I was recently approached by a user claiming to be the developer of Sync for Lemmy who wanted to be a moderator of the community I created, !syncforlemmy.
I was able to verify this user was indeed LJ Dawson as I knew where to contact him on Discord.
It is quite possible that an impostor user on another instance may be created, for example [email protected] could easily be made.
Should Lemmy have a verified user marker for members who are of importance to any given community? Are there any other options to protect users against nefarious persons playing impostor?
There is DID which tries to do some of that. Many methods of registering your identifier have been registered (blockchain, bitcoin, crypto keys, purpose-built software, etc). Linking identities to some entity like this would prove ownership, but getting it implemented in places, encouraging users to use/check it (e.g. almost nobody GPG signs email), not trust similar usernames/domains, etc are all hard problems that having a spec alone doesn’t solve.