Just a random thought experiment. Let’s say I have my account on a lemmy instance: userA@mylemmy.com. One day I decide to stop paying for the domain and move to userA@mynewlemmy.com, and someone else gains it and also starts up a lemmy instance.

If they make their own userA@mylemmy.com, how do federated instances distinguish who’s who?

Have I misunderstood the role of domain names in this?

  • monobot
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    You would be surprised: https://money.cnn.com/2016/01/29/technology/google-domain-purchase/index.html

    Google.com, one of the most valuable domains on the Internet, was mistakenly sold for $12 last fall.

    Google paid $12,000 to get it back.

    But you are right about email, it is about the same.

    But with time we could be more careful in federation to keep track of domains expiration dates and owners.

    Maybe just instances need to be verified with public/private keys and not all accounts on them.

    • Vlyn
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      It absolutely makes sense to secure content and especially moderator positions in other communities by public/private keys.

      But look at my replies to /u/Dirk below. If someone actually takes over a domain, sets up a new Lemmy instance and creates the same user again (but without matching keys), how should other instances treat that user? Like a new one? Or block all federation? Do you get warnings interacting with that user (as they could just write another community moderator to invite them “again”)?

      • monobot
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        All valid arguments, code needs to be checked abou what is possible to implement. Even if we start with one way of dealing with those instances, it will be possible to chamge in the future.

        Thank you for good discussion in this thread.