- Mastodon uses rel=“me” attributes to verify a mastodon account is the owner of a link
- My personal site verification only worked once I served it over https
- Github adds this attribute automatically to your social links
- Twitter doesn’t let you do this, you may need an inbetween step
Prove you’re you on Mastodon
Around the time Elon began renovating bathrooms a whole bunch of people migrated to alternative social media, and lots of those migrating went to Mastodon. Here you no longer need blue ticks by your name to show you’re cool. Instead, you can add up to 4 links onto your profile which Mastodon will adorn with a lovely hue of green. If you can prove the link belongs to you, that is.
You do this by adding a rel-me anchor to your site which links back to your Mastodon profile. Once you add the URL to your Mastodon profile, your server will visit it and look for the anchor. If it finds it, you get the check!
How I got each checkmark
I found instructions online didn’t provide much more information that what I posted above. I thought I’d get just a little more specific with this blogpost.
This should have been as easy as adding the
rel="me" attribute to the Mastodon link in my site footer. However, it seems that Mastodon does not complete the verification process unless your site is served over HTTPS. I haven’t seen any docs about this, and am not sure if this is a server-specific configuration, but as soon as I added HTTPS to my domain I received my verification tick.
This one was easy. After reading this redirection solution by Simon Willison I was a little worried that GitHub would not make this easy for me, since it said it only allowed the rel-me links on personal URLs. But it looks like since Simon’s post, GitHub has added rel-me attributes to all social links. So verification was automatically done when I added my full GitHub link to my profile.
Ok I didn’t get this check mark; this one is hard. Based on what I’ve read, twitter may have had the rel-me attribute applied to your personal website link on your profile in the past, but could have since removed it. There is no guarantee that I’m right, or that it will add it back, or that it wouldn’t remove it again. But I suppose you could say the same for any other website.
There may be an authentication service that you can use, or setting up a similar redirect solution like Simon Willison suggested for GitHub, but I decided it wasn’t worth it for now.
Hope this was helpful to you. If there are any other verifications you think I need, any others I should cover (or any ways you can think of verifying Twitter even), please reach out.