this post was submitted on 15 Jun 2023
9 points (100.0% liked)
Lemmy Moderation Tools
266 readers
9 users here now
Welcome
I'm working on a moderation tool to work with Lemmy.
I'm still in early development and discovery. This channel will update the status and respond to questions during development, testing, release, and post-release.
You are encouraged to create posts defining your needs. I also appreciate feedback on status updates. This helps me maintain the right track.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I understand that emails are optional.
However, if a user wants to recover their account, then they should provide an email (even just a burner).
It's not much, but it would add an extra safe-guard against admin abuse.
Mod logs could show "mod changed email for user x" without any PII. Which would add some insight into potential admin abuse if this happened excessively or if a user complained about it happening to them.
I imagine any admin with postgres skills could delete/suppress the modlog entry tho.
Personally, I wouldn't trust any website if I contacted them with an "I've locked myself out" request, and they replied with a new password.
TL;dr: Regardless, I don't actually have any skin in the mod/admin game.
I can understand that it seems useful.
I am still of the opinion that it is an outdated way to do account recovery.
No way to validate it is actually the user if they're locked out... mod shouldn't be able to change email either, but realistically they can do that to the db if they want to. Your info exists on their server, so they can change your password too. Anyone could disable/enable these kinds of tools that automatically notify, ultimately you shouldn't sign up for an instance you don't trust.