[Operators] Remove old unused accounts?

Peter Saint-Andre stpeter at stpeter.im
Fri Dec 11 11:44:27 CST 2009


On 12/10/09 5:21 PM, Mihael Pranjić wrote:
> Am Freitag, 11. Dezember 2009 01:03:51 schrieben Sie:
>> On 12/10/09 4:55 PM, Jonathan Schleifer wrote:
>>> Am 10.12.2009 um 23:50 schrieb Mihael Pranjić:
>>>> It clearly does sound like a sane idea. This would solve the problem
>>>> of having
>>>> multiple users use the same JID after it was deleted. But think of
>>>> jabber accounts that were created, used for short time and then left
>>>> lying aroung on
>>>> the server. This includes unnecessarily created accounts and so on.
>>>> However it
>>>> is defined, on most public services there are many jabber accounts
>>>> just lying
>>>> around, unused. This makes it impossible for someone who would really
>>>> like to
>>>> use the same JID to register it, as he does not have the email adress.
>>>>
>>>> In short there wont be two different people using the same jabber
>>>> account,
>>>> regardless of the fact that there may be "garbage" accounts that are not
>>>> really used. This makes it impossible tot get the jid, even for the
>>>> people who
>>>> would really use it.
>>>>
>>>> Captcha could prevent an amount of "garbage" accounts, but is not 100%
>>>> proof.
>>>> Anyone can still create accounts and not use them.
>>> Well, you could make a difference between accounts that have been used
>>> for a while and accounts that have been registered but never used. For
>>> example, if the user never logged in two weeks after it has been
>>> created, it is unlikely that the account has ever been used properly -
>>> in this case, I guess it is safe to remove it, as I don't think someone
>>> who just registered account will get important privileges anywhere.
>> Says who?
>>
>> I tell all the people who matter that I'm creating a new account because
>> I'm tired of having 2400 people in my roster at the old account, on day
>> one I become a room owner for a bunch of chatrooms, then I go offline
>> for a two-week vacation. I come home and my account is gone. What gives?
>>
>> Look, we can spin out weird scenarios all day.
>>
>> Peter
> 
> Yeah we can, but going through some scenarios can show up security issues 
> related to this. If the discussion is not welcome we can stop *LOL*
> If no one thinks this is a topic that should be discussed we can just close 
> it. 

Discussion is good, but I don't think we're making any progress here.

In any case I'll think about this for the jabber.org service, but we
have more pressing issues to work on right now.

> In my opinion though this issue comes with XMPP and it wont go away. Its 
> related to its design. You just can not identify someone 100%. This is the 
> same with email too. Maybe something with/like openpgp can be figured out. Any 
> kind of unique signature. Openpgp can be used in client to client chats, but 
> MUCs dont support unique identifying through something like openpgp. Once you 
> prove a users pgp fingerprint and add it to the room configuration you could 
> identify the user easily. I am not sure about how to implement this though, 
> not even sure if it would work. Doesnt seem that insane though imho

And how many people use PGP? That's not a scalable system for real people.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20091211/85037979/attachment.bin>


More information about the Operators mailing list