Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AccountDelete / CommunityDelete / Ban delete transactions have a grace period for undo, also beefing up defense against deep-embed denial of service attacks (sleeper accounts) #3697

Closed
4 tasks done
RocketDerp opened this issue Jul 23, 2023 · 3 comments
Closed
4 tasks done

AccountDelete / CommunityDelete / Ban delete transactions have a grace period for undo, also beefing up defense against deep-embed denial of service attacks (sleeper accounts) #3697

RocketDerp opened this issue Jul 23, 2023 · 3 comments
Labels
area: database area: performance enhancement New feature or request

Comments

@RocketDerp
Copy link
Contributor

RocketDerp commented Jul 23, 2023
edited

Requirements

  • Is this a feature request? For questions or discussions use https://lemmy.ml/c/lemmy_support
  • Did you check to see if this issue already exists?
  • Is this only a feature request? Do not put multiple feature requests in one issue.
  • Is this a backend issue? Use the lemmy-ui repo for UI / frontend issues.

Is your proposal related to a problem?

It is suggested that no massive record changes, mass record alterations, be done in real-time with concurrency possibility. "Sleeper accounts' could be built up within Lemmy's database that impact the post, comment, and like/vote counts - then coordinate multiple mass data changes (deletes) concurrently.

Describe the solution you'd like.

It would be better to flag the account as requesting delete (with timestamp and a receipt-code to user), add a feature to allow admins to undelete an account during a grace period (15 minutes, 1 hour, 1 day, 7 days, 14 days, 30 days, 45 days, 90 days site setting?)... but leave the heavy-lifting of doing PostgreSQL backend deletes as a LINEAR job that runs scheduled, say every 1 hour (tunable), that does NOT do concurrent deletes of multiple accounts.... but instead does account removal one at a time to gracefully deliver them to peer instances. And further, try to randomize/stagger the time so that all Lemmy servers do their actual deletes so they do not all update each other with heavy delete activities.

Another aspect of this feature to consider: Perhaps allow a restore of an account with loss of all past data. So the account identity can be restored, but none of the votes/comments/posts are retained. This could have a different grace period for people who want to regain their old identity but are too late for return of their data.

Describe alternatives you've considered.

Leave things as they are and allow sleeper cells to blow up the entire federation by deleting a dozen or more accounts all within a short period.

Additional context

No response
@RocketDerp RocketDerp added the enhancement New feature or request label Jul 23, 2023
@RocketDerp

This comment was marked as abuse.

Sign in to view
@RocketDerp RocketDerp changed the title AccountDelete transactions have a grace period for undo, also beefing up defense against deep-embed denial of service attacks (sleeper accounts) AccountDelete / CommunityDelete / Ban delete transactions have a grace period for undo, also beefing up defense against deep-embed denial of service attacks (sleeper accounts) Jul 25, 2023
@RocketDerp

This comment was marked as abuse.

Sign in to view
@RocketDerp

This comment was marked as abuse.

Sign in to view
@Nutomic Nutomic closed this as completed Sep 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: database area: performance enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Nutomic @lionirdeadman @RocketDerp