moderated Re: Expire invitations after 14 days #suggestion


 

On Mon, Apr 19, 2021 at 01:04 AM, Shal Farley wrote:
The invitation email contains a link "accept the invitation" which IS
effectively a login link. That is the problem that was reported,  ...
I noticed a similar security problem when my group first migrated to groups.io in 2019. I had set up a small task force to evaluate Mark's software before bringing all 1,000 members over from yahoo.com. Anyway, there's a footer at the end of every message distributed to my group:

-=-=-
Group Owner: main+owner@t-vog.groups.io
Unsubscribe: https://t-vog.groups.io/g/main/leave/[redacted]
-=-=-=-=-=-=-=-=-=-=-=-
 
During the exploratory period I noticed that people were posting replies to messages and quoting everything in the original message, including this "unsubscribe" link. This of course meant that any member in the group could unsubscribe the careless poster, if he wanted to, and knew how.

I believe I've educated my group members well enough that this never happens any more. At least, I haven't seen it in over a year. But careless people can definitely cause problems with "encrypted" links. Those ought not fall into the wrong hands. And it might make sense to strip them out of incoming messages from groups.io members. I told everybody this can only happen if you reply by email, and encouraged everybody to post their messages from the web site. But people are lazy, and sometimes careless. There's no way to "fix" that.
--
David Bryant
Canyon Lake, Texas
https://t-vog.groups.io/g/main    https://davidcbryant.net

Join main@beta.groups.io to automatically receive all group messages.