Hi! Mathias Ertl wrote:
Hi, I added the policy that old accounts on our XMPP-Server will be deleted after a year of inactivity. The CCC (jabber.ccc.de) seems to practice the same, and I *think* jabber.org also deletes unused accounts. But some of your Users complained that such a practice is questionable, at least if you allow the usernames to be reregistered: Somebody could reuse your ID, and if someone else used your ID before, you could unwillingly inherit what the one before you posted on the internet. So what is your practice on deleting unused accounts? Do you block reregistering? And if yes: how do you implement this with ejabberd?
We are deleting all accounts without any login at the day after the registration and all accounts that are unused for over a year. That works wonderful in a cron-script using ejabberdctl. We wrote this handling in the terms of use. For security reasons ejabberd automatically unsubscribes the deleted user from all contacts in the roster. There is no lock on the username that was deleted. Everyone can (re)register thst username. I don't see a big problem in this, as the account either was never used or was not in use for over a year.
Best regards /MiGri
