You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AccountDelete / CommunityDelete / Ban delete transactions have a grace period for undo, also beefing up defense against deep-embed denial of service attacks (sleeper accounts)
#3697
Closed
4 tasks done
RocketDerp opened this issue
Jul 23, 2023
· 3 comments
Did you check to see if this issue already exists?
Is this only a feature request? Do not put multiple feature requests in one issue.
Is this a backend issue? Use the lemmy-ui repo for UI / frontend issues.
Is your proposal related to a problem?
It is suggested that no massive record changes, mass record alterations, be done in real-time with concurrency possibility. "Sleeper accounts' could be built up within Lemmy's database that impact the post, comment, and like/vote counts - then coordinate multiple mass data changes (deletes) concurrently.
Describe the solution you'd like.
It would be better to flag the account as requesting delete (with timestamp and a receipt-code to user), add a feature to allow admins to undelete an account during a grace period (15 minutes, 1 hour, 1 day, 7 days, 14 days, 30 days, 45 days, 90 days site setting?)... but leave the heavy-lifting of doing PostgreSQL backend deletes as a LINEAR job that runs scheduled, say every 1 hour (tunable), that does NOT do concurrent deletes of multiple accounts.... but instead does account removal one at a time to gracefully deliver them to peer instances. And further, try to randomize/stagger the time so that all Lemmy servers do their actual deletes so they do not all update each other with heavy delete activities.
Another aspect of this feature to consider: Perhaps allow a restore of an account with loss of all past data. So the account identity can be restored, but none of the votes/comments/posts are retained. This could have a different grace period for people who want to regain their old identity but are too late for return of their data.
Describe alternatives you've considered.
Leave things as they are and allow sleeper cells to blow up the entire federation by deleting a dozen or more accounts all within a short period.
Additional context
No response
The text was updated successfully, but these errors were encountered:
RocketDerp
changed the title
AccountDelete transactions have a grace period for undo, also beefing up defense against deep-embed denial of service attacks (sleeper accounts)
AccountDelete / CommunityDelete / Ban delete transactions have a grace period for undo, also beefing up defense against deep-embed denial of service attacks (sleeper accounts)
Jul 25, 2023
Requirements
Is your proposal related to a problem?
It is suggested that no massive record changes, mass record alterations, be done in real-time with concurrency possibility. "Sleeper accounts' could be built up within Lemmy's database that impact the post, comment, and like/vote counts - then coordinate multiple mass data changes (deletes) concurrently.
Describe the solution you'd like.
It would be better to flag the account as requesting delete (with timestamp and a receipt-code to user), add a feature to allow admins to undelete an account during a grace period (15 minutes, 1 hour, 1 day, 7 days, 14 days, 30 days, 45 days, 90 days site setting?)... but leave the heavy-lifting of doing PostgreSQL backend deletes as a LINEAR job that runs scheduled, say every 1 hour (tunable), that does NOT do concurrent deletes of multiple accounts.... but instead does account removal one at a time to gracefully deliver them to peer instances. And further, try to randomize/stagger the time so that all Lemmy servers do their actual deletes so they do not all update each other with heavy delete activities.
Another aspect of this feature to consider: Perhaps allow a restore of an account with loss of all past data. So the account identity can be restored, but none of the votes/comments/posts are retained. This could have a different grace period for people who want to regain their old identity but are too late for return of their data.
Describe alternatives you've considered.
Leave things as they are and allow sleeper cells to blow up the entire federation by deleting a dozen or more accounts all within a short period.
Additional context
No response
The text was updated successfully, but these errors were encountered: