@hoppybday.bsky.social
Final test: signed out of account and signed in again somewhere else. No email verification required. Let's see how long this account remains active without email verification.
Though if it gets shut down it may just be because I'm open about it being unverified, rather than actual security.
Though if it gets shut down it may just be because I'm open about it being unverified, rather than actual security.
September 6, 2024 at 2:09 PM
Final test: signed out of account and signed in again somewhere else. No email verification required. Let's see how long this account remains active without email verification.
Though if it gets shut down it may just be because I'm open about it being unverified, rather than actual security.
Though if it gets shut down it may just be because I'm open about it being unverified, rather than actual security.
I speak from experience - one of my email addresses is a very old and obvious combo of words. I have accounts on every service that doesn't require email verification because bad actors kept creating them. The only way to prevent this is to have an active account I control
September 6, 2024 at 2:05 PM
I speak from experience - one of my email addresses is a very old and obvious combo of words. I have accounts on every service that doesn't require email verification because bad actors kept creating them. The only way to prevent this is to have an active account I control
Worse, sites with no email verification usually have no checks on how often an email address can be used to create another account after one is deleted.
So if an account is created without your permission, you can't just take control & delete it, cause another will pop up.
So if an account is created without your permission, you can't just take control & delete it, cause another will pop up.
September 6, 2024 at 2:03 PM
Worse, sites with no email verification usually have no checks on how often an email address can be used to create another account after one is deleted.
So if an account is created without your permission, you can't just take control & delete it, cause another will pop up.
So if an account is created without your permission, you can't just take control & delete it, cause another will pop up.
So to summarize:
1. Bluesky is not taking the easy & bare minimum step of requiring email verification before activating accounts.
2. Even minimal requirements will slow bad actors.
3. This is not only a site vulnerability, it means other people can make accounts with your email. Repeatedly.
1. Bluesky is not taking the easy & bare minimum step of requiring email verification before activating accounts.
2. Even minimal requirements will slow bad actors.
3. This is not only a site vulnerability, it means other people can make accounts with your email. Repeatedly.
September 6, 2024 at 1:58 PM
So to summarize:
1. Bluesky is not taking the easy & bare minimum step of requiring email verification before activating accounts.
2. Even minimal requirements will slow bad actors.
3. This is not only a site vulnerability, it means other people can make accounts with your email. Repeatedly.
1. Bluesky is not taking the easy & bare minimum step of requiring email verification before activating accounts.
2. Even minimal requirements will slow bad actors.
3. This is not only a site vulnerability, it means other people can make accounts with your email. Repeatedly.
So this is bad. You can make accounts with out the minimum standard of a real email address & immediately use bluesky.
If had a separate test environment, I'd check to see how many accounts can make and how fast before getting flagged. Bet it's more than one. This is a big vulnerability.
If had a separate test environment, I'd check to see how many accounts can make and how fast before getting flagged. Bet it's more than one. This is a big vulnerability.
September 6, 2024 at 1:41 PM
So this is bad. You can make accounts with out the minimum standard of a real email address & immediately use bluesky.
If had a separate test environment, I'd check to see how many accounts can make and how fast before getting flagged. Bet it's more than one. This is a big vulnerability.
If had a separate test environment, I'd check to see how many accounts can make and how fast before getting flagged. Bet it's more than one. This is a big vulnerability.