The new "Mastodon account verification" scam going around is yet another reason why Mastodon SHOULD NOT HAVE A DM FUNCTION.
AT ALL.
An unsolicited on-platform communication channel that admins have no entitlement to inspect, but some responsibiity for the misleading contents of, is ripe for abuse.
Private communication belongs on private e2ee personal comms channels.
srslypascal
in reply to Cassandrich • • •khm
in reply to srslypascal • • •there's no reason for an activitypub implementation to even collect email addresses.
CC: @dalias@hachyderm.io
srslypascal
in reply to khm • • •@khm
If people fall for these DM scams, what are the chances of those very same people noticing that the scam email must be a scam/phishing attempt because they never actually entered their email address when they created their Mastodon account several years ago?
The majority of people are not as tech savvy as you might hope, and doesn't even distinguish between the activitypub protocol and implementations of that protocol, let alone different instances/servers of an implementation.
khm
in reply to srslypascal • • •sorry, having a hard time taking you seriously. is this a real opinion or just sealioning? because this "well that slight improvement might not help this other, even dumber idiot I just invented" stuff combined with your implicit assertion that you know more about "the majority of people" than I do is starting to smell pretty bad-faith over here
if you don't collect email addresses, then you can safely say "any email claiming to come from us is fake"
it removes ambiguity. ambiguity that currently exists because webshits have a habit of outsourcing account management to email. removing email from the platform and loudly announcing it helps people understand.
CC: @dalias@hachyderm.io
srslypascal
in reply to khm • • •@khm
Come back when you have learned to talk like a grownup.
khm
in reply to srslypascal • • •Nanook
in reply to Cassandrich • •