On Jan 16, 2009, at 12:13 PM, Mark Smith wrote: > So basically it comes down to: are you trying to be evil or is your > motivation making some money off of you getting an account first? If > so, I don't want to support that. > > Either way, Denise will probably have more of a strong opinion on > this. It may not make sense to allow any of it from a support/abuse > perspective, but we'll cross that bridge when we come to it. :)
Yeah, those are my thoughts as well. For me, it's also a question of degree: if you have one or two DW accounts that you don't want anymore and want to hand off to someone else, that's fine, whatever. If you're squatting on a hundred DW accounts that you're trying to profit from by selling off one-by-one, We Will Have Words. (If you're using a hundred DW accounts for your game or whatever, that's fine, since you're *using* them. But if you're just registering all the dictionary words/short names you can think of to sit on them and try to resell them, that's not cool.) Ditto with invite codes: if you want to trade an invite code for fic/ icons/whatever, or sell one or two of them for a couple of quick bucks, that's fine; if you want to put your DW invite codes up on eBay en masse, not so much. (We'd hope you wouldn't sell invite codes, though, since if people want DW accounts, they can just pay us the cost of a 2-month account and then the money will go to keep DW running, but hey, we're pragmatic about that sort of thing; we know people *will* try to sell DW accounts and invites.) Ultimately it all boils down to what we can discern of motive. If someone's motives are to take advantage of the service, or of others, we'll likely be a lot more harsh than if someone's using the service regularly and happens to swap a spare username or whatever. Note that this doesn't change the fact that, as the code and process stands now, the first-validated email account on an account can always reclaim the account. (Yes, this is something I'd like to change in the future, but it requires careful thought and spec so that it doesn't make things less secure than they are now. As it stands now, the only way you can lose control of your account entirely and permanently is to lose control of your first-validated email address, which happens but happens less often than someone getting someone else's password and trying to lock them out of their account. Any process we design to remove the first-validated email address from an account will have to be hardened against someone malicious getting control of the account and trying to lock all the original owner's email addresses out of the account. It's a harder problem than you think it is.) --D -- Denise Paolucci [email protected] Dreamwidth Studios: Open Source, open expression, open operations. Coming soon! _______________________________________________ dw-discuss mailing list [email protected] http://lists.dwscoalition.org/cgi-bin/mailman/listinfo/dw-discuss
