this post was submitted on 12 Jun 2023
21 points (92.0% liked)

Technology

1928 readers
7 users here now

Rumors, happenings, and innovations in the technology sphere. If it's technological news, it probably belongs here.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
21
Use Kbin at your own risk. Can’t delete account. (lemmy.world)
submitted 1 year ago by [email protected] to c/[email protected]
36 comments fedilink hide all child comments
 

I signed up kbin.social but have since decided to go all in on Lemmy. I’ve tried all day to delete my account on kbin but it won’t let me. Once I click the delete confirmation pop up it simply reloads the feed and keeps your account.

Be warned. Currently you have no control over your data there. I think that settles it for me. I won’t be using that service again.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (4 children)

One thing that definitely worries me with federation in general is the barrier to entry to hosting an instance is low, by design. On one hand this is great, but on the other hand it means just about anyone can spin up an instance and collect usernames, passwords, emails, etc. from anyone who signs up

I know this is obviously no better than an single giant corporation who can do that. But it's interesting to think about.

I'm definitely not suggesting kbin.social is doing this by the way. Your post just spurred this thought for me

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago) (1 children)

I am once again reminded of the always relevant XKCD comic

I do see and understand the concern, and honestly, I don't see a way around it. At some point, you have to supply some information to access services, especially if you want any sort of customization to your experience. I guess if you are really concerned about it, don't use that email/password/username combo anywhere else.

Edit: Apologies, I am still figuring out how formatting works here.

[–] [email protected] 7 points 1 year ago (1 children)

People should be using a password manager in 2023. No password reuse if you automatically generate new 20+ character passwords for each website or service you use.

[–] [email protected] 2 points 1 year ago (1 children)

Agreed. I use 1Password and love it.

[–] [email protected] 1 points 1 year ago

I use Bitwarden, thinking about deploying a local copy of Vaultwarden as a backup as well. I’d be in trouble if access to Bitwarden’s servers went down.

[–] [email protected] 3 points 1 year ago

Remember folks, use a password manager and get it to create a random strong password for every site you use

[–] [email protected] 3 points 1 year ago (1 children)

I believe the passwords are stored as hashes, not sent directly to the server, at least I certainly hope so.

[–] [email protected] 7 points 1 year ago

They're sent directly to the server and stored as hashes. There's nothing stopping someone from logging the plaintext password, or removing the hash mechanism, though. Make sure to follow best practices and use a unique password on every website.

[–] [email protected] 1 points 1 year ago

Yeah, this has been on my mind too. Certainly new instances shouldn’t be discouraged, and it helps lighten the load for all the other instances. At the same time, I personally am not sure I’d feel comfortable on a newer instance that doesn’t have a demonstrated history; Beehaw’s stated goals and origin (and having several admins in case one goes dark) helps reassure me.