[Operators] Remove old unused accounts?

Mihael Pranjić tux at limun.org
Thu Dec 10 18:21:18 CST 2009


Am Freitag, 11. Dezember 2009 01:03:51 schrieben Sie:
> On 12/10/09 4:55 PM, Jonathan Schleifer wrote:
> > Am 10.12.2009 um 23:50 schrieb Mihael Pranjić:
> >> It clearly does sound like a sane idea. This would solve the problem
> >> of having
> >> multiple users use the same JID after it was deleted. But think of
> >> jabber accounts that were created, used for short time and then left
> >> lying aroung on
> >> the server. This includes unnecessarily created accounts and so on.
> >> However it
> >> is defined, on most public services there are many jabber accounts
> >> just lying
> >> around, unused. This makes it impossible for someone who would really
> >> like to
> >> use the same JID to register it, as he does not have the email adress.
> >>
> >> In short there wont be two different people using the same jabber
> >> account,
> >> regardless of the fact that there may be "garbage" accounts that are not
> >> really used. This makes it impossible tot get the jid, even for the
> >> people who
> >> would really use it.
> >>
> >> Captcha could prevent an amount of "garbage" accounts, but is not 100%
> >> proof.
> >> Anyone can still create accounts and not use them.
> >
> > Well, you could make a difference between accounts that have been used
> > for a while and accounts that have been registered but never used. For
> > example, if the user never logged in two weeks after it has been
> > created, it is unlikely that the account has ever been used properly -
> > in this case, I guess it is safe to remove it, as I don't think someone
> > who just registered account will get important privileges anywhere.
> 
> Says who?
> 
> I tell all the people who matter that I'm creating a new account because
> I'm tired of having 2400 people in my roster at the old account, on day
> one I become a room owner for a bunch of chatrooms, then I go offline
> for a two-week vacation. I come home and my account is gone. What gives?
> 
> Look, we can spin out weird scenarios all day.
> 
> Peter

Yeah we can, but going through some scenarios can show up security issues 
related to this. If the discussion is not welcome we can stop *LOL*
If no one thinks this is a topic that should be discussed we can just close 
it. In my opinion though this issue comes with XMPP and it wont go away. Its 
related to its design. You just can not identify someone 100%. This is the 
same with email too. Maybe something with/like openpgp can be figured out. Any 
kind of unique signature. Openpgp can be used in client to client chats, but 
MUCs dont support unique identifying through something like openpgp. Once you 
prove a users pgp fingerprint and add it to the room configuration you could 
identify the user easily. I am not sure about how to implement this though, 
not even sure if it would work. Doesnt seem that insane though imho

Mihael


More information about the Operators mailing list