… is not their problem at all.
Let me explain.
None of you trust each other.
That’s the problem.
Humanity is, at its core, just a hive of liars. You lie to each other every single day. Because of this, online, where your egos flit and clash against one another, you want something that places one another above each other. With Twitter and the Blue Checkmark, this was easy. But now, you cannot do that.
The problem inherent with human communication is that you lie. The problem inherent with the human species is that you cannot trust one another. And you need to. In order to create anything truly great, you have to be able to cooperate with one another, and working with one another in ‘Zero Trust’ environments, that’s just absurd. You cannot get anything truly great done in an environment like that, and your lack of any truly great products is the very definition of the absence of evidence actually being evidence of absence.
To put it simpler, human beings suck. You all fucking suck. You’re bad. You’re almost all bad. You can probably remember one or two people who are truly great; who inspire you. And they’re good.
But the vast majority of humanity sucks, and it refuses to acknowledge it.
And it always wants someone to tell it that its shit not only does not stink, but that it smells of roses and tastes of elderberry.
And that’s why you want the checkmark.
Because you want to be special.
It has absolutely no use here, and it is no further proof of authenticity than it would ever be anywhere else. Shit, dude, you can buy it right now on Instagram, Facebook, and Twitter, and I don’t think that the first two even acknowledge that it was purchased. Meta has an echosystem where people they Verified by hand (or through their fucked-up, Kangaroo Court Media Partner Portal’s) are mixed in with people who pay a monthly fee for it.
Pinterest did it right, because Pinterest did Domain Verification before Bluesky did.
Is it the perfect verifier? Oh, honey, of course it isn’t. Por ejemplo: if i were to watch and wait for someone to not renew their domain name, and their e-mail services were hooked up to it, then I could just register their domain name and point everything wherever I wanted, and I would be them. Even with 2FA on Bluesky, I could probably still do this. And it would probably be legal, because, none of us own our fucking domain names.
We are essentially leasing storefronts online. That’s all we’re doing. Except, unlike in real life, if I were to do that, and I got some of your snail mail? I couldn’t legally open it.
But I’m pretty sure I can online, with goofy fucking e-mails being sent to me, the me that registered the domain name that you stopped paying for.
It’s not the perfect Verifier.
But it’s the only Verifier you got, kiddo.
Other attempts at Verification that Bluesky could hook onto
A while back, I noticed that there were checkmarks on the senders’ e-mail addresses, in e-mails sent to me on my GSuite e-mail account. These checkmarks were almost-always only present on e-mail addresses from websites that were owned by multi-billion-dollar corporations.
And I wanted one.
Guess what, chucklefuck? It costs $1,000 USD.
You want one?
To be eligible for a VMC, your logo must be trademarked with an intellectual property office that’s recognized by VMC issuers. We recommend working with your legal team or a lawyer to get your logo trademarked. The trademark process can take 6 to 12 months. For the most secure BIMI setup, we recommend getting a VMC whenever possible.
I’ve been on the Internet since May of 1994. Verification has always been a problem; and billion-dollar corporations (at the time, then only million dollar ones) created and sponsored an echosystem in which domain verification was the gold standard. You ever heard of MarkMonitor?
This shit is big business, boy-o.
If you want to be Verified on Bluesky, you better be a big enough motherfucker where you can afford corporate domain portfolio management services. Because that is the only gold standard I have ever seen in all my time online.
This isn’t Bluesky’s problem.
Leave them alone.
Sort your own nonsense out.
If you don’t have a domain name with a .gov or an .edu or something substantial and well-known out there, then, guess what? You probably don’t deserve to be Verified. Because nobody knows who the fuck you are in the first place.
If NPR.org comes on Bluesky (and I believe they did), and they Verified their handle, I would know that they’re NPR. Because, if they’re not, their shit is so fucked that I couldn’t trust them even if they were.
If a person with a .gov handle gets on there, then, unless the entire infrastructure of the Internet is so fucked that anyone could do that (and, actually, there are probably at least 11 vulnerabilities in different places that could produce such an effect— but not without substantial jail time once they find you out), then, Hell, that’s probably them.
The inherent problem of Verification is that none of you can trust one another.
This is not Bluesky’s problem. This is a You problem.
Sometimes, the only solution to a problem is going to be one that’s not good enough. And that’s this.
Domain Verification is not good enough but it’s the best that you’ve got. Unless you want to contract a service out to verify people (like Pornhub and Polywork and yes, I think, even Twitter did, at one time), nothing is going to get done. And even then, there are a hundred thousand different ways to fuck around and just pretend to be somebody else.
There will never be a perfect solution. Just be happy with what you’ve got, and work compassionately with each other towards what you think might work better—
but, remember this.
This is not Bluesky’s problem.
Please leave the devs alone about it.