Hacker News new | past | comments | ask | show | jobs | submit login

"@potus.whitehouse.gov”

This assumes that

- people know that domains are read from right to left, so that they know that president.whitehouse.gov.usofa.com is not a domain in the whitehouse.gov range (this example is bloated, but domain.com vs. $DOMAIN.com.$DOMAIN-social.net is a common pattern for fraud attempts I get)

- people outside the US know it's .gov, not .com (rarely true?)

But, better than nothing I guess.




Nostr does similar, but it winds up like an email address if you want to have multiple people at a domain

You just add a json file

    https://whitehouse.gov/.well-known/nostr.json

    {
        "_": "some-pub-key-goes-here",
        "potus":"potus-pub-key-goes-here",
        "vp": "vp-pub-key-goes-here"
    }
this would give you

    potus@whitehouse.gov 
    vp@whitehouse.gov
    @whitehouse.gov (points to whatever was assigned to "_")
https://github.com/nostr-protocol/nips/blob/master/05.md


Compared to a flat namespace, it's really helpful, even if some people don't know the rules. How many people have names like RealPerson or PersonOfficial on Twitter?

Although I agree, it's not perfect. Is there a better approach they should do instead?


The lookup of whitehouse.gov (is that the same was house gov, where dotcom was a porn site?) should hopefully be a company name. So perhaps we could use organisations from the DNS system? Or flip the DNS name, write out which geographical or organizational topology applies to every aspect of it on mouseover/touch, to make it readable left-to-right in the case of english etc. And we could combine this, as proposed before, adding the information looked up from DNS for non-private accounts to every domain that is used in browsers or social media.

The again, people bought a probably mafia owned companies stock because it looked like the software Zoom was the same as the name of that stock, which was an error.

So there is no alternative except for trusting in the word of someone, that identity is what you think it is. But no, i do not think that GNUnet or how ever the HTTPS alternative for trust is called would be a better alternative to prevent fraudulent accounts.

Another random idea: Social media could be kind of a reversed "obligatory imprint", i.e, having a natural person's or company's name as your acccount should mean that they should have a postbox for inquiries. Normally, pseudonymous content is required in germany to have an imprint refering to a legal entity. Reverse, because you claimed to be a legal entity, so be liable for that here. Enforcement could be done via ".well-known" addresses on hosts that serve the actual imprint sites? Or with more effort, by sending codes to physical postboxes, that need to be matched for every company or organisation.

Tl;DR: Further research into UX and thread models is in order, IMHO.


Yeah there definitely would be attacks where they use long fake domains if the site decides to hide the domain once it gets past a certain point

e.g president.whitehouse.gov.us[hover to reveal the rest]

But if it's always fully displayed then it's not really an issue. People could make fake accounts anyway under the current system. If you can't tell @elonmusklet93902398098 isn't really elon musk then I don't know what you expect to fix that.

The important point of this feature is that you know tim.wang.com is really an employee of wang.com and not just a rando. You know he really comes from that address so you could follow all the wang subdomains and know only real wangers will be followed.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: