Discuss PieFed project direction, provide feedback, ask questions, suggest improvements, and engage in conversations related to the platform organization, policies, features, and community dynamics.
Spammers, trolls, and ban evaders often use temporary email addresses. PieFed now checks a list of known temporary email providers and displays a warning icon next to registrations that use such services.
If registration mode is set to "Open" (no approval needed) then the site admin(s) receive a notification instead.
A throwaway email address isn't always a bad thing but it's one factor that admins might want to take into account.
I have to chime in and say this feels a bit underthought feature. I use a throwaway email for everything possible, and I would imagine a large portion of Fediverse users do that too.
I also get the motivation behind the feature. I didn't feel like throwaway addresses are worth it before I started using them. They may seem like an obvious spammer flag. But I'd say it's 50/50, just like with any free email provider like gmail or Proton mail.
Throwaway emails seem kind of necessary on small, underdeveloped, easily hacked websites.
You say it's 50/50 based on your own experience/anecdotal evidence. Admins will probably be able to make that determination with a much greater deal of accuracy based on what they see happening on their instance. So it makes sense to leave the choice to them/enable them to make that choice, right?
True, I failed to mention that I think there could be a setting to enable the feature, or dismiss the warning per-account. @[email protected] maybe consider this?
Sure
We'll see. If it turns out to be useless noise, I'll remove it from the signal.
I think it's good that it's a simple flag and not an outright block.
It's just a way for admins to see "maybe take a closer look at this registration."
I'm sure there are a lot of legitimate users that use these types of emails, though.
Hello! Representing a real human with a throwaway registration 👍
Seems like an overreach. Most spam I see is from gmail.com not alias services.
Does this include people that use email aliases to keep the connections between accounts harder to make? I pay for this service so it's genuinely not a throw away account. Just a way to maintain some privacy.
I don't know which service you use or whether it is on the list. But if it's a paid service then it's probably not on the list. Things on the list are like https://10minutemail.com/ or https://www.guerrillamail.com/
You're free to maintain your privacy and admins are free to weigh the potential risk of accepting an application with a warning icon on it. I'm sure there will be plenty who ignore it.
I appreciate the straightforward answer of you're not sure answer (no sarcasm) . I just want to make sure paranoid people like me can still participate and I keep their level of privacy
Ah, this is what you need. https://disposable.github.io/disposable-email-domains/lookup
Every alias domain I have is on this list. Not cool.
I have to say that's extremely unfortunate that you would add such a feature. We use aliases to maintain our privacy and this is come corpo surveillance shit. Not cool.
Aliases are different and not flagged by this feature. It just looks at domain names.
Multiple big Lemmy instances have been using the exact same blocklist for a long time (although it's not a core feature, they've patched it in somehow). I got the idea by lurking in the Lemmy matrix rooms and seeing their discussion.
Aliases are different and not flagged by this feature.
How are they meaningfully different? I just checked the list you posted above and several of the alias domains I use are on that list.
I got the idea by lurking in the Lemmy matrix rooms and seeing their discussion.
Did you think about it before implementing it?
Ah I see we are using the word alias in a different way. I was using 'Alias' as technical term with a very specific meaning. Never mind.
Ok, but that's not the only use case for it. It's also used by spammers and abusers to make everyone else's lives worse and it's admins who have to bear the brunt of that.
So I think it's fair to give them the option to weigh the costs and benefits of allowing it and then either do or not do something about it.
This is just lazy discrimination and a deep disrespect for the privacy of your users. If you can't be bothered to actually admin a community properly then don't create a community.
Go create your own then? It's a free service, you're not actually owed anything.
Go create your own then?
Don't want to.
you're not actually owed anything.
People in general are owed their privacy and anyone who admins a website owes that to them, but especially fediverse projects that are supposed to be an alternative to surveillance capitalism.
You're not owed anything when you're using a free service offered by somebody else, at their personal expense and effort. Nobody's funding this shit, nobody's paying for this shit. Definitely not you. You're free to make suggestions, you're not free to demand stuff. Overly demanding and obnoxious users like you are why FOSS devs tend to suffer burnout and quit.
Yes I am. Everyone is owed their privacy.
I'd rather them quit if they can't be bothered to moderate the site.
You can rather whatever you want. As I said, if you believe in it so much, put your money where your mouth is and host something better for the rest of us.
And as I said, I don't want to. Nor would it solve the problem.
And as I said, I don't want to
I know. You just want to be a self righteous prick online blaming others who contribute when you don't.
Nor would it solve the problem.
Why wouldn't it? If this is as important an issue as you say it is, surely providing an alternative that meets it would allow others to use the better alternative?
You just want to be a self righteous prick
Being concerned for the privacy of people as a whole makes me a prick?
blaming others who contribute when you don't.
I don't know why you assume that I don't contribute?
Why wouldn't it?
Why would it? Is it going to wipe those sites off the internet? No? That's why. Those sites will still be there, discriminating against users who just want privacy on the internet. That's like saying Lemmy solves the problems that Reddit creates or Mastodon solves the problems of Xitter. Those problems still exist because people continue to choose to participate in those communities, against their own interests.
Also a real human with a throwaway registration address!
Same!
I don't really understand the hostility to this. Do users understand why emails are part of account registration in the first place instead of letting you sign up without an email?
I literally do not.
Because people forget passwords and demand a password reset mechanism. Also a place to send terms and conditions and changes to those.
To be fair Lemmy does allow you to sign up without any email at all (or at least used to, dunno if they changed it), so it's not surprising that this goes against many peoples expectations.
Pretty much every Lemmy instance requires email. The only ones that do not require it are small enough that spammers haven't found them yet.
i don't have a dog in this race but i must say that this is quite the spectacular manner by which to throw the babies out with the bathwater!
literally 1984!
The more important demographic to use temporary email addresses are people who think their identity is not your concern.
Ah, OK, that's mentioned.
IMHO something like WoT in Freenet would be better. Having many cryptographic identities, but to start using one you have to spend effort confirming it's real. Solving captchas or whatever. Of course it's an obsolete solution, captchas are now solved by bots easier than by humans. But you get my idea.
their identity is not your concern
There are competing concerns. The instance admin is concerned with avoiding de-federation by keeping the amount of spam and abuse coming from their instance to an acceptable level, without burning out. Some people signing up are concerned about their privacy. (Although this doesn't actually diminish their privacy or stop them from using a throwaway email address. It does suggest that their application needs extra care, tho.)
There's a balance to be struck.
In this case I'm leaning towards the side who pays the bills and the one who decides which software to install on their server. Without getting those people on board there won't be a place to apply for an account with and then act all distrustful about.
Someday when I make my super awesome instance-chooser, maybe "Email address is optional" will be one of the filters. Along with "Bans for criticism of China".
Although this doesn't actually diminish their privacy or stop them from using a throwaway email address
That's exactly what it does.
Without getting those people on board there won't be a place to apply for an account
What does it matter if there's a place to apply for an account if I can't use it? Better not to exist at all.
Nice, Another powerful feature admins can use if they want.