As I recently joined (#TwitterExodus) the free, federated, and open source Mastodon social network based on ActivityPub, going through my profile setup, I noticed that it allows you to verify yourself as the owner of the links/resources you can set in your profile (EDIT: it’s working for me on infosec.exchange, but I’ve seen users struggling on other instances e.g. mastodon.social, where apparently the verification is not enabled by admins).
Being able to prove who you are, and that you are the owner of certain key resources online becomes more and more important these days. Scams, impersonations, phishing emails to steal your (online) identity is becoming too common today.
While there seems to be a more “native” way of verifying your profile through the app, it was not working for me at the time of writing. So we’ll do it through creating a file in our public folder on our Keybase profile.
Create the Verification File in Keybase
First, you want to make sure you have the desktop application installed, as it’ll be much more convenient to do all that. Trust me.
With Keybase installed, you can drop files onto your own computer that are immediately signed and hosted on Keybase.pub. You can also write private, end-to-end encrypted files with anyone you know.
Launch the app, and go to your “Files” menu, on the left-hand side:
You will notice that I have a folder in there baring my Keybase username: xsa. Click on it, and you will see that you are now in your public folder, where we will be uploading the HTML file used for the verification:
Let’s create a small HTML file on our local machine, called mastodon.html for the sake of…