-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trust and Safety on BlueSky #39
Comments
From a security/privacy perspective, some of the engineering ideas are frankly terrible.
This is a terrible, user-hostile idea. People use plus addressing or "masked" emails for a very good reason - protecting their privacy from platforms/providers, or mitigating inevitable data leaks.
I'm not sure what this is supposed to achieve. It does make for a great way to silence a user though - just hammer the login form with their username and nonsense creds to keep their account locked, very good method of drive-by harassment. This idea (locking accounts) barely works in corporate environments.
This is actually a good idea. Even better would be a page that lets you view authenticated sessions, where they logged in from, last login, time, etc, with the ability to force logout a device. |
I'm specifically talking about programmatic account creation abuse used by spammers. They use a script following the email+(random hash)@gmail.com to create thousands of accounts. This is not a single user using a single masked email. It may not be an issue yet on BSky, but get this in place before invite-only goes away.
That prevents a malicious user from hijacking an account via brute force. It's standard security in modern web apps and should be implemented until 2FA (ideally not SMS 2FA) or passkeys are.
That would be great. |
I mean, it prevents a targeted brute force, but creates an extremely powerful denial of service vector. Most modern services that are well designed don't do this, its one of the worse ideas that comes from corporate infosec. Kind of like "changing your password every X days", or complexity rules when length is what matters. It also won't prevent credential stuffing, which is a far more common threat than targeted bruteforce. I can't really understate how trivial it would be to abuse this mechanism to cause mass account lockouts. I strongly agree though, that 2FA should be implemented ASAP. |
You've clearly got experience in the space so I'm excited to hear your thoughts on how to address this issue. In previous implementations, we've rate limited IPs as part of that flow to prevent DDoS on those endpoints but I will happily defer to your expertise. |
After the incidents of racism on Bluesky on July 12/13, I collected some thoughts on how to improve T&S on the platform. My hope is that others on BlueSky will contribute to this.
If you've opened issues in BSky repos, please link for visibility. Systemic problems often require systemic solutions, and T&S initiatives require thought and communication to be effective.
Non-Engineering Ideas
Engineering Ideas
Account security helps prevent malevolent users from taking over accounts. I'm sure 2FA is on your roadmap, but in addition you may need:
+
in Gmail) to make multiple accounts OR programmatic account abuse. This will likely need some limit/fine-tuning as people may have main and alt accounts.Additionally, please publish AARs/Post-mortems on T&S incidents. These are site reliability incidents and can do just as much, if not more, damage to reputation than a server outages. We are all engineers and we learn from each others mistakes to grow.
The text was updated successfully, but these errors were encountered: