Mastodon - User Discovery and Verification via Email, the Easy Way
Blog Article Published: 11/15/2022
This is going to be a short blog entry because it’s simple: Mastodon is fantastic, but discovering and verifying users is a pain (as with most social networks). The best solution most people have landed on is scraping their Twitter account followers/following for profiles with Mastodon IDs like @[email protected].
But what if there was an easier way? Some way that leveraged well-known, trustworthy identifiers, especially for corporations and other large organizations?
Email addresses come to mind as the obvious solution. When you have to contact someone what do you generally use? Email. For companies and other organizations, what’s the easiest way to prove you’re associated with them? An email address @domain-name.tld.
Well, I have good news for you. Mastodon servers and clients support the Webfinger protocol, which means you can simply set up a Webfinger server (CSA has released a Node.js one) and answer queries.
You can also redirect the Webfinger queries, as long as they are served over HTTPS. So you can, for example, redirect https://domain-name.tld/.well-known/webfinger to https://webfinger.domain-name.tld/ or https://some.cloud.host.function.tld/a/long/path/name, and the client will happily follow it and send the query string.
Also, I lied, you don’t even have to set up a server, you can just use a Cloudflare worker (CSA has released one):
You then simply add a map of email addresses to Mastodon IDs and that’s it. It just works. If you have any questions feel free to toot at us at @[email protected] or contact us through the usual channels.
Here are some Twitter account scrapers (note that they require read access to your account). They can both export a CSV that Mastodon can import:
Related Articles:
The Risk and Impact of Unauthorized Access to Enterprise Environments
Published: 05/17/2024
Securing Generative AI with Non-Human Identity Management and Governance
Published: 05/16/2024
Navigating Cloud Security Best Practices: A Strategic Guide
Published: 05/15/2024
The Importance of Securing Your Organization Against Insider and Offboarding Risks
Published: 05/14/2024