I KNOW IT SUCKS, I KNOW IT IS NOT WHAT YOU WANT, BUT PLEASE DISABLE YOUR DAMN OPEN MASTODON INSTANCE REGISTRATIONS
-
I KNOW IT SUCKS, I KNOW IT IS NOT WHAT YOU WANT, BUT PLEASE DISABLE YOUR DAMN OPEN MASTODON INSTANCE REGISTRATIONS
-
I KNOW IT SUCKS, I KNOW IT IS NOT WHAT YOU WANT, BUT PLEASE DISABLE YOUR DAMN OPEN MASTODON INSTANCE REGISTRATIONS
@jerry@infosec.exchange what is that and what does doing that mean
-
@jerry@infosec.exchange what is that and what does doing that mean
@lamb @jerry@infosec.exchange open registration allows anyone to create an account at any time without moderation having to approve it. The instance you're on (transfem.social) has approval-based registration. For every user I as an administrator have to go into a setting panel, view the new sign ups and hit a button to Approve or Deny. Part of what I look out for there are usernames and emails with obvious hateful references (such as 88, ss and other dog whistles) and the reason they have for joining. On transfem.social, we have words like racial slurs banned from usernames so nobody can register a username with slurs in it. Iirc mastodon doesn't even have the ability to denylist certain words. Combine that with open registration, and basically, it's an all-you-can-eat buffet for bad actors with zero ways of filtering them out.
-
@lamb @jerry@infosec.exchange open registration allows anyone to create an account at any time without moderation having to approve it. The instance you're on (transfem.social) has approval-based registration. For every user I as an administrator have to go into a setting panel, view the new sign ups and hit a button to Approve or Deny. Part of what I look out for there are usernames and emails with obvious hateful references (such as 88, ss and other dog whistles) and the reason they have for joining. On transfem.social, we have words like racial slurs banned from usernames so nobody can register a username with slurs in it. Iirc mastodon doesn't even have the ability to denylist certain words. Combine that with open registration, and basically, it's an all-you-can-eat buffet for bad actors with zero ways of filtering them out.
@lamb @jerry@infosec.exchange And it's fucking annoying because a big enough instance like defcon.social might have users we want to see. We can't filter out their new registration, and so we play a cat-and-mouse game of banning users who misbehave. Even in the case where fedi software allows "allowlisting" users that's still manually approving every user from that instance which is just not possible for the thousands of instances around us without adding significant moderation workload.
-
J jwcph@helvede.net shared this topic
