About the LevelUp series: At The Markup, we’re committed to doing everything we can to protect our readers from digital harm, write about the processes we develop, and share our work. We’re constantly working on improving digital security, respecting reader privacy, creating ethical and responsible user experiences, and making sure our site and tools are accessible.
In early November Elon Musk tweeted, “Please note that Twitter will do lots of dumb things in coming months.” His prediction, made two weeks after taking over the social media company, was prescient. Under his brief reign, product decisions have been a complete mess—not just controversial and at times plainly unpopular but also, taken together, chaotic and contradictory.
Musk’s most-high-profile change has been to how Twitter users are verified. Initially, in early November, he launched a subscription product in which anyone could pay $8 a month for the same blue check mark that had been reserved for authentic, notable, and active accounts. Musk halted the rollout after a spate of embarrassing impersonations—only to relaunch a month later with a confusing rainbow of badge types.
In comparison, there is an elegant simplicity to the verification approach used by Mastodon, the Twitter-like alternative social network that we’ve been trying out at The Markup. Rather than attempt to verify the person behind the keyboard, Mastodon offers a mechanism for external websites to claim an account as being affiliated using a green background and check mark icon. In other words, Mastodon makes no claims about who an account belongs to, just that a particular website has vouched for it.
It works like this: Mastodon accounts can add up to four affiliated URLs and, if the linked website includes a specially coded link back to the Mastodon profile, that link is marked with a green check mark. Any official website for a person or company can easily declare the trustworthiness of a Mastodon account (or multiple accounts). Of course, nothing stops a trickster from setting up an impostor website to vouch for an impostor Mastodon account, just as nothing stops an ill-intentioned Mastodon server from pretending to conduct a website verification. The checkmark on a Mastodon account is only as credible as the website it references and the Mastodon server that displays the account. As in the case of Twitter, that credibility could very well change over time depending on who is running the organization.
There have been attempts by third-party organizations to layer additional verifications on top of those provided by the Mastodon software. PressCheck.org, for example, verifies working journalists, and Fedified verifies that people on Mastodon were also verified under Twitter’s old, pre-Musk verification program. These may be good options for those without an existing website to use for verification. How much you trust any third-party account verification depends on the extent to which you trust the methodologies and organization behind it. And even if you trust those organizations one day, their standards could very well change in time, as they did on Twitter.
How We Enabled Mastodon Link Verification
To enable this link verification for our official Markup account and for our staff, we made two small adjustments to the code on themarkup.org:
- We now link to our Mastodon account in the header and footer of each page
- Team profile pages can now optionally link to a Mastodon profile
In each case we encoded the link on our website with a special HTML attribute (
rel="me") meant to declare “the linked Mastodon account is verified by this website.”
Our website, themarkup.org, is built on the WordPress content management system, and we use the Advanced Custom Fields plugin to easily add new fields, like a Mastodon profile link, to our installation of WordPress. We run WordPress as a “headless” editor, where content is fed via an application programming interface, or API, to a separate front-end system built on Flask, a framework for using the Python programming language to make web applications. On our website, this type of update requires at least three changes: adding a new field to WordPress, including new content in the API, then changing our HTML templates to display that content.
rel="me" code to a link’s HTML can represent a small but real technical hurdle for website editors.
Your website must have either:
- An editor interface that supports these Mastodon-compatible links, or
- A way for someone with access to the website source code to manually edit the HTML
Copying and pasting the HTML into an existing website editor may not work. For example, WordPress currently strips out the special “rel” attribute when you paste the link HTML into your website editor (a workaround is to use WordPress’s “Edit as HTML” feature). You could take the same approach that we did, creating a new field for the Mastodon link, but the specific implementation will vary depending on how your website is set up.
This approach to account verification seems to be based on a loose specification created by bloggers back in 2003 called Xhtml Friends Network. Just as with Mastodon, its intention is not to tell us “this account belongs to television host Stephen Fry” but rather “this Stephen Fry account was vouched for by stephenfry.com, the website.” (It also allows that some other Stephen Fry could be verified by another website.)
As the “bird site” (as Twitter is known on Mastodon, itself known as the “elephant site”) contemplates eliminating links to competing social media sites as a matter of policy, Mastodon invites you to add up to four links, each with a verification option. While Mastodon’s approach does require some HTML skills and does not solve the larger problem of social media impersonation, its decentralized model has allowed The Markup to verify itself and its staff on the fediverse.