maggoats@lemmy.world to

asklemmy@lemmy.mlEnglish · 2 years ago

Can you steal a user's identity if you gain their old domain name?

4

2

Can you steal a user's identity if you gain their old domain name?

maggoats@lemmy.world to

asklemmy@lemmy.mlEnglish · 2 years ago

4

Just a random thought experiment. Let’s say I have my account on a lemmy instance: userA@mylemmy.com. One day I decide to stop paying for the domain and move to userA@mynewlemmy.com, and someone else gains it and also starts up a lemmy instance.

If they make their own userA@mylemmy.com, how do federated instances distinguish who’s who?

Have I misunderstood the role of domain names in this?

Chat

𝘋𝘪𝘳𝘬@lemmy.ml
link
fedilink
English
arrow-up
1·
2 years ago

That is a vulnerability, albeit a small one.

“Small one” is very wrong here. This is by far the largest gaping security hole in the whole specification.

asklemmy@lemmy.ml

asklemmy@lemmy.ml

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !asklemmy@lemmy.ml

A loosely moderated place to ask open ended questions

If your post is

Open ended
Not offensive (At this point, we do not have the bandwidth to moderate overtly political discussions)
Not regarding lemmy support (!lemmy_support@lemmy.ml )
not ad nauseam inducing (please make sure its a question that would be new to most members)
An actual topic of discussion

it’s welcome here!

_Icon _by _{@Double_A@discuss.tchncs.de}

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

3 users / day
3 users / week
3 users / month
3 users / 6 months
0 local subscribers
0 subscribers
1.02K Posts
21.3K Comments
Modlog