Just a random thought experiment. Let’s say I have my account on a lemmy instance: userA@mylemmy.com. One day I decide to stop paying for the domain and move to userA@mynewlemmy.com, and someone else gains it and also starts up a lemmy instance.

If they make their own userA@mylemmy.com, how do federated instances distinguish who’s who?

Have I misunderstood the role of domain names in this?

  • monobot@lemmy.mlEnglish
    1·
    1 year ago

    You would be surprised: https://money.cnn.com/2016/01/29/technology/google-domain-purchase/index.html

    Google.com, one of the most valuable domains on the Internet, was mistakenly sold for $12 last fall.

    Google paid $12,000 to get it back.

    But you are right about email, it is about the same.

    But with time we could be more careful in federation to keep track of domains expiration dates and owners.

    Maybe just instances need to be verified with public/private keys and not all accounts on them.

    • Vlyn@lemmy.mlEnglish
      1·
      1 year ago

      It absolutely makes sense to secure content and especially moderator positions in other communities by public/private keys.

      But look at my replies to /u/Dirk below. If someone actually takes over a domain, sets up a new Lemmy instance and creates the same user again (but without matching keys), how should other instances treat that user? Like a new one? Or block all federation? Do you get warnings interacting with that user (as they could just write another community moderator to invite them “again”)?