New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Redesign forms, verify link ownership with rel="me" #8703

Merged
merged 11 commits into from Sep 18, 2018

Conversation

Projects
None yet
8 participants
@Gargron
Member

Gargron commented Sep 16, 2018

Summary:

  • Redesign forms to
    • Make better use of space horizontally
    • Use labels instead of placeholders
    • Add quick navigation to preferences page
    • Reorder site settings thematically
    • Improve how settings pages look on mobile
  • Add link ownership verification via rel="me"

How does link verification work? When a profile is updated, the local as well as remote servers (independently) check the links for the presence of a link-back with rel="me" attribute to the user's profile. If so, a timestamp of the check is saved.

Why is rel="me" required? Because intent matters. It is much easier to sneak a plain link on someone's website. For example, in a WordPress comment, or through a Mastodon boost, or a Tumblr reblog. However, custom rel attributes are usually not allowed in those. On the other hand, profile links set by the owner of a page can and do contain this attribute.

What does this give us? This is not a silver bullet. Nothing beats checking someone's government identification documents. However, that approach is closed off to federated platforms. It would not scale if done properly, it would be awful for privacy, and the most naive approach would be subject to trivial spoofing. So, this is the next best thing. If you have a personal website that people know is official, proving the ownership of that site is the same as proving your identity.

Why aren't you using DNS cryptography? An HTML link is the lowest possible barrier to entry. Editing DNS and messing with public keys would exclude a lot of, if not most non-technical people, and as such I do not consider those approaches worth the implementation time right now.

References:

To some extent:

Verified links:

image
image

Forms redesign:

image
image
image
image
image
image
image
image
image
image
image
image

@Gargron Gargron force-pushed the feature-verified-links branch from dbb3406 to c5654bc Sep 16, 2018

Gargron added some commits Sep 16, 2018

@Gargron Gargron added the ui label Sep 16, 2018

@lfuelling

This comment has been minimized.

Contributor

lfuelling commented Sep 16, 2018

A TXT record for alternative verification would be nice. For example I wouldn't like having to add a link to my profile on the index of my GitLab instance and stuff like that.

Verifying multiple profiles is already possible with the current method. There should also be a way to confirm one link with multiple accounts using DNS. (comma separated links?)

@Gargron

This comment has been minimized.

Member

Gargron commented Sep 16, 2018

The complexity with doing DNS verification comes from the fact that each link needs a special verification string, so the field must be saved before that string can be given to the user for copypasting, which means the actual verification must be done in a yet another step (+ wait for DNS propagation)

Don't forget that each server must verify on its own. I don't see how the user could have any control over when the checks happen, currently it's just tied into when the profile has been updated.

@ThibG

This comment has been minimized.

Collaborator

ThibG commented Sep 16, 2018

DNS verification could work in a similar fashion, listing domain or URLs to be honest. Although we probably want to check what kind of standards or proposed standards there already are for this.
A small issue I have with that scheme is that the info could get outdated. This is partially addressed by the title displaying the time at which it was verified, but this is not directly displayed. Furthermore, I see no place where that verification is renewed?

Another minor issue I have with this is that this requires you to basically advertise your other identities everywhere, while someone may want to have only one-way verification (e.g., I may have a “private account” that I don't want to advertise to other people, but that I want to verify as being the private account tied to my public account).

Finally, I would also extend this to @-mentions and allow to declare other identities in Mastodon itself. But that could be done in a subsequent PR!

@sivy

This comment has been minimized.

sivy commented Sep 17, 2018

I think this is a pretty good solution! Not complicated UI-wise, and doesn't require the user's browser to do the validation work.

@sivy

This comment has been minimized.

sivy commented Sep 17, 2018

@Gargron: how does the link verification get triggered?

@sivy

This comment has been minimized.

sivy commented Sep 17, 2018

"ownership of this link was checked..." might be better as:

Ownership of the linked site by this user was verified on [date]

with the negative case being:

Ownership of the linked site by this user could not be verified as of [date]

Alternatively, no messaging on unverified links might also be better, so that no negative connotations are applied to links that are not intended or desired to be verified. Perhaps a checkbox representing "this is me, please verify" ("I own this site" ?) to signify verifiable links? could also cut down on effort verifying non-verifiable links.

I'm still not sure what I think about using "verification" language in this feature, given the baggage it carries from birdsite, but it is terminology that users understand.

Gargron added some commits Sep 18, 2018

@Gargron Gargron changed the title from Verify link ownership with rel="me" to Redesign forms, verify link ownership with rel="me" Sep 18, 2018

def link_back_present?
return false if @body.empty?
Nokogiri::HTML(@body).xpath('//link[@rel="me"]').any? { |link| link['href'] == @link_back }

This comment has been minimized.

@measlytwerp

measlytwerp Sep 18, 2018

Shouldn't the XPath read //link[@rel="me"]|//a[@rel="me"]? The copy you've written mentions <a rel="me" but this won't match that.

This comment has been minimized.

@Gargron

Gargron Sep 18, 2018

Member

My bad, it should be a instead of link, not sure if link is worth checking at all, that would be a real rarity

This comment has been minimized.

@lanodan

lanodan Sep 18, 2018

Contributor

True, both link and a are valid for rel=me.

This comment has been minimized.

@ThibG

ThibG Sep 18, 2018

Collaborator

I initially thought it was a “link” attribute and not a “a” attribute. Can't find the spec (if any) right now, but if link's in it, you should restore it, even if it “would be a real rarity”.

Gargron added some commits Sep 18, 2018

@Gargron

This comment has been minimized.

Member

Gargron commented Sep 18, 2018

@ThibG Okay, both anchor and link tags will be checked.

@ykzts

ykzts approved these changes Sep 18, 2018

@Gargron Gargron merged commit f4d549d into master Sep 18, 2018

11 checks passed

ci/circleci: build Your tests passed on CircleCI!
Details
ci/circleci: check-i18n Your tests passed on CircleCI!
Details
ci/circleci: install Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.3 Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.4 Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.5 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.3 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.4 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.5 Your tests passed on CircleCI!
Details
ci/circleci: test-webui Your tests passed on CircleCI!
Details
codeclimate All good!
Details

@ykzts ykzts deleted the feature-verified-links branch Sep 18, 2018

Gargron added a commit that referenced this pull request Sep 18, 2018

Gargron added a commit that referenced this pull request Sep 18, 2018

Fix performance regression in Account::Field#verifiable? (#8719)
* Fix performance regression in Account::Field#verifiable?

Regression from #8703

* Fix code style issue

Gargron added a commit that referenced this pull request Sep 18, 2018

Fix VerifyAccountLinksWorker not being queued
UX-wise, people expect that saving the profile will re-check links even without changing fields content. Bug-wise, `@account` was undefined.

Regression from #8703

Gargron added a commit that referenced this pull request Sep 18, 2018

Fix VerifyAccountLinksWorker not being queued (#8721)
UX-wise, people expect that saving the profile will re-check links even without changing fields content. Bug-wise, `@account` was undefined.

Regression from #8703

koppepan1204 pushed a commit to koppepan1204/mastodon that referenced this pull request Oct 10, 2018

Redesign forms, verify link ownership with rel="me" (tootsuite#8703)
* Verify link ownership with rel="me"

* Add explanation about verification to UI

* Perform link verifications

* Add click-to-copy widget for verification HTML

* Redesign edit profile page

* Redesign forms

* Improve responsive design of settings pages

* Restore landing page sign-up form

* Fix typo

* Support <link> tags, add spec

* Fix links not being verified on first discovery and passive updates

koppepan1204 pushed a commit to koppepan1204/mastodon that referenced this pull request Oct 10, 2018

Fix performance regression in Account::Field#verifiable? (tootsuite#8719
)

* Fix performance regression in Account::Field#verifiable?

Regression from tootsuite#8703

* Fix code style issue

koppepan1204 pushed a commit to koppepan1204/mastodon that referenced this pull request Oct 10, 2018

Fix VerifyAccountLinksWorker not being queued (tootsuite#8721)
UX-wise, people expect that saving the profile will re-check links even without changing fields content. Bug-wise, `@account` was undefined.

Regression from tootsuite#8703

koppepan1204 pushed a commit to koppepan1204/mastodon that referenced this pull request Oct 12, 2018

Redesign forms, verify link ownership with rel="me" (tootsuite#8703)
* Verify link ownership with rel="me"

* Add explanation about verification to UI

* Perform link verifications

* Add click-to-copy widget for verification HTML

* Redesign edit profile page

* Redesign forms

* Improve responsive design of settings pages

* Restore landing page sign-up form

* Fix typo

* Support <link> tags, add spec

* Fix links not being verified on first discovery and passive updates

koppepan1204 pushed a commit to koppepan1204/mastodon that referenced this pull request Oct 12, 2018

Fix performance regression in Account::Field#verifiable? (tootsuite#8719
)

* Fix performance regression in Account::Field#verifiable?

Regression from tootsuite#8703

* Fix code style issue

koppepan1204 pushed a commit to koppepan1204/mastodon that referenced this pull request Oct 12, 2018

Fix VerifyAccountLinksWorker not being queued (tootsuite#8721)
UX-wise, people expect that saving the profile will re-check links even without changing fields content. Bug-wise, `@account` was undefined.

Regression from tootsuite#8703
@ChameleonScales

This comment has been minimized.

ChameleonScales commented Nov 14, 2018

How long should we expect the ownership verification to take effect?

@ChameleonScales

This comment has been minimized.

ChameleonScales commented Nov 14, 2018

Ok, so I deleted my link, saved, re-added it and re-saved and the green highlighting appeared instantly.
So I guess it only works if you add the link in your profile settings after you've added the rel="me" link in the website.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment