On Wednesday, 9. of December 2009 15:26:11 Peter Saint-Andre wrote: > On 12/9/09 6:15 AM, Mathias Ertl wrote: > > Hi, > > > > I added the policy that old accounts on our XMPP-Server will be deleted > > after a year of inactivity. The CCC (jabber.ccc.de) seems to practice > > the same, and I *think* jabber.org also deletes unused accounts. > > Yes, we do that at the jabber.org service. I am sure Nikolaus Polak can confirm that accounts on linuxlovers.at/0nl1ne.at are also deleted after a year of inactivity. It works well and as far as I know no one has complained about that so far. Seems fair enough for me, a year is quite a lot of time of not-using an account. I think most people forget their password anyway after a year of not having logged in. (except it is stored on the computer - but many people delete their home directories, forget their password, create a new account [this is not statistically proven though :D]). > > > But some of your Users complained that such a practice is questionable, > > at least if you allow the usernames to be reregistered: Somebody could > > reuse your ID, and if someone else used your ID before, you could > > unwillingly inherit what the one before you posted on the internet. > > This is true. This is a huge problem in general I think. Solving this would be digging too deep in XMPP, so that you may/would have to implement uniqe user IDs stored somewhere centrally to be able to identify a person (maybe with all jabber IDs that belong to that person). This would again be a problem because you could find out which jabber accounts belong to who. Also this would be totally against the XMPP idea of not relaying on a centralized service. Centralized control and power is not what we want I think. So identifying a user is not that easy which means we are where we were before with this problem. I think it is still important to know whether you can solve it or not. > > > So what is your practice on deleting unused accounts? Do you block > > reregistering? And if yes: how do you implement this with ejabberd? > > At jabber.org we allow re-registration. However, you raise some good > points about the practice. My major concern is that if we kept accounts > forever, we would have a lot more accounts (most of them idle) than we > have now. Before we started removing idle accounts, our database was > growing quite fast, whereas now it grows much more slowly (we have about > 330,000 accounts). This is the reason why most services delete unused user accounts. I dont even think that you *can* keep all the registered users on a public service with many users (especially jabber.org would die if it kept all the accounts because of the enormous database). This would be very heavy on the server, and is simply wasting ressources I think. > Another issue is clean deletion: sending unsubscribes from the old > account to the entities in the roster, removing the vCard, etc. I don't > know if any software makes this easy or even possible. This is true, but could be implemented. It's a pretty important feature that should be implemented asap.
Yours, Mihael Pranjić
