Bluesky’s added user verification in a way that’s not entirely bad. Different entities can become verifiers. So if you run a company you can verify your own employees. Bluesky PBC also will run a verifier. I think this isn’t a terrible solution to preventing impersonation.
Discussion
Just creates a 2 tier system, and next thing you know people are catering to the blue checks, and developing different services for different “tiers”. We’ve all seen how that plays out.
"Freedom of speech, not freedom of reach."
"ATProto is an open protocol, but the official Bluesky app will prioritize people who have the blue check when building your recommendation feed. That is to ensure a higher quality of dialogue in our platforms. However, since ATProto is an open protocol you can run your own stack and make your own social media from scratch without any network effect and if people want they can use your thing."
nip-05 can be used to verify employees too, just add their pubkeys to a nostr.json on the business domain. cash.app seems to do this, surprised more dont.
I think it's a shame one can only have one NIP-05 identity.
The same person can, reasonably, be represented or represent more than one organization (for example, one could be employed in a company and be a member of a non-profit, the two being equally important for that person and fully independent from each other).
Unfortunately, the primary belief is that nip-05 is to be used as just a human-readable identifier. It's always been my belief that nip-05 was used verify you based on the fact it's either a domain you own, are the primary controller of, or directly represent in a offical capaicty a person of the other two catagories. It's why I don't have a nip-05 address myself. I don't have access to a domain that fits those catagories.
So, they invented NIP-05?
NIP-05 is not and is not supposed to be a verification system.
Please, see this: https://hedgedoc.semisol.dev/ciXY6QE-Tx6CQZowDwcK4A
Or this: nostr:naddr1qvzqqqr4gupzq5455pmtewaacws6a73hxkqkea6fjwcm3keq9vqu3q7930nl4k9aqyghwumn8ghj7mn0wd68ytnvv9hxgtcppemhxue69uhkummn9ekx7mp0qqfxu6tsxq6j66tn94hx7apdwejhy6txpdekay
no, the equivalent of nip-05 is the atproto handle-did pairing system. https://atproto.com/specs/handle
afaict, bsky verifications are rather a more limited equivalent of [NIP-58](https://github.com/nostr-protocol/nips/blob/master/58.md)
But Bluesky is setting themselves as the ultimate authority, even over the trusted verifiers.
For bluesky that’s a feature.
For nostr it’s a rugpull.
They'll say anyone can be a verifier, just that their official app has hardcoded that the Bluesky company is the ultimate authority, but nothing prevents you from making another app that talks to their global API and setting anyone you want as the ultimate authority.
Agreed
We could actually have a better version of this on Nostr (where the control is in the hands of the user, not platform owners): https://github.com/nostr-protocol/nips/discussions/1277
I like that. We could implement something like that with the concept of whitelist (verified list). You could also extend that to the level of a user (an organization of one): here are all my verified accounts (devices).