[Operators] Remove old unused accounts?

Mihael Pranjić tux at limun.org
Thu Dec 10 13:28:05 CST 2009


Am Donnerstag, 10. Dezember 2009 20:24:41 schrieb Peter Saint-Andre:
> On 12/10/09 12:19 PM, Mathias Ertl wrote:
> > Peter Saint-Andre wrote:
> >> That said, there is a minor security concern here. MUC rooms and PubSub
> >> nodes could garbage-collect owners and admins/publishers, just as core
> >> XMPP services do. This is another reason to put such entities in the
> >> user's roster.
> >
> > It wouldn't however be the only one. What happens if, say, some other
> > mathias.ertl at jabber.org posts a lot of warez (or anything illegal for
> > that matter... child porn?) into a forum and then also posts his JID for
> > some reason. Then years later I register that same ID (works, because
> > the old one has been deleted). Then I apply for a Job somewhere and
> > someone googles my name... shit just happened :-P
> >
> > Come to think of it, the same would happen if that other guy still uses
> > that ID... hmm, maybe its not so much a problem.
> 
> It can happen. Sometimes I receive a request to delete from the archives
> at http://logs.jabber.org/ some chatroom messages that someone sent
> years ago. However, such events are quite rare.
> 
> I don't see that this is any more dangerous than, say, expired domain
>  names.
> 
> Peter
> 
Domain names can expire, yes, but you can see who the owner is.. In jabber you 
can not identify the user because anyone can register an account without 
publishing his real name too. Domains _usually_ have an owner who can be 
identified and contacted.


More information about the Operators mailing list