Your Link-in-Bio Is Lying — Why Verified Links Are the Next Standard

Posted on by No Comments ↓

You put a Linktree URL in your Twitter bio. That Linktree has links to your GitHub, YouTube, and Instagram.

But here’s the thing — who can actually prove those links are yours?

Nobody. And that’s a problem we’ve been ignoring for years.

The trust gap in link-in-bio

Every major link-in-bio service — Linktree, Bento, Bio.link, Carrd — works the same way. You type a URL, they display it. That’s it. No ownership check. No verification. Nothing stops someone from creating a page with your links and pretending to be you.

This isn’t a hypothetical. It’s happening right now:

  • Crypto scammers clone influencer profiles to run phishing campaigns
  • Fake freelancer portfolios win client contracts with stolen work links
  • Impersonator accounts redirect fans to malicious sites

And the “verified” badges that exist today? Twitter/X’s blue check is pay-to-play — anyone with $8/month gets one. YouTube verification is reserved for channels with 100K+ subscribers. GitHub, Mastodon, Bluesky? No verification system at all.

We verify people (sometimes). We never verify links.

What if each link proved its own ownership?

The idea is simple: instead of trusting that someone typed in the right URL, use OAuth to cryptographically prove they own each account.

Here’s how it works:

  1. User clicks “Connect GitHub”
  2. They’re redirected to GitHub’s OAuth consent screen
  3. They log in and authorize
  4. We receive an access token, confirming ownership
  5. A verification badge is permanently attached to that link

The same flow works for X/Twitter, YouTube, Bluesky, Mastodon, Facebook, and others. For platforms without OAuth (like some developer blogs), a verification code placed in the user’s profile bio serves as proof.

The result: a profile page where every single link is verified. Not “this person paid for a badge.” Not “this person has enough followers.” Just: “this person proved they own this account.”

Why OAuth is the perfect tool for this

OAuth wasn’t designed for identity verification — it was designed for delegated authorization. But it turns out to be perfect for ownership proof:

  • It’s already everywhere. Every major platform supports OAuth. No new protocol needed.
  • It’s cryptographic. The proof isn’t a screenshot or a promise — it’s a token exchange between servers.
  • It’s read-only. You can verify ownership with read:user scope. No posting permissions. No data harvesting. Users connect with zero risk.
  • It’s free. No blockchain fees. No NFTs. No Web3 complexity. Just HTTP redirects and tokens.

Here’s a simplified look at what the verification flow does: 

User clicks "Connect GitHub"
  -> Redirect to github.com/login/oauth/authorize
  -> User approves
  -> GitHub redirects back with authorization code
  -> Server exchanges code for access token
  -> Server calls /user endpoint to get profile
  -> Store verified account: { platform: "github", username: "octocat", verified: true }
  -> Display verification badge on profile link

That’s it. Account ownership, cryptographically proven, in under 5 seconds.

The Trust Score concept

Once you have verified links, you can build on top of them. We developed a Trust Score (0-100) inspired by PageRank:

  • Identity Verification (0-40): More verified platforms = higher score, with diminishing returns and a diversity bonus for using multiple verification methods
  • Profile Completeness (0-15): Bio, avatar, timeline entries — the basics
  • Account Maturity (0-15): Exponential decay curve — older accounts score higher, but the gains plateau
  • Reputation (0-30): Time-weighted engagement with log compression to prevent gaming

Importantly: paying for a premium plan does not affect Trust Score. Trust ≠ money. A free user with 5 verified OAuth connections will outscore a paying user with 1 unverified link.

What this means for the web

Imagine a world where:

  • You share one URL and anyone can instantly verify every account is yours
  • Phishing pages with fake social links are immediately distinguishable from real profiles
  • Recruiters can verify a developer’s GitHub, blog, and portfolio ownership in one glance
  • Fans can confirm a creator’s real YouTube and Instagram without guessing which account is the impersonator

This doesn’t require a new protocol. It doesn’t require blockchain. It doesn’t require government ID. It just requires using OAuth for what it’s already good at — proving you are who you say you are.

We built this

I built myna.me to make this real. It’s live, it’s free, and it supports 14+ platforms including X, GitHub, YouTube, Bluesky, Mastodon, and more.

Every link gets a verification badge. Every profile gets a Trust Score. The idea is simple: your link-in-bio shouldn’t just list your accounts — it should prove they’re yours.

If this resonates, I’d love to hear your thoughts. And if you want to try it: myna.me — takes 30 seconds.

Leave a Reply