[Operators] Remove old unused accounts?

Mihael Pranjić tux at limun.org
Wed Dec 9 08:52:22 CST 2009


On Wednesday, 9. of December 2009 15:26:11 Peter Saint-Andre wrote:
> On 12/9/09 6:15 AM, Mathias Ertl wrote:
> > Hi,
> >
> > I added the policy that old accounts on our XMPP-Server will be deleted
> > after a year of inactivity. The CCC (jabber.ccc.de) seems to practice
> > the same, and I *think* jabber.org also deletes unused accounts.
> 
> Yes, we do that at the jabber.org service.
I am sure Nikolaus Polak can confirm that accounts on linuxlovers.at/0nl1ne.at 
are also deleted after a year of inactivity. It works well and as far as I 
know no one has complained about that so far. Seems fair enough for me, a year 
is quite a lot of time of not-using an account. I think most people forget 
their password anyway after a year of not having logged in. (except it is 
stored on the computer - but many people delete their home directories, forget 
their password, create a new account [this is not statistically proven though 
:D]).
> 
> > But some of your Users complained that such a practice is questionable,
> > at least if you allow the usernames to be reregistered: Somebody could
> > reuse your ID, and if someone else used your ID before, you could
> > unwillingly inherit what the one before you posted on the internet.
> 
> This is true.
This is a huge problem in general I think. Solving this would be digging too 
deep in XMPP, so that you may/would have to implement uniqe user IDs stored 
somewhere centrally to be able to identify a person (maybe with all jabber IDs 
that belong to that person). This would again be a problem because you could 
find out which jabber accounts belong to who. Also this would be totally 
against the XMPP idea of not relaying on a centralized service. Centralized 
control and power is not what we want I think. So identifying a user is not 
that easy which means we are where we were before with this problem. I think 
it is still important to know whether you can solve it or not.
> 
> > So what is your practice on deleting unused accounts? Do you block
> > reregistering? And if yes: how do you implement this with ejabberd?
> 
> At jabber.org we allow re-registration. However, you raise some good
> points about the practice. My major concern is that if we kept accounts
> forever, we would have a lot more accounts (most of them idle) than we
> have now. Before we started removing idle accounts, our database was
> growing quite fast, whereas now it grows much more slowly (we have about
> 330,000 accounts).
This is the reason why most services delete unused user accounts. I dont even 
think that you *can* keep all the registered users on a public service with 
many users (especially jabber.org would die if it kept all the accounts 
because of the enormous database). This would be very heavy on the server, and 
is simply wasting ressources I think.
> Another issue is clean deletion: sending unsubscribes from the old
> account to the entities in the roster, removing the vCard, etc. I don't
> know if any software makes this easy or even possible.
This is true, but could be implemented. It's a pretty important feature that 
should be implemented asap.

Yours,
Mihael Pranjić


More information about the Operators mailing list