Discuss PieFed project direction, provide feedback, ask questions, suggest improvements, and engage in conversations related to the platform organization, policies, features, and community dynamics.
Spammers, trolls, and ban evaders often use temporary email addresses. PieFed now checks a list of known temporary email providers and displays a warning icon next to registrations that use such services.
If registration mode is set to "Open" (no approval needed) then the site admin(s) receive a notification instead.
A throwaway email address isn't always a bad thing but it's one factor that admins might want to take into account.
As others have stated this is a terrible idea especially for the fedi where people are far more likely to use alias addresses. Incredibly tone deaf.
I don't really understand the hostility to this. Do users understand why emails are part of account registration in the first place instead of letting you sign up without an email?
I literally do not.
Because people forget passwords and demand a password reset mechanism. Also a place to send terms and conditions and changes to those.
To be fair Lemmy does allow you to sign up without any email at all (or at least used to, dunno if they changed it), so it's not surprising that this goes against many peoples expectations.
Pretty much every Lemmy instance requires email. The only ones that do not require it are small enough that spammers haven't found them yet.
I have to chime in and say this feels a bit underthought feature. I use a throwaway email for everything possible, and I would imagine a large portion of Fediverse users do that too.
I also get the motivation behind the feature. I didn't feel like throwaway addresses are worth it before I started using them. They may seem like an obvious spammer flag. But I'd say it's 50/50, just like with any free email provider like gmail or Proton mail.
You say it's 50/50 based on your own experience/anecdotal evidence. Admins will probably be able to make that determination with a much greater deal of accuracy based on what they see happening on their instance. So it makes sense to leave the choice to them/enable them to make that choice, right?
True, I failed to mention that I think there could be a setting to enable the feature, or dismiss the warning per-account. @[email protected] maybe consider this?
Sure
We'll see. If it turns out to be useless noise, I'll remove it from the signal.
I have to say that's extremely unfortunate that you would add such a feature. We use aliases to maintain our privacy and this is come corpo surveillance shit. Not cool.
Ok, but that's not the only use case for it. It's also used by spammers and abusers to make everyone else's lives worse and it's admins who have to bear the brunt of that.
So I think it's fair to give them the option to weigh the costs and benefits of allowing it and then either do or not do something about it.
This is just lazy discrimination and a deep disrespect for the privacy of your users. If you can't be bothered to actually admin a community properly then don't create a community.
Go create your own then? It's a free service, you're not actually owed anything.
Aliases are different and not flagged by this feature. It just looks at domain names.
Multiple big Lemmy instances have been using the exact same blocklist for a long time (although it's not a core feature, they've patched it in somehow). I got the idea by lurking in the Lemmy matrix rooms and seeing their discussion.
Aliases are different and not flagged by this feature.
How are they meaningfully different? I just checked the list you posted above and several of the alias domains I use are on that list.
I got the idea by lurking in the Lemmy matrix rooms and seeing their discussion.
Did you think about it before implementing it?
Ah I see we are using the word alias in a different way. I was using 'Alias' as technical term with a very specific meaning. Never mind.
Hello! Representing a real human with a throwaway registration 👍
Does this include people that use email aliases to keep the connections between accounts harder to make? I pay for this service so it's genuinely not a throw away account. Just a way to maintain some privacy.
I don't know which service you use or whether it is on the list. But if it's a paid service then it's probably not on the list. Things on the list are like https://10minutemail.com/ or https://www.guerrillamail.com/
You're free to maintain your privacy and admins are free to weigh the potential risk of accepting an application with a warning icon on it. I'm sure there will be plenty who ignore it.
I appreciate the straightforward answer of you're not sure answer (no sarcasm) . I just want to make sure paranoid people like me can still participate and I keep their level of privacy
Ah, this is what you need. https://disposable.github.io/disposable-email-domains/lookup
Every alias domain I have is on this list. Not cool.
Also a real human with a throwaway registration address!
Same!
Nice, Another powerful feature admins can use if they want.
The more important demographic to use temporary email addresses are people who think their identity is not your concern.
Ah, OK, that's mentioned.
IMHO something like WoT in Freenet would be better. Having many cryptographic identities, but to start using one you have to spend effort confirming it's real. Solving captchas or whatever. Of course it's an obsolete solution, captchas are now solved by bots easier than by humans. But you get my idea.
their identity is not your concern
There are competing concerns. The instance admin is concerned with avoiding de-federation by keeping the amount of spam and abuse coming from their instance to an acceptable level, without burning out. Some people signing up are concerned about their privacy. (Although this doesn't actually diminish their privacy or stop them from using a throwaway email address. It does suggest that their application needs extra care, tho.)
There's a balance to be struck.
In this case I'm leaning towards the side who pays the bills and the one who decides which software to install on their server. Without getting those people on board there won't be a place to apply for an account with and then act all distrustful about.
Someday when I make my super awesome instance-chooser, maybe "Email address is optional" will be one of the filters. Along with "Bans for criticism of China".
Although this doesn't actually diminish their privacy or stop them from using a throwaway email address
That's exactly what it does.
Without getting those people on board there won't be a place to apply for an account
What does it matter if there's a place to apply for an account if I can't use it? Better not to exist at all.
i don't have a dog in this race but i must say that this is quite the spectacular manner by which to throw the babies out with the bathwater!
literally 1984!