on the server
@TomRaftery @jpoesen There is an instance for journalists, not sure how 'official' https://journa.host/explore
#TwitterMigration
@Richard_Hull @TomRaftery Hmmm... those journo instances are similar to all other community-oriented mastodon neighborhoods.
Nothing wrong with them, but for journalists I would love to see orgs run *their own* instances, if only to provide instant 'verification'.
What could be more trustworthy - identity wise - than seeing accounts like @JaneDoe@social.cnn.com?
@TomRaftery @jpoesen Yes, The #Guardian had a presence a few years ago which is dormant, but not their own server. But this does raise the question - could a bad actor set up a server pretending to be a trusted organisation? I don't know enough about how Mastodon monitors new servers/instances.
@Richard_Hull To continue the hypothetical example:
cnn.social
would be far less trustworthy than
social.cnn.com.
The well-known domain is key here, and bad actors would only be able to abuse it by hijacking the entire cnn.com domain, which is highly unlikely to ever happen. (Though not impossible)
That doesn't mean cnn.social could never become trusted, but it would take time and resources, and the result would still be... meh.
@jpoesen @Richard_Hull unfortunately, a lot of organisations seem to have a track record of using weird stand alone, special purpose domains, even for secure services. One of my banks, for example, has (or had) evolved services on multiple domains for its websites, e-banking etc - made it very easily spoofed - maybe at this stage, people are a bit more aware of the need to be easily and simply verifiable.
@dkellyj Wow, was not aware that banks, of all orgs, use special purpose domain names instead of building on their main domain name that's already trusted.
It's quite likely they do this because internal processes / IT infrastructure makes it near impossible to get certain things done. So they circumvent their own rules by launching on separate domain names.
I've seen this several times when working with large orgs...
@jpoesen in this case it seems to originate from an early ‘dot com’ era marketing project that spun up their e-banking services and ATMs as funky new sub-brand, which they promoted heavily for a while. Then they changed strategy, forgot about it, rolled everything back into the main brand, but kept the legacy domains and URLs 
…
@dkellyj Well they were right to keep the domains - nothing worse than having those get snatched up by baddies.
But ideally all of those domains' request should have been redirected to the main domain, if only to a special purpose landing page explaining why they ended up there.
The larger the org, the larger the mess.
@jpoesen they also went through a period of literally breaking their own published guidance on outbound calls - asking you to prove who you were with personal details 
while calling from a withheld number. An fashioned org that was more comfortable with cheques and quills.
They’ve tightened up a lot in recent times tho
@dkellyj That must've been such a Wild West era :)
Reminds me of when I did ADSL broadband support 20-odd years ago, and we could see the users' dial-up and email passwords on our screen, and used that for identification.
(that call center company was shitty but I learned a lot about the telco industry)
@jpoesen I recently had a major telco here (a big international brand) ask me to send the following by *twitter DM*: Phone number, date of birth and full home address, including Eircode, which is the Irish equivalent of a ZIP code, but is a unique 7-char code that geolocates your house. Claiming they needed it *for* GDPR reasons lol 
I politely declined!!