Hi! Jeremy from The Post here. We’re still evaluating what it would mean for us to run an instance. But we’re definitely adding rel=me to our author profile pages ASAP.
On the other hand, you end up leaking cookies between the two subdomains when you take this approach. If one site gets hacked, so does the other. It’s better to use two separate domains and begin establishing trust for the new domain.
Only if you don’t pin your cookies to the subdomain and/or are not using HTTPOnly. Even if you screw that up, cookie tossing in general is a rather low risk item; I don’t think its accurate at all to say “if one site gets hacked so does the other.”
in theory you don't even need to run Mastodon. I don't know how adaptable your own CMS is but a forward thinking org would skate where the puck is going to be in terms of supporting the ActivityPub protocol.
you may want to be getting in touch with folks like Evan Prodromou or Christine Lemmer-Webber for their guidance.
Really exciting to see. I remember when y'all started posting on reddit when they launched the profile page feature. Seems like you're always willing to try out new things. I'm hoping Mastodon catches on and replaces Twitter.
What is your strategy? Some obvious wishes would be
- organic fact-based journalism, free from narrative manipulation
- transparent security to protect individual sources, is the instance accessible? can extremely precise/leaky details, like timestamps be clamped? or even perhaps tools to thwart stylometry
- facilitating and amplifying quality discourse
- novel UX - does "read aloud" work on the page
- permalink integrity, can the backend meaningfully serve the postings for a decade or so?
- facilitating reporting, citizen/snapmap model this, except maybe in terms of osint data
Running the instance under your own well-known domain equals instant verification and trust, whereas anyone can set up a .social.