Deutsch   English   Français   Italiano  
<tfcqsv$19lo$1@gioia.aioe.org>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!2.eu.feeder.erje.net!3.eu.feeder.erje.net!feeder.erje.net!weretis.net!feeder8.news.weretis.net!news.mixmin.net!aioe.org!+i4EydgmiJ8omDYHqvXi4Q.user.46.165.242.75.POSTED!not-for-mail
From: Aioe <estasi@aioe.org>
Newsgroups: news.software.nntp
Subject: Re: Postfilter guide
Date: Thu, 8 Sep 2022 15:32:14 +0200
Organization: Aioe.org NNTP Server
Message-ID: <tfcqsv$19lo$1@gioia.aioe.org>
References: <tf9puv$qua$1@rasp.pasdenom.info> <tf9ruj$76pp$1@dont-email.me>
 <18a6ab47-cb69-9cb3-a96c-ffab276f9c5b@bofh.team>
 <tfa2l4$7qp1$1@dont-email.me> <tfaihv.aa0.1@ID-201911.user.individual.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="42680"; posting-host="+i4EydgmiJ8omDYHqvXi4Q.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.11.0
X-Notice: Filtered by postfilter v. 0.9.2
Content-Language: en-US
Bytes: 3192
Lines: 32

Il 07/09/22 16:57, Frank Slootweg ha scritto:
>    What's so hard about authentication?

Aioe.org has been running without authentication for about 22 years and 
has never caused major abuse problems.
Authentication has two problems: it must be managed and it requires the 
retention of personal data.
A system without authentication is much easier to manage because the 
administrative part consists only in keeping the part of the logs that 
indicates who posted each message. You have no other obligations.
When creating an authentication-protected system, you must allow users 
to register in a way that makes hard to create fake identities. Nowadays 
this takes time, a lot of system resources and in any case it doesn't 
guarantee you won't have problems. Doing without authentication means 
you don't have to worry about CAPTCHAs, users who use 1234 as passwords, 
people asking you what 'username' means.
In recent years, managing users' personal data has become complicated 
for small projects. Since name, surname, email and date of birth are 
considered personal data, if you collect this data to identify your 
users when they register then the processing of this data requires 
cautions. You have to keep this data safe and this is expensive; you 
have to equip yourself with procedures to manage this data and this is 
complicated and requires writing several documents; you must have 
systems that allow you to identify who is accessing the data and which 
data is being read. If you don't do these things you risk a hefty fine.
Then you have to manage the crazy guys: if someone writes you an email 
and asks you what personal data you have on file, you have to answer 
quickly and correctly even if he registered three years ago and logged 
in twice in total. If someone asks you to delete his personal data you 
must obey and you must also delete them from the backups. For long-lived 
servers this can become a serious problem. If you give up 
authentication, you solve all these problems at once: you simply do not 
collect, process and store personal data of users.