if I can get an email at [someurl].com and have it backed by gmail behind the scenes. What is the feasibility to having something like that work out to redirect vanity URLs to mastodon instances behind the scenes?

@WilliamShatner brought it up and I think it's a valid question:
https://twitter.com/WilliamShatner/status/849818460850749441

William Shatner nailed major concerns. I think are worth echoing & considering.

"Don't you think that creating a node where folks can sign up opens an issue of security with passwords and such?"

- I am also concerned about this. Important consideration when spreading.

"So if there was a whiz.bang server then Joe Smith could go and sign up as @williamshatner@whiz.bang?"
"That makes the entire service worthless to anyone with a brand. That's a bit of an oversight."

- Good :smiling_imp: ?

In all seriousness, I'd really like to start a discussion on how to mitigate bad actors.

Not complaining about the current system, but I think a cultural level appreciation for the risks and people working together to help protect each other from them seems like a positive thing.

The whole URL issue is probably best solved by continuing to work toward easier setups (docker etc?) for the time being.

But Sybil attacks and evilmaidesque federated nodes seem worth considering.

Birdsite's verification system was essentially a facet of them being a centralized authority, that obviously doesn't really work on a federated decentralized system.

I've researched Sybil attacks myself in the past, but never made any headway finding out how one might instill a cultural immunity.

https://www.researchgate.net/profile/Gregorio_Martinez_Perez/publication/222404137_Security_threats_scenarios_in_trust_and_reputation_models_for_distributed_systems/links/0deec5223698a668ae000000.pdf