waifu/kemoverse
waifu/kemoverse
3
2
Fork 3
Code Issues 11 Pull requests 2 Projects 1 Releases Packages Wiki Activity

Explicit Account Creation/Deletion #35

New issue
Closed
opened 2025-05-26 10:15:40 -07:00 by VD15 · 2 comments
VD15 commented 2025-05-26 10:15:40 -07:00
Collaborator
Copy link

Currently, players are implicitly added to the database the first time they roll. This has the potential to be a GDPR concern, as we're not obtaining consent from users to store their usernames, which could count as personal information under the GDPR, as some weirdos use their (full) real name as their fedi handle.

I don't think it's necessary to draft a whole ass privacy policy at this point, but I do think it's necessary to add an explicit sign-up step as well as an option for players to delete their account should they wish.

  • Split get_or_create_user() into two functions: get_player() and insert_player()
  • Add a signup command to the bot that adds the player to the DB. We can later extend this
  • Update generate_response() to check if the player exists in the DB and instruct players who have not signed up yet to run the signup command.
  • Add a delete_account command to the bot that tells the player that deleting their account is super duper permenant and all that, prompting them to confirm they wish to delete their account.
  • Add a delete_player() function that deletes a player and all their pulls from the DB.
Currently, players are implicitly added to the database the first time they roll. This has the *potential* to be a GDPR concern, as we're not obtaining consent from users to store their usernames, which could count as personal information under the GDPR, as some weirdos use their (full) real name as their fedi handle. I don't think it's necessary to draft a whole ass privacy policy at this point, but I do think it's necessary to add an explicit sign-up step as well as an option for players to delete their account should they wish. - Split `get_or_create_user()` into two functions: `get_player()` and `insert_player()` - Add a `signup` command to the bot that adds the player to the DB. We can later extend this - Update `generate_response()` to check if the player exists in the DB and instruct players who have not signed up yet to run the `signup` command. - Add a `delete_account` command to the bot that tells the player that deleting their account is super duper permenant and all that, prompting them to confirm they wish to delete their account. - Add a `delete_player()` function that deletes a player and all their pulls from the DB.
👍 1
VD15 added the
Refactoring
Feedback Wanted
 labels 2025-05-26 10:15:40 -07:00
VD15 added this to the v1.1 milestone 2025-05-26 10:18:48 -07:00
VD15 added this to the v1.1 project 2025-05-26 10:18:52 -07:00
waifu self-assigned this 2025-06-01 13:41:30 -07:00
waifu commented 2025-06-01 17:27:10 -07:00
Owner
Copy link

I'm thinking that people could exploit this by creating and deleting the account immediately to farm for rolls specially if we give bonus rolls at the beginning. Perhaps keeping the username inside the blacklist when it gets deleted, only for 24 hours then deleting it (completely) could solve the issue. We do keep the whitelist to defer from bad actors but some instances have open registrations which could make things difficult. I'll set another issue to have a limit on registrations per hour per instance, that should be enough.

I'm thinking that people could exploit this by creating and deleting the account immediately to farm for rolls specially if we give bonus rolls at the beginning. Perhaps keeping the username inside the blacklist when it gets deleted, only for 24 hours then deleting it (completely) could solve the issue. We do keep the whitelist to defer from bad actors but some instances have open registrations which could make things difficult. I'll set another issue to have a limit on registrations per hour per instance, that should be enough.
waifu commented 2025-06-03 19:11:13 -07:00
Owner
Copy link

Closing as the necesary changes got merged on #42, and the issue #43 would solve the registration limit. Thanks kings

Closing as the necesary changes got merged on #42, and the issue #43 would solve the registration limit. Thanks kings
waifu closed this issue 2025-06-03 19:11:15 -07:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dev
stats_system
website
pleroma-support
any-env-and-bind-address
misc-bugfixes
docs
card-creator
18_reduce_tuples
fix_username_case_sensitivity
No results found.
Labels
Clear labels   
Bug

Something's Not Working Right

  
Feature

New Functionality For The Bot

  
Feedback Wanted

Looking for Feedback

  
Refactoring

Codebase Changes

  
Won't Do

Nah Mate.

No labels
Bug
Feature
Feedback Wanted
Refactoring
Won't Do
Milestone
Clear milestone
No items
No milestone
v1.1
Projects
Clear projects
No items
No project
v1.1
Assignees
Clear assignees
No assignees
waifu
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: waifu/kemoverse#35
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?