[throaway920181]

Cool, but hachyderm.io also is not a trusted/recognizable domain for me. Trust issues all the way down!

[andrewflnr]

It's definitionally the correct domain for Simon Tatham's social media. What are you expecting here?

[closewith]

How would the average person know that?

[viraptor]

Average person aware of trust on social network / internet - because https://hachyderm.io/@simontatham has a validated link to the author's homepage.

Others - they don't understand the trust anyway, so there prerequisite steps missing before the main question anyway.

[zo1]

It was bad enough that we had to tell developers to trust some rando website to download a tool that we'd use to potentially plug in sensitive production usernames + credentials.

A link that looks like this:

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.ht...

And now they've gone and made it worse by posting some new site and confirming the new link is real on their weird "hachyderm" social media post thing. Yeah, talk about a grey-beard get-off-my-lawn developer screaming at the wind and wanting to make it worse for themselves and their "brand".

[viraptor]

> on their weird "hachyderm" social media post thing

At this point tech people should understand what Mastodon is. For their own benefit. It's been years.

[closewith]

10 MM MAU estimated. Not exactly foundational to online discourse.

[CRConrad]

[flagged]

[jstanley]

hachyderm.io says it has a validated link to his homepage, but if you don't already trust hachyderm.io that means nothing.

[viraptor]

It means a lot - you need to check the other side's meta to confirm yourself. https://fedi.tips/how-do-i-verify-my-account/

[mjmas]

For example, at https://www.chiark.greenend.org.uk/~sgtatham/ : (the rel=me is the important part)

    [...] <a rel="me" href="https://hachyderm.io/@simontatham"> [...]

[nottorp]

And that's why the fediverse thing is so niche :)

Looks like it's as complicated as a parts inventory system developed in house for a half a million employee company...

[closewith]

No, it really means nothing. Identity on the internet is not a solved problem.

[aembleton]

If you check the source of the website that it links to [1], on line 168, we have this

<p>I'm on Mastodon as <a rel="me" href="https://hachyderm.io/@simontatham">@simontatham@hachyderm.io</a>.</p>

If you trust that website, then you can be sure that this Mastodon account is the right one.

1. https://www.chiark.greenend.org.uk/~sgtatham/

[kelnos]

Sure, but by the time you've verified that, you could also have just visited the PuTTY website (the old/current one) to verify that putty.software is legit.

[andrewflnr]

I just checked his home page: https://www.chiark.greenend.org.uk/~sgtatham/

[jachee]

So… what would be a trusted domain, for you, then?

[zaphirplane]

https://www.chiark.greenend.org.uk/~sgtatham/putty/

[zugi]

Exactly. Which nicely confirms all this by saying:

Latest news

2025-08-14 New website, putty.software

We have a new domain name for the PuTTY website!

...

[roman_soldier]

What if someone hacked his site and inserted that news item? Better to visit the guy in person and verify.

[rzzzt]

What if someone planted the idea of adding a new website for the project while he was asleep?

[cyphar]

Which is what the original response linked to. :P