Anyone who is surprised that BlueSky is going down the same path as Twitter (X, not withstanding) belongs on BlueSky.
I think a few more people “get it” every time the cycle repeats, but also, a sucker is born every minute.
deleted by creator
He’s already sold Twitter/X to xAI; he’s got his arse covered when the bottom eventually falls out.
deleted by creator
Good thing AI can’t fail.
Oh, no doubt - but he’s no longer personally on the hook for Twitter’s $44b debt-loan!
So when it eventually fails, it’ll be a corporate write-off and Elon’s wealth across Tesla and SpaceX are protected.
Wait is that what happened? Investors in his AI company are on the hook for Twitter now?
The rich really are a vampiric class.
Yes, that’s what happened: https://www.forbes.com/sites/antoniopequenoiv/2025/03/28/elon-musk-says-xai-has-purchased-x-formerly-known-as-twitter-for-33-billion/
For what it’s worth, xAI is still a private company - so at least it’s not retail investors on the hook, just venture capital.
Yeah for the masses they will likely always flock to commercialized easy to use social media that reaches critical mass the fastest, so them being willing to move and keep moving is best we can hope for. For rest of us stuff like fediverse will be there to use.
deleted by creator
Would it be so bad if it follows the same path as Twitter? If it connects people and organizations in an honest and helpful way for fifteen years?
Or we could all just keep shitting on it while it facilitates social and political movements and enables rapid communication across the planet. Then more than a decade from now when some Ultra-Nazi trillionaire buys it, we can all say “I told you so,” and be real smug about it.
I do not see anything to be angry or disappointed about?
Verification badge was good, the dumb thing Twitter did was throw it away by letting anyone pay for it.
Nah it was not good. Domain names already do that and are accessible to all at all times with full transparency and decentralization. Bluesky is literally regressing.
Even mastodon’s verification system is better than checkmarks.
domain names do that for people with well known domain names, and verification processes do that for people without
Yup. Need something like EV certs to really verify… And that would only make sense if it’s a “no (non-real) screennames” kind of thing.
i think the .id.au domain licensing rules are a pretty reasonable middle-ground:
https://www.auda.org.au/au-domain-names/the-different-au-domain-names/id-au-domain-names/
The id.au domain name you choose must match or be an acronym or abbreviation of your first name or family name, or your nickname
you have to provide ID to register any .au, so you’re verified as a person, and though they don’t pre-check your nickname, AFAIK if there’s a complaint you do have to prove that you’re “known by” that name
Far from perfect, but I think it’s good to have a layer that very visibly shows ‘yes, this is the account you want’.
Domains are a worthwhile addition, but they run into almost the same problem as usernames and handles. Can be made misleading easily - sure, I could often go to the web address and verify it (if they don’t put up a convincing fake site), but that’s much lower visibilty.
Eg, you can probably register nintendo@nintendoamerico.com or similar and get it by some folks just as easily as registering the Twitter handle. There’s a payment step to get the domain, but that’s about it.
The centralization problem you mention is a good point though. It was a fine system, if you felt like you could trust Twitter as a verifier. Today obviously, one could not. But Bsky seems to at least theoretically have a ‘choose your verification provider’ idea in mind, which would (again theoretically) resolve a lot of that issue.
“Everyone should be able to setup their own domain and mess with DNS records to get a verified account”
Do you realize how utterly disconnected from reality this sounds?? Technical people that have absolutely not clue on how make good UX for end users is how we got Mastodon in the first place, and why its adoption is abysmal.
You can pay someone to do that for you tho it’s not any different form paying someone to verify you ina centralized way. Its really not that hard.
Even with more complex setups like mastodon servers you already see markets for this. You can get a basic managed instance for yourself for like 15$/mo - that’s basically nothing for anyone who needs to verify themselves as a brand.
This is not a “pay for verification” model. Have you even read the article or anything related to it? It is literally not centralized, it’s web of trust.
This is just a web of trust model, aka a decentralized model of verification. This thread is mostly people that haven’t read the details that want to confirm that “Bluesky has been enshittified”.
Decentralized isn’t the right word to use for a system like this.
Even though BS is going to appoint multiple different volunteer moderators (aka “Trusted Verifiers”) for this system, ultimate authority and control are entirely centralized with BS.
idk man I haven’t seen anyone complaining about it on Bluesky
This is a net positive, nice to have a social media where verification checks are…actually used for verifying the person behind an account
But isn’t the domain already doing that?
The problem with domains is that regular people would need to know what a domain is and what verified ownership says about the account in question.
Even then, reading domains is quite difficult, even for people who know about the topic: Humans are Bad at URLs and Fonts Don’t Matter
That link was a super interesting read!
Excellent post as usual from Troy, but use Bitwarden, not 1Password
Personally I use KeePassXC + Syncthing, but Bitwarden/Vaultwarden is also a great.
What’s somewhat amusing, for lack of a better word, is that even that advice doesn’t fully resolve the issue, as Troy himself recently was the victim of a phising attack, where one part of the issue was that even legitimate sites changes their sign-in domains frequently enough that you kind of become numb to when the auto-fill stops working and just “correct” the issue without the necessary due diligence.
If they are, and there isn’t anything to display it, how are we to know what’s been vetted and what’s slipped through the cracks? Especially on a new account?
It’s the username so already quite visible.
For example someone at say, NPR, could use a name like @bob.npr.org which is only possible by verifying ownership of the npr.org domain name, so there is no need to vet anything.
That’s great for an organization like NPR which may have the resources to tie its own domain name into Bluesky. For some freelance reporter or otherwise verifiable person, I’m not sure it’s quite so practical.
Domains are dirt cheap.
And tying it to the Bluesky system? Not sure the cost of that (I swear I saw it was a potential monetization they were looking into) but also the time to figure it out isn’t practical for everyone.
I just bought a domain for $2
free (or at least it was when I did it)
I saw some small talk about it, and it really just boiled down to domain verification is great for more tech savvy folks, but trying to get larger accounts (think politicians, celebrities, etc) is a lot harder. Having a visual check, using tools within the app or site, is a lot easier.
And personally I like the idea of verification checks as long as it remains a simple means to do just that: verify the owner of the account. Morons like Musk and his ilk always thought it was a clout thing, and for a small minority that was probably the case, but by and large before he ruined it, it was great.
I feel like domain usernames are still inherently susceptible to phishing, you can get a typo or similar character to try and trick someone that your username is an official one
Domains only help you verify organizations and individuals you recognize directly.
This verification system also allows 3rd parties (it’s NOT just bluesky themselves!) to issue attestations that s given account belongs to who they say they are, which would help people like independent journalists, etc.
Most of the complaints I’ve seen were about Bluesky’s lack of a formal verification system.
They could never figure out how the current system of checking the username.
Based on how verification was revoked for some users on Twitter based on their content rather than question of their identity, I’m cautious about this system turning into the status symbol it became on Twitter rather than the verification it claimed to be.
So long as the checkmark isn’t bought through some subscription service, I’m fine with this.
The whole reason why verification exists is because other will steal the name of someone famous and masquerade as them, with real world consequences. A verification system now means that certain platforms and people will get more attracted to be there, and thus Bluesky will grow.
Unfortunately, the forecast isn’t good for the integrity of what should be a simple system. Under Dorsey, the Twitter blue checkmark had already become a tool for showing content approval by Twitter. In various instances users had their status removed based on their content and not on a question of if they were who they claimed to be.
It’s not.
Not yet 😏
My default is to just assume that they aren’t the same person unless corroborated by that person.
The fuck did anyone expect?
This was always bait to keep people using corporate social media instead of decentralizing. I am not sorry for the users one bit.
I don’t see anything controversial in the article. Did I miss something? Just looks like a way to make sure the public figures and companies you are communicating with are who they say they are.
I think the existing domain-based verification system is a better way of doing that. Something like Mastodon’s verified links might be a nice addition. This more centralized system is… not what I hoped for.
I didn’t sound like a centralized system from the article. More like they want a third party like Verisign or something.
Something will have to be done as these platforms become more popular to cut down on fraud and disinformation. You don’t want people impersonating other people or organizations, or companies. Even if Bluesky starts federating to other platforms, just knowing that they have a blue sky blue check would be an improvement if you could display that check on other clients like mastodon posts.
ICANN has already made a mess of domain names so I don’t know if relying on the domain is enough. People are using non-Roman characters to trick people into thinking a website domain is the real thing. Others are buying up all these random domains so you get things like medicare.net and medicare.org and medicare.com etc etc.
I dunno what the answer is. Just rambling out loud in frustration.
I didn’t sound like a centralized system from the article. More like they want a third party like Verisign or something.
It’s going to be both. Bluesky will verify users, but they’re also going to have other authorized verification entities.
From what I’ve seen, there will be two distinct types of blue check- users verified by Bluesky will have one mark, and users verified by a trusted authority will have a different mark.
Now who will those third-party verifiers be, and how will they be selected, hasn’t been announced yet.
What are you talking about? This is a web of trust model, literally a decentralized model. Not everyone on social media needs to have technical skills to verify via DNS records, verified links etc. If you want a community that gatekeeps for for computer engineers only, you already have Mastodon.
It appears to depend on Bluesky designating entities to do the verification.
Verification wise there is already domain. But ultimately, it is too soon for the twitter exodus to get the blue check. All in all, this type of outrage is doomed to repeat with that type of central entity.
deleted by creator
It already has domain verification which is better IMO. Its more reliable and safer as you have to own the domain to use it.
Bluesky is the new X. After canceling the accounts of Turkish protesters this is the next step for the big money behind Bluesky. That’s why I deleted my account a few days ago.
Same. Deleted my account when they started to censor the Turkish protestors. Not that I used the account really but still.
Exactly, Bluesky has been shitty for a while for lots of reasons. I’m not understanding why this is the line in the sand.
What’s the story with the Turkish protesters?
The way the article describes Turkey and the press is the same thing that’s been happening in the US with the legacy (state funded) media. Hopefully, that’s changing now though.
Bluesky has basically bowed to the Turkish regime: https://www.turkishminute.com/2025/04/17/bluesky-restrict-access-72-account-turk-amid-government-pressure/
Tbh I’ve seen more people asking for this than the people complaining.
There’s been a lot of impersonated accounts popping up lately, so it doesn’t surprise me they’ve opted to do something like this.
Oh yeah, they are literally everywhere. And a lot of them are impersonating people that haven’t switched from Twitter yet to take advantage of it specifically.
Bluesky already has domain based verification which solves that perfectly, I guess people just don’t want to use it.
How come they don’t use the already built in domain verification? It’s basically fool proof to certify that an account is owned by a specific entity.
It’s what Twitter had and most people on blueksy just want Twitter before Elon. It sucks but that is really what the majority of people even want. They don’t care about the decentralized stuff.
I think having both is nice
Then come over to Mastodon…
I can’t believe the guy who originally administered the creation of Twitter would do all the exact same things that originally made him billions of dollars selling the company to Elon Musk.
There’s no way he’s just speed-running what he did last time in hopes of another $44B buyout.
.
Something like this unavoidable.
Example, ted cruz the car mechanic in marfa Texas has just has much right to use blusky as
professional shit bagsenator ted cruz. But hiw do tell the real one from the racid sack of weasels.People use usernames like they always have, and rely on reputation to distinguish themselves from the fakes? Senator ted ceuz makes an account called ‘senatortedcruz’ or if thats taken ‘therealsenatortedcruz’, and the mechanic makes one called ‘tedcruzcars’ or whatever. I dont see how your example is even relevant, because under a checkmark verification system both the mechanic ted cruz, and the senator ted cruz would be valid and deserving of a check mark, so there has to be some other way of distinguishing them anyway.
Its whay the original lawsuit that created checkmarks was about.
What is? How does a checkmark help distinguish between two people that have the same name? The checkmark just shows that the person is who they say they are.
Well the original point was to verify famous people and groups.
It’s easy: cryptographic signatures. If you want to prove your identify, post a public key on something that you need to prove identity for (personal website or something) and sign your posts with the same key. That way everyone can tell the that the same key listed on the website is used for SM posts. Clients can check this automatically and flag anything on your “official” account that’s signed with a different key.
This is much better than a checkmark system, because accounts get hacked and whatnot. It’s really easy to check a cryptographic signature, and it’s really hard to fake. If the website gets hacked, the signature won’t match previous posts.
The main concern here is losing the key. If someone steals your key, generate a new one, and sign it with the old key and the new one. Boom, now everyone can tell you control both keys, while the attacker only controls the old one.
That’s only easy for nerds, and it doesn’t help if the private key is on a device that gets compromised.
Regular people wouldn’t need identity verification, and the keys can be something the user never sees, just like with Signal. The UX can be pretty good here.
But how would a user see that this poat was made with the right crypto key. Maybe some check mark on the Post or some sign.
Ideally, they wouldn’t see anything if everything is good. If there’s an anomaly, flag it with a warning.
But yeah, you could put a checkmark on it, but then it actually means something more than “this person spent money.” Ideally, the checkmark would only show if it’s a publicly verifiable key outside the platform.
Yeah that’s a better system then. We need something that shows the user then post or user is verified. How it works doesn’t matrer to them. Amd the key system would be betterment
No one disliked the check mark before “Genghis Kunt” started selling it
It was selectively given to institutions and “major” celebrities before that.
Selling them dilutes any meaning of “verified” because any joe can just pay for extra engagement. It’s a perverse incentive, as the people most interest in grabbing attention buy it and get amplified.
It really has little to do with Musk.
Decentralized, yeah sure!
