You'll be surprised how many people think they can just use first.lastname@gmail.com and have email magically appear in their account. And even more people have no idea what the @gmail.com/@ibm.com is about. All they know is that some of their emails don't reach their contacts, probably because "the computer broke again".
It's not a hard concept, but it's a concept that was only ever explained in school to a sliver of the population actually using email every day.
Plus, federation makes validating accounts real hard. Looking for a semi-popular Twitter user on Mastodon will bring forth 800 Twitter-to-Mastodon-bridges with plausible-looking domains, only for the real user to end up using something like "hachyderm" as their domain name. I don't know any good solutions to this problem, but that doesn't make the problem go away.
I have my own domain, and have email set up so that any email to that domain goes to me.
You'd be surprised (well, nobody here on HN would be) to know how many times I tell a business that my email is "their-business@my-domain.com", and they ask me how I got that email address, whether I work for their company, etc.
Since this happens often, you could try changing the form of the email addresses to make them less confusing.
I can think of several options:
1. Prepend "from-", so that instead of <their-business>@example.com you give them from-<their-business>@example.com.
It should at least make it easier to explain your approach when you have to.
2. ROT13 or reverse the name of the business so it's gurve-ohfvarff@example.com or ssenisub-rieht@example.com.
You can design a different stateless function that maps names to email addresses.
The function doesn't even have to be invertible.
This is similar to a stateless password manager like https://www.lesspass.com/.
3. Use a list of pre-generated addresses you keep on your person.
Think recovery codes.
Of course, you can keep the list on a smartphone.
I always allocate an email of my+company@myemail.com and the number of email validators that don't accept that "+" is a legit email character is infuriating.
That's why I've updated my SMTP config to handle - the same way as + 10+ years ago. And to avoid "why is my business name in your email?" questions, I rot13 it.
Yeah, I do this with a catchall domain as well. Indeed, I've had people ask if I work for their company -- too funny! So far the only company that has illegally added me to a mailing list I didn't sign up for is H&M (the clothing store).
I do the same, and some companies flat-out refuse to accept email adresses with their own name in them. Samsung, notably, won't allow samsung@domain.tld for some obscure reason.
Every time I have to hand out my email over the phone, I brace for having to explain my catch-all to people. Depending on how tired/tech-illiterate the person on the other end sounds, I've started using plausible-sounding alternatives (contact@/hello@/email@) instead.
> won't allow samsung@domain.tld for some obscure reason.
It's not obscure. Some code monkey at Samsung was told to filter out certain addresses, Samsung ones among them, and just used a regex or substring search on the entire address.
It could also fall foul of a Scunthorpe filter - refusing to accept names with some subset of characters, and the company name got added to the filter to avoid "samsungsuxbawls@gmail.com" or similar
> It's not a hard concept, but it's a concept that was only ever explained in school to a sliver of the population actually using email every day.
It's not hard to someone with exposure to a certain medium. Though its a bit dismissive like it would be for a mechanic to question why a person doesn't know know about rotors, spark plugs and other "simple" car concepts.
> (Companies should really validate email address OWNERSHIP before spamming innocent people.)
I don't understand why this isn't part of the normal flow for implementing Verify Your Email emails.
Someone used my firstname.lastname Gmail address on trip dot com a couple of days ago to book flights, and their Verify Your Email email actually had a Not My Email-type link in it... which apparently does nothing, as I shouldn't know that if you phone trip dot com about changing your flights, they send you an email with a Change Flight link.
I just got off a chat with their support, so hopefully my fat-fingered doppelganger doesn't miss their flights from Atlanta to Sydney tomorrow.
Now that I think about it, I don't think I've ever seen an email verification flow that works in reverse, where the email owner sends the email instead. Seems it would be easy enough to say "Send an email from your indicated account with <pin> to <corporate email address>." I'm assuming the flow is different enough that it would lead to losing people who decide not to follow through but who would have continued with the 'normal' setup. It would also train users to send their MFA pins to others which would be a net negative for anyone using the normal verification process.
Are you sure they were confused people? More probable explanation is that they made typos while entering their email.
The alternative explanation, that they roitinely use [your name].[your last name]@gmail.com as their email, and don't realize that it never works is... unlikely IMO.
One of the emails had a phone number for the intended recipient, so I called. It was an old person who was definitely confused.
I can easily imagine there are a bunch of older people who do not have email addresses, yet just about everything requires an email address, even if it's not necessary for whatever service, so people have to either make up an address, or incorrectly remember what the address was that their children or grandchildren set up for them.
Either way, that doesn't excuse the companies that spam innocent people.
My wife has been receiving medical appointments, test results, event tickets, package tracking numbers and so on destined to a few old ladies for years.
I once tracked the sons and nephews of one and told them, and they apparently thought I was some kind of scammer and didn't return messages after a couple exchanges, so to this day she still receives all those.
If the email they were trying to reach was [firstname].[middle initial].[lastname] and they forgot the middle initial that would explain why it's showing up in your inbox.
Several years ago, I started getting mass amounts of signups to one of my gmail accounts by the same person (thanks to some of these, I found out her first and last name). Some months after it started, I realized she also had the twitter account with that same name. I don't think she knew gmail and twitter were different things.
> You'll be surprised how many people think they can just use first.lastname@gmail.com and have email magically appear in their account.
I get a pile of junk from people who assume they can do that. I guess I have a lot of stupid distant relatives. It was the same for Hotmail too I got so many hotel receipts, or resume replies etc. one went on for decade or more. Yes you can reply back "no this is wrong" but nobody listens.
> I don't know any good solutions to this problem, but that doesn't make the problem go away.
Abandoning the concept of celebreties and instead using social media for social interactions with people who you can "validate" their identity by walking over to them and asking them for their ID.
This was the weakest point of the whole article, particularly because Mastodon and Bluesky are identical in this respect. The reason he doesn't realize it is that almost everyone is on the same instance.
So yes, you will have:
@stephenking.bsky.social
and
@stephenking.bsky.otherinstance
Unless Bluesky remains a single server, in which case it's not at all decentralized.
Small nitpick, the domain name used for a ATProto identity is decoupled from the server that hosts that users data. A username is established on ATProto by creating a TXT record of the users DID (essentially a public key). This is not identical to ActivityPub, because the users data is hosted / managed by the server that the A/AAAA record points to. ATProto users can migrate their data from server to server while maintaining the same username. ActivityPub users cannot.
Also, Bluesky is a centralized view of the data in the decentralized ATProto network. This means you will never end up having the problem where searching for a user on one instance will not show up because they are on another instance that they have not federated with. There are obviously tradeoffs with this, but IMO they do seem sensible. The nice thing about Bluesky is not that it is decentralized (it's not), it's that the data that it let's users interface with is decentralized, and if something goes south with Bluesky, another application can be built on the same data and users can migrate without starting from square one.
This solves only half of the problem (migration). It doesn't solve the problem of different people signing up on different servers using the same handle. Is there anything stopping me from making a stephenking account on another server?
My "nitpick" was on the use of the word "server". The domain name used for a username is decoupled from the server. But no, there is nothing stopping you from making a stephenking subdomain on another domain. Just like there is nothing stopping you from making a website at google.mycoolwebsite.xyz.
But there are moderation lists that you as a user can subscribe to. It wouldn't be hard to find a moderation list for impersonators, which would solve this problem for you.
You've highlighted the exact reason this is a problem for mastodon and not for bluesky: on the latter, there's a default, so people who don't realise why it matters don't need to worry about it.
For the record, there are other differences - on Bluesky, you use your non-default domain to login in exactly the same place, there aren't 'weird gaps' between different domains.
The only “problem” bsky solves is choosing a server. But if ATProto becomes widely used, the problem will appear as in Mastodon today. The only way to avoid it is for bsky to never become really decentralised. So yet another VC-backed social media company.
I think this is why this is in truth, an aesthetic choice masquerading as a conversation about technical implementation.
I think there's no two ways around it, @stephenking.bsky.social looks better than @stephenking@mastodon.social.
Blue Sky does the names better and opts people into a default server at the moment, and I would say their desktop and mobile experience is a bit better, and that feels like they've solved something specific and technical even though, as you pointed out, the issue with domains is the same in each case.
Yet, people are confused by it. I think this is at least partly because there's even less to differentiate the different mastodon domains than there was to differentiate gmail and yahoo. And, of course, there are a lot of people growing up now who don't really use email, so the analogy can't be taken for granted.
Stores won't let you have cash-back from your purchase when using your debit card if you flash the card. You have to insert the card. Some cashiers don't even know that. I don't feel enlightened by that fact. Newer cars won't disengage the hand-break if parked on a slope and you don't have the seat locked in. I don't feel enlightened by that fact. The list of "rules" goes on and on and technology feels oppressive, not empowering.
Maybe is artificial enlightenment?
Right, and this is all you need to point out to burst anyone's bubble who insists on behalf of "the people" that it's all too hard.
It just goes in circles with personal anecdotes that always coincidentally corroborate whatever position someone was already arguing for anyway. What would be really interesting to see is someone making the case against Mastodon but acknowledging that "people I know" weren't confused by it or vice versa.
But when they are faced with two options, one of which is confusing and requires figuring out, and another one that does not, with the first having no clear advantages over the second, why would they bother spending time figuring it out?
What is the evidence for people being confused about that? Did any scientist some research about this, are there any facts or studies about this issue? Or does just someone think it is an issue?
Personal anecdotes. It's always personal anecdotes that coincidentally corroborate whatever position someone was already arguing for. As I noted elsewhere, it would be a lot easier to take these seriously if they weren't so on the nose, and if they instead took the form of "well it seems they have account migration figured out BUT instances are confusing BUT the sign up process is streamlined BUT it's not easy to explain to people..."
It would be clear we were at least talking about things where "the people" had reactions to specific things for specific reasons that were in principle solveable and not merely ghosted into existence to support a point the commenter wanted to make anyway.
I think people see one another doing it and kind of collectively converge on this ritual of collective storytelling where we offer anecdotes that don't offer any kind of truth tracking accountability.
It's not a hard concept, but it is a stupid one. Phone numbers for example you can take with you when you switch providers. Email has the provider hardcoded into your email address, thus every new provider means you have a new email.
The Web still lacks a first-class concept of a user identify that you can take with you across servers.
It's funny you mention that because for a while the supposed deal breaker with Mastodon was the inability to migrate accounts (even though no other service let you do that).
But now you can, so we're on to the next whack-a-mole.
But if you own your own domain and use it for your own mail, you do take your identity with you? Isn't this what AT protocol is promising with Bluesky's identity system?
Anglophones are often confused by the concept of tone being used to differentiate words in many non-European languages.
But it's not a hard concept, it's just unfamiliar to them.
People being confused by a concept after it has been taught to them suggests that either the concept is hard or the educational process inadequate. Confusion on initial introduction has nothing to do with difficulty.
No, it can just be because they haven't been exposed to it or needed to care about it. Obviously people's real names have similar problems and nobody is confused that John Smith isn't the same person as John Jones.
This line of thinking is what makes the website user-hostile.
I completely understood the function of the usernames from the start, but to this day I still sigh whenever I encounter a new Mastodon user on a different network because I have to do a song and dance to get them followed on my main account. The whole thing is cognitive overhead I do not want.
You can say it’s “not a hard concept” as much as you’d like, it doesn’t change the reality that it is confusing and hard to understand for end users used to Twitter (which is everyone)
I'm noticing here that people are giving it the college try of insisting that email domains are "too confusing". I think the further down this rabbit hole we go, the more equivocal one has to be about how large percentage of the population that actually is.
I work at a company that relies on engagement with customers over email I'm sure plenty of other people here do as well, and whatever people's confusion with email, somehow they figure it out when they need to and the world seems to keep turning.
At some point this conversation is no longer about the specifics of Mastodon or BlueSky, it's just general information literacy and functional literacy.
Hilariously, arguments of the form "what if people do it wrong" like this were made even for the introduction of calculators. I think it's better understood as an ordinary rite of passage than the specific identification of a genuine problem.
I think people underestimate just how much “weird techiness” having two ‘@‘ signs creates. It’s (whether it ‘should’ be or not) immediately unapproachable.
Wait until you find out the tuple to identify you logging in on Amazon is {user@host.dom, password} or used to be: I had two distinct accounts using the same email address. Confusing!
Yes, and choldgraf@gmail.com and choldgraf@ibm.com are different email-people, too. This is not a hard concept.