I wrote up a blog post in an "intelligence brief" style for Meedan (where I work) talking about the current situation around verification of journalists and trusted institutions on federated social media.

(Please read the whole thing before replying to me here, thanks. I will try to respond to replies but might not have time because this week is shaping up to be my busiest in a long time.)

One thing I'll preemptively put here is that often people say "Isn't the solution for a newspaper to run, say, and the journalists have accounts on there?"

That works for some subset of verification but consider:

- freelance journalists who need an *affiliation* verified but are not employees
- what happens when your employer owns your entire social media presence (you'd want to separate identities similar to how you in theory don't use work email for personal stuff)

@darius this is why I chose a geographical server as opposed to an interest one. It’s nice to be in an online space that can conceivably go offline too

@mkramer lol I finally understand what the triangle part means! (I know others on the server but not where they live so never made the connection)

@mkramer @darius what do y’all think about a public media server? For folks who work in pubmedia (an admittedly fuzzy term)?

@mkramer @darius I also assume folks may want a separate work account, and I also think the domains are key - but also I believe pubmedia should manage its own infrastructure (some of it anyway)

@darius good write up! Verified links seem like a useful part of the solution but an official work instance seems stronger.

If the point of verification is to confirm that you’re an agent of your employer (eg a journo working for NYT) then it seems fine for that identity to be controlled by that employer?

If you’re a freelancer, then some kind of limited / temporary right to asset that affiliation would seem useful?

Both of these patterns have operated for long time in email.

@darius 100%. It creates verification AND gives other instances the choice to either support or deny that instance on their server.

@darius at core is the idea that we have multiple identities, which seems useful. But perhaps a useful ability would be to assert that 2 identities are the same person, verified bidirectionally, so either party could sever it if something went awry.

A UI that provided a pooled stream of all messages across several identities might also help, but is less of a protocol concern.

@sminnee I agree! that is what the rel=me that Mastodon currently uses does

@darius @sminnee haven't tried that myself, but I've seen someone say they connected two accounts on separate instances that way, and that got mutually verified. That seems logical since for some parts of the fediverse, outside of Mastodon, you need a different account. So would a chainlink of such verification be possible?

@darius re: employee ownership/association of handles and the trouble that causes, I still remember when @nycjim had to rename himself from @nytjim after leaving.

@darius great points! my response is "what about professional orgs, guilds, or unions, like the WGA?"

@juno would love to see those organizations verify members!

@darius Journalist unions. Servers run by journalist unions can be open to all members, no matter where they work. But you're probably in the US with those insane union laws?

@chickamora I love the idea of journalist unions running servers, or professional associations that verify accounts are members, etc

@darius I hope brands do it though! A turnkey tiny server for just your brand account living on your brands domain name. Would that make sense?

@darius sorry that I’m just assuming a brand will appear. They will 🤷‍♂️ and if so I hope they cordon themselves off to their own instances for multiple reasons.

@ja2ke Yes 100%! Best part is if hosts accounts for all their verticals, I can block em all in one go for my users

@darius So maybe media organizations either have individual journalists’ pages with HTML `rel="me"` links that the latter can link to, or a single “verified” page with the same. Staff or journalists can then link to that from their profile, and if either side wants to de-affiliate with the other they remove the attribute or the link entirely.

@mjgardner yup, that is definitely the idea and one of multiple parallel solutions I'd like to see put in place!

@darius would AP or Reuters creating an instance solve this issue?

@luvcraft no because most journalists are not affiliated with AP or Reuters

@darius ah, OK. I'd somehow gotten it into my head that one or the other of those was some sort of blanket organization that most journalists belonged to, like a SAG for journalists.

@darius because Mastodon threading, I saw the toot that I replied to long before I saw that it was part of a thread that started with "please read this article before replying" so, sorry about that. :(

@darius This is something I've been thinking about.

It seems that some way to have elevated access across servers would be useful?

For example, my home is Server X, but I have an affiliation with Server Y and can browse its local posts/have some sort of indicator of affiliation.

Please take this with the disclaimer that I've been at this for all of 48 hours and could well have a fundamental misunderstanding of key concepts. :)

@james Yup! Affiliation-based protocols that work across servers are the way to go. The rel=me that I mention in the article is one reasonable current solution, and there are a few others I'd also like to see adopted and will be speaking to their designers

@darius : I saw the follow-up preemptive note before I saw the original post.

This makes much more sense with the article for context. 😆

Reading now.


Yes, and a company sponsored #Fediverse server instance might also be akin to a vertical silo too, in the sense that many employers want to own the copyright of anything published with tools or infra belonging to them.

There's no need to do this at all though. Launch your own, say for example, #Soapbox or #Mitra server as a single instance or apply CC-BY -SA (or ND) licenses to your articles.


#tallship #FOSS



Almost forgot to mention Darius, #Keyoxide is perhaps the best method for verification in today's #DeSoc world of the #Fediverse and even the deprecated legacy monolithic silos like #Faceplant, #Twatter, #InstaSPAM, etc.


I hope that helps! Enjoy 🙂

#tallship #FOSS #identity #cryptographic_proofs


@tallship @darius Yes, but @keyoxide is so so so very hard to set up, and I *like* #GnuPG. (Here are my bona fides showing I was successful: )

#Keyoxide makes #Keybase (RIP) look positively wonderful even as the latter shambles toward inoperability. (And don’t get me started on the vestigial #Mastodon documentation about verifying with it.)

@mjgardner @darius @keyoxide

You know what Mark? I cannot argue that the onboarding experience isn't fraught with a steep learning curve - especially when you cite #Keybase, which is still dangling in the wind with Zoom as it's parent ever since Chris Coyne cashed out.

There's simply no comparison between the ease with which one could generate cryptographic proofs in Keybase verses three non-trivial manual effort involved with doing so in #Keyoxide.

Excellent point you made there 😉


@darius I think the “personal email” versus “work email” thing is kind of the crux of the matter, though. Right now all of the journalism instances look too much like “personal email addresses where my fursona is journalism” and it would be nice to see at least *some* “work email addresses” show up in the Fediverse, especially for journalists expecting to use the Fediverse *for* work.

Nobody expects the NYT to ask for a quote for tomorrow’s newspaper from

@darius @wilkie I am unclear if you intended to leave things open-ended or not. It seems like you’re implying a world where, say, my local paper has a staff profile page for each journalist, which that journalist can use to fulfill the link verification interface. This way the paper wouldn’t have to have a their own fedi instance on their own domain and a journalist might be able to keep their same account on whatever instance if they move jobs to a different paper. Does that seem right?

@benhamill @wilkie yes! Something like that as one of several solutions available

@benhamill @wilkie there are also proposals for robots.txt style solutions where a network admin could bulk verify any number of social media affiliations with their org

@darius @wilkie Indeed. Then we just have to hope those orgs have strong a offboarding process, but… yeah. 😜 I like this shape in general. I’m very not a fan of the new things popping up trying to be centralized verification services. Kinda defeats the purpose of fedi.

@darius @wilkie I guess there's also the thing where... it isn't clear when or how often my instance verified I have control of It just shows a green check mark. My mobile client (Toot!) says "verified 2 years ago". I don't know how to make it update that.

@benhamill @wilkie you can force it by removing your link from your profile and adding it back in. Frankly though I think there should be a way to just refresh it from inside your edit profile button

@darius @wilkie Or it should refresh it every 30 days on it’s own or something.

@benhamill @wilkie probably both, though some people use the non-refreshing part as a feature (they add the code to their site, add the link to their profile, then remove the code from their site. which is mostly because they don't know you can display: none or just put it in your <HEAD> if you don't want the link to render)

@darius Publishers should allow their contributors to add rel="me" links to their profiles, or at least to the metadata of their profiles.

In the spirit of PoC Or GTFO, a proof of concept:

@darius Good piece 👌🏽 These are exciting challenges. I think something more or less like Backchannel ( might work in theory although, of course, it doesn’t seem like it has been tested at scale yet.

@sdenaro did you read the post. I mention why presscheck is problematic

@darius I did read the article but I missed the mention of press check-which has a verification application. But I do think that a combo of verification via URLs and metadata combined with other 3rd parties could work for many cases. I can easily see press, governments and other orgs having trust services that are at last as trustworthy as the blue check.

@sdenaro I agree. My issue is with 3rd party checkers like presscheck that are just run by private individuals with ultimately no accountability

@darius I agree it isn't perfect-but what accountability exists for Twitter or Facebook or Instagram that doesn't exist for presscheck?

@sdenaro I agree it just comes down to: do I trust Twitter to do a good job or do I trust a random guy to do a good job. I just want the trust to move to higher-trust institutions


I think that journalists should really consider having a solo or small collective instance maybe from a union.

Papers should have their own instance. If you write for the paper you get an account on their instance, maybe an instance for freelancers ( that you can cross link (I write for the NYT sometimes!)

Because the NYT can actively manage their instance it creates a trust line. But you can mostly use your personal instance so you own your long term 🆔.

@andy I agree (which is why I want to see all solutions I gesture towards at the end of the blog post happen in parallel). Good related discussion also happening here:


It's a dang shame that keybase got bought by zoom.

I find myself resisting the urge to start a company to sell managed instances to the unions and the papers.

@darius @andy hi! I'm gonna read this thread when I have time this evening

Sign in to participate in the conversation
Friend Camp

Hometown is adapted from Mastodon, a decentralized social network with no ads, no corporate surveillance, and ethical design.