#domainnameverification — Public Fediverse posts

Getting verified by Bluesky: a surprisingly easy process, no ID upload needed

My Bluesky account now has one thing in common with my pre-2023 Twitter account: a white checkmark inside a blue circle. But unlike the social-media status symbol that I’d spent a couple of weeks in 2014 lightly working the refs at Twitter to get, this one required no ongoing effort on my part and probably wasn’t necessary anyway.

That last part is because I had taken advantage of Bluesky’s domain name-based verification two years ago, after figuring out some wonkiness with WordPress.com domain registrations. That was an easy choice, since converting my Bluesky handle to @robpegoraro.com tied my identity there to a site at which I’ve been writing since the spring of 2011.

But I recognized how a domain-rooted verification regime could break in practice. What if an attacker registered a first name-last name domain to try to con a widely-followed journalist? What if somebody registered a domain name through Bluesky’s option to do that and then had that domain name only point to their own Bluesky profile?

So when Bluesky introduced a decentralized verification system in April, including the option of having a “trusted verifier” organization vouch for your account, I had to try it out. And by “had,” I mean I set it aside for the next month and change until my journalist pal Dwight Silverman, the Houston Chronicle’s longstanding tech columnist, got verified about three weeks ago.

That spurred me to fill out the Google Docs form for Bluesky verification. The form noted that Bluesky management reserved the right to require ID-based verification “at a later date” via an unspecified form of document and outlined such requirements as having an account representing “a real person, registered business, organization, or legitimate entity” and being ranked as “notable within your field and geographic region.”

After I selected “Journalist/News Organization” from an opening list of “Verification Categories,” the form requested my role at my publication, the address of that news organization’s site, and links to three recent stories under my byline. (I leaned on my PCMag affiliation for this part.) An essay-question screen invited up to 500 words of self-promotional copy, which I provided with an elevator-pitch version of my LinkedIn profile.

Twenty-two days later, a “Welcome to Bluesky Verification!” e-mail landed in my inbox. That Monday-evening message brought the heartwarming news that “you are notable and that we’ve confirmed you are who you claim to be, helping other users find and trust your account on the Bluesky app.”

It further advised that I should “avoid changing account names or handles,” not let my account go dormant for too long (no risk!), and refrain from violating Bluesky’s community guidelines.

I can live with all that. I also appreciate that this is the first verification badge which I’ve picked up on social media after playing strictly by a platform’s rules: My Twitter verification started with an IRL chat with a Twitter employee at a journalism conference in 2014, while somebody at Facebook verified my now-deprecated public page without me asking.

I got no such favor at Instagram, and seeing that platform ignore my reports of an obvious impostor has left me exceedingly uninterested in paying for “Meta Verification.” Which means my checkmark at Bluesky may be my only official social-media validation for some time to come, and I’m okay with that.

#authentication #bluecheck #Bluesky #BlueskyVerification #bsky #checkmark #domainNameVerification #FacebookVerification #socialMedia #TwitterVerification #validation #verification #verified

Getting verified by Bluesky: a surprisingly easy process, no ID upload needed

My Bluesky account now has one thing in common with my pre-2023 Twitter account: a white checkmark inside a blue circle. But unlike the social-media status symbol that I’d spent a couple of weeks in 2014 lightly working the refs at Twitter to get, this one required no ongoing effort on my part and probably wasn’t necessary anyway.

That last part is because I had taken advantage of Bluesky’s domain name-based verification two years ago, after figuring out some wonkiness with WordPress.com domain registrations. That was an easy choice, since converting my Bluesky handle to @robpegoraro.com tied my identity there to a site at which I’ve been writing since the spring of 2011.

But I recognized how a domain-rooted verification regime could break in practice. What if an attacker registered a first name-last name domain to try to con a widely-followed journalist? What if somebody registered a domain name through Bluesky’s option to do that and then had that domain name only point to their own Bluesky profile?

So when Bluesky introduced a decentralized verification system in April, including the option of having a “trusted verifier” organization vouch for your account, I had to try it out. And by “had,” I mean I set it aside for the next month and change until my journalist pal Dwight Silverman, the Houston Chronicle’s longstanding tech columnist, got verified about three weeks ago.

That spurred me to fill out the Google Docs form for Bluesky verification. The form noted that Bluesky management reserved the right to require ID-based verification “at a later date” via an unspecified form of document and outlined such requirements as having an account representing “a real person, registered business, organization, or legitimate entity” and being ranked as “notable within your field and geographic region.”

After I selected “Journalist/News Organization” from an opening list of “Verification Categories,” the form requested my role at my publication, the address of that news organization’s site, and links to three recent stories under my byline. (I leaned on my PCMag affiliation for this part.) An essay-question screen invited up to 500 words of self-promotional copy, which I provided with an elevator-pitch version of my LinkedIn profile.

Twenty-two days later, a “Welcome to Bluesky Verification!” e-mail landed in my inbox. That Monday-evening message brought the heartwarming news that “you are notable and that we’ve confirmed you are who you claim to be, helping other users find and trust your account on the Bluesky app.”

It further advised that I should “avoid changing account names or handles,” not let my account go dormant for too long (no risk!), and refrain from violating Bluesky’s community guidelines.

I can live with all that. I also appreciate that this is the first verification badge which I’ve picked up on social media after playing strictly by a platform’s rules: My Twitter verification started with an IRL chat with a Twitter employee at a journalism conference in 2014, while somebody at Facebook verified my now-deprecated public page without me asking.

I got no such favor at Instagram, and seeing that platform ignore my reports of an obvious impostor has left me exceedingly uninterested in paying for “Meta Verification.” Which means my checkmark at Bluesky may be my only official social-media validation for some time to come, and I’m okay with that.

#authentication #bluecheck #Bluesky #BlueskyVerification #bsky #checkmark #domainNameVerification #FacebookVerification #socialMedia #TwitterVerification #validation #verification #verified

Getting verified by Bluesky: a surprisingly easy process, no ID upload needed

My Bluesky account now has one thing in common with my pre-2023 Twitter account: a white checkmark inside a blue circle. But unlike the social-media status symbol that I’d spent a couple of weeks in 2014 lightly working the refs at Twitter to get, this one required no ongoing effort on my part and probably wasn’t necessary anyway.

That last part is because I had taken advantage of Bluesky’s domain name-based verification two years ago, after figuring out some wonkiness with WordPress.com domain registrations. That was an easy choice, since converting my Bluesky handle to @robpegoraro.com tied my identity there to a site at which I’ve been writing since the spring of 2011.

But I recognized how a domain-rooted verification regime could break in practice. What if an attacker registered a first name-last name domain to try to con a widely-followed journalist? What if somebody registered a domain name through Bluesky’s option to do that and then had that domain name only point to their own Bluesky profile?

So when Bluesky introduced a decentralized verification system in April, including the option of having a “trusted verifier” organization vouch for your account, I had to try it out. And by “had,” I mean I set it aside for the next month and change until my journalist pal Dwight Silverman, the Houston Chronicle’s longstanding tech columnist, got verified about three weeks ago.

That spurred me to fill out the Google Docs form for Bluesky verification. The form noted that Bluesky management reserved the right to require ID-based verification “at a later date” via an unspecified form of document and outlined such requirements as having an account representing “a real person, registered business, organization, or legitimate entity” and being ranked as “notable within your field and geographic region.”

After I selected “Journalist/News Organization” from an opening list of “Verification Categories,” the form requested my role at my publication, the address of that news organization’s site, and links to three recent stories under my byline. (I leaned on my PCMag affiliation for this part.) An essay-question screen invited up to 500 words of self-promotional copy, which I provided with an elevator-pitch version of my LinkedIn profile.

Twenty-two days later, a “Welcome to Bluesky Verification!” e-mail landed in my inbox. That Monday-evening message brought the heartwarming news that “you are notable and that we’ve confirmed you are who you claim to be, helping other users find and trust your account on the Bluesky app.”

It further advised that I should “avoid changing account names or handles,” not let my account go dormant for too long (no risk!), and refrain from violating Bluesky’s community guidelines.

I can live with all that. I also appreciate that this is the first verification badge which I’ve picked up on social media after playing strictly by a platform’s rules: My Twitter verification started with an IRL chat with a Twitter employee at a journalism conference in 2014, while somebody at Facebook verified my now-deprecated public page without me asking.

I got no such favor at Instagram, and seeing that platform ignore my reports of an obvious impostor has left me exceedingly uninterested in paying for “Meta Verification.” Which means my checkmark at Bluesky may be my only official social-media validation for some time to come, and I’m okay with that.

#authentication #bluecheck #Bluesky #BlueskyVerification #bsky #checkmark #domainNameVerification #FacebookVerification #socialMedia #TwitterVerification #validation #verification #verified

Getting verified by Bluesky: a surprisingly easy process, no ID upload needed

My Bluesky account now has one thing in common with my pre-2023 Twitter account: a white checkmark inside a blue circle. But unlike the social-media status symbol that I’d spent a couple of weeks in 2014 lightly working the refs at Twitter to get, this one required no ongoing effort on my part and probably wasn’t necessary anyway.

That last part is because I had taken advantage of Bluesky’s domain name-based verification two years ago, after figuring out some wonkiness with WordPress.com domain registrations. That was an easy choice, since converting my Bluesky handle to @robpegoraro.com tied my identity there to a site at which I’ve been writing since the spring of 2011.

But I recognized how a domain-rooted verification regime could break in practice. What if an attacker registered a first name-last name domain to try to con a widely-followed journalist? What if somebody registered a domain name through Bluesky’s option to do that and then had that domain name only point to their own Bluesky profile?

So when Bluesky introduced a decentralized verification system in April, including the option of having a “trusted verifier” organization vouch for your account, I had to try it out. And by “had,” I mean I set it aside for the next month and change until my journalist pal Dwight Silverman, the Houston Chronicle’s longstanding tech columnist, got verified about three weeks ago.

That spurred me to fill out the Google Docs form for Bluesky verification. The form noted that Bluesky management reserved the right to require ID-based verification “at a later date” via an unspecified form of document and outlined such requirements as having an account representing “a real person, registered business, organization, or legitimate entity” and being ranked as “notable within your field and geographic region.”

After I selected “Journalist/News Organization” from an opening list of “Verification Categories,” the form requested my role at my publication, the address of that news organization’s site, and links to three recent stories under my byline. (I leaned on my PCMag affiliation for this part.) An essay-question screen invited up to 500 words of self-promotional copy, which I provided with an elevator-pitch version of my LinkedIn profile.

Twenty-two days later, a “Welcome to Bluesky Verification!” e-mail landed in my inbox. That Monday-evening message brought the heartwarming news that “you are notable and that we’ve confirmed you are who you claim to be, helping other users find and trust your account on the Bluesky app.”

It further advised that I should “avoid changing account names or handles,” not let my account go dormant for too long (no risk!), and refrain from violating Bluesky’s community guidelines.

I can live with all that. I also appreciate that this is the first verification badge which I’ve picked up on social media after playing strictly by a platform’s rules: My Twitter verification started with an IRL chat with a Twitter employee at a journalism conference in 2014, while somebody at Facebook verified my now-deprecated public page without me asking.

I got no such favor at Instagram, and seeing that platform ignore my reports of an obvious impostor has left me exceedingly uninterested in paying for “Meta Verification.” Which means my checkmark at Bluesky may be my only official social-media validation for some time to come, and I’m okay with that.

#authentication #bluecheck #Bluesky #BlueskyVerification #bsky #checkmark #domainNameVerification #FacebookVerification #socialMedia #TwitterVerification #validation #verification #verified

Weekly output: Internet founders in D.C., Tim Berners-Lee at Web Summit, Bluesky account-verification advice

This holiday-shortened week still had a lot of work–just not all the kind that yielded bylines, in some cases not the kind that will yield bylines this year.

11/25/2024: Internet Founders: Open Architectures Are Best, But Big Tech Makes It Difficult, PCMag

As I wrote last week, it’s a treat seeing Internet pioneers speak about how their collective invention has been working out and what we ought to be doing with it.

11/27/2024: The man who gave us the web is building a better digital wallet, Fast Company

My Fast Company editor Harry McCracken asked if I wanted to join him to quiz the inventor of the Web at Web Summit, and I quickly said I’d clear my schedule for that. Like two years ago, Harry asked most of the questions and then wrote up our conversation.

11/29/2024: Real or Imposter? How to Verify That a Bluesky Account Is Legit, PCMag

My inspiration for this how-to came from seeing some bozo try to impersonate Rep. Don Beyer (D.-Va.) on Bluesky, then wondering why my congressman had not domain-verified his account with a house.gov handle, then personally shaming Bay Area Rapid Transit into tweeting its Bluesky handle from its verified X account (BART has since domain-verified its account). My editors then updated the post Sunday with details from posts Friday afternoon by Bluesky’s safety account about how the platform is dealing with this impersonation problem–including a recognition that “users want more ways to verify their identity beyond domain verification.”

#accountImpersonation #Bluesky #domainNameVerification #ProjectLiberty #socialMediaFraud #socialMediaVerification #SteveCrocker #TBL #TimBernersLee #VintCerf #webOfTrust #WebSummit

Weekly output: Internet founders in D.C., Tim Berners-Lee at Web Summit, Bluesky account-verification advice

This holiday-shortened week still had a lot of work–just not all the kind that yielded bylines, in some cases not the kind that will yield bylines this year.

11/25/2024: Internet Founders: Open Architectures Are Best, But Big Tech Makes It Difficult, PCMag

As I wrote last week, it’s a treat seeing Internet pioneers speak about how their collective invention has been working out and what we ought to be doing with it.

11/27/2024: The man who gave us the web is building a better digital wallet, Fast Company

My Fast Company editor Harry McCracken asked if I wanted to join him to quiz the inventor of the Web at Web Summit, and I quickly said I’d clear my schedule for that. Like two years ago, Harry asked most of the questions and then wrote up our conversation.

11/29/2024: Real or Imposter? How to Verify That a Bluesky Account Is Legit, PCMag

My inspiration for this how-to came from seeing some bozo try to impersonate Rep. Don Beyer (D.-Va.) on Bluesky, then wondering why my congressman had not domain-verified his account with a house.gov handle, then personally shaming Bay Area Rapid Transit into tweeting its Bluesky handle from its verified X account (BART has since domain-verified its account). My editors then updated the post Sunday with details from posts Friday afternoon by Bluesky’s safety account about how the platform is dealing with this impersonation problem–including a recognition that “users want more ways to verify their identity beyond domain verification.”

#accountImpersonation #Bluesky #domainNameVerification #ProjectLiberty #socialMediaFraud #socialMediaVerification #SteveCrocker #TBL #TimBernersLee #VintCerf #webOfTrust #WebSummit

Weekly output: Internet founders in D.C., Tim Berners-Lee at Web Summit, Bluesky account-verification advice

This holiday-shortened week still had a lot of work–just not all the kind that yielded bylines, in some cases not the kind that will yield bylines this year.

11/25/2024: Internet Founders: Open Architectures Are Best, But Big Tech Makes It Difficult, PCMag

As I wrote last week, it’s a treat seeing Internet pioneers speak about how their collective invention has been working out and what we ought to be doing with it.

11/27/2024: The man who gave us the web is building a better digital wallet, Fast Company

My Fast Company editor Harry McCracken asked if I wanted to join him to quiz the inventor of the Web at Web Summit, and I quickly said I’d clear my schedule for that. Like two years ago, Harry asked most of the questions and then wrote up our conversation.

11/29/2024: Real or Imposter? How to Verify That a Bluesky Account Is Legit, PCMag

My inspiration for this how-to came from seeing some bozo try to impersonate Rep. Don Beyer (D.-Va.) on Bluesky, then wondering why my congressman had not domain-verified his account with a house.gov handle, then personally shaming Bay Area Rapid Transit into tweeting its Bluesky handle from its verified X account (BART has since domain-verified its account). My editors then updated the post Sunday with details from posts Friday afternoon by Bluesky’s safety account about how the platform is dealing with this impersonation problem–including a recognition that “users want more ways to verify their identity beyond domain verification.”

#accountImpersonation #Bluesky #domainNameVerification #ProjectLiberty #socialMediaFraud #socialMediaVerification #SteveCrocker #TBL #TimBernersLee #VintCerf #webOfTrust #WebSummit

Weekly output: Internet founders in D.C., Tim Berners-Lee at Web Summit, Bluesky account-verification advice

This holiday-shortened week still had a lot of work–just not all the kind that yielded bylines, in some cases not the kind that will yield bylines this year.

11/25/2024: Internet Founders: Open Architectures Are Best, But Big Tech Makes It Difficult, PCMag

As I wrote last week, it’s a treat seeing Internet pioneers speak about how their collective invention has been working out and what we ought to be doing with it.

11/27/2024: The man who gave us the web is building a better digital wallet, Fast Company

My Fast Company editor Harry McCracken asked if I wanted to join him to quiz the inventor of the Web at Web Summit, and I quickly said I’d clear my schedule for that. Like two years ago, Harry asked most of the questions and then wrote up our conversation.

11/29/2024: Real or Imposter? How to Verify That a Bluesky Account Is Legit, PCMag

My inspiration for this how-to came from seeing some bozo try to impersonate Rep. Don Beyer (D.-Va.) on Bluesky, then wondering why my congressman had not domain-verified his account with a house.gov handle, then personally shaming Bay Area Rapid Transit into tweeting its Bluesky handle from its verified X account (BART has since domain-verified its account). My editors then updated the post Sunday with details from posts Friday afternoon by Bluesky’s safety account about how the platform is dealing with this impersonation problem–including a recognition that “users want more ways to verify their identity beyond domain verification.”

#accountImpersonation #Bluesky #domainNameVerification #ProjectLiberty #socialMediaFraud #socialMediaVerification #SteveCrocker #TBL #TimBernersLee #VintCerf #webOfTrust #WebSummit