14 votes

Invite code privacy

Tags: privacy, email

~ takes privacy pretty seriously, which I’m a big fan of. Can’t say I’ve seen any other sites where even your email is hashed, but I like it.

What I’m curious about are the invite codes. Don’t get me wrong, I don’t think Deimos is going to do anything nefarious, but I did use one of my personal (albeit secondary) emails to request my invite code. Thus, would it be possible to trace the invite code used to create my account back to that email in any way? Or is the code not stored anywhere once it’s used?

Edit: yes, I realize this account uses my real name, and I’ve linked to my personal gitlab before. For the time being in a community this small, I don’t mind. I may end up creating a new account when the website opens the floodgates, but that’s neither here nor there.

4 comments

  1. [3]
    Deimos
    Link
    For now, yes, this is possible. And I've already had to do a password reset for multiple people who locked themselves out of their account and didn't set up the account recovery, so the connection...

    For now, yes, this is possible. And I've already had to do a password reset for multiple people who locked themselves out of their account and didn't set up the account recovery, so the connection between email address and invite code was the only way I could verify their ownership. So I think it's been a good thing overall so far, but I agree that it's not great from a privacy perspective.

    I could probably wipe the invite codes out of the database 30 days after they're used, similar to most other privacy-sensitive data. If I do that and people lock themselves out after that point I won't be able to help them though.

    12 votes
    1. [2]
      Luca
      Link Parent
      That's not a bad idea. You could also add a dismissible nag to prompt people to set it, if they want. Right now, it's sorta hidden away in the settings, which most people won't bother looking for.

      I could probably wipe the invite codes out of the database 30 days after they're used, similar to most other privacy-sensitive data. If I do that and people lock themselves out after that point I won't be able to help them though.

      That's not a bad idea. You could also add a dismissible nag to prompt people to set it, if they want. Right now, it's sorta hidden away in the settings, which most people won't bother looking for.

      7 votes
      1. cfabbro
        Link Parent
        I personally hate nag screens no matter how tactfully done, but mentioning the account recovery prominently in the introductory PM every new member gets sent (which AFAIK it isn’t yet) is probably...

        I personally hate nag screens no matter how tactfully done, but mentioning the account recovery prominently in the introductory PM every new member gets sent (which AFAIK it isn’t yet) is probably a good idea. And perhaps even sending a PM to all the users already here that haven’t added account recovery might also be appropriate.

        8 votes
  2. Social
    Link
    If no one answers here you can ask at contact@tildes.net.

    If no one answers here you can ask at contact@tildes.net.