Would be cool if there was a way to know a record was created via an oauth app and not directly via the PDS or AppView. Like a "sent from my iPhone" email signature RE:

Bluesky Social

Tom Sherman (@tom.sherman.is)

Hello from OAuth!!!

View quoted note →

Hello from OAuth!!!

Are there any mitigations in place to prevent this kind of impersonation? Feels like a bit of a risky hole in atproto Imagining a utopia where atproto is as common as email, surely we can put mitigations in place now to prevent the many phishing and other abuse attack vectors that spawn from this? https://morel.us-east.host.bsky.network/xrpc/com.atproto.sync.getBlob?did=did:plc:2xau7wbgdq4phuou2ypwuen7&cid=bafkreifs4owev4euocjhn6msclwnjhrtzuzn5bjszfqbg2cfvziqvb6mxm