Does anyone know of any prior art for when you want to sign up for a website, but they review your account manually before letting you in? Specifically, what kind of things they make you fill out to be able to make the decision?

Current thoughts: Making the user fill out display name and bio during sign up (when in admission-based registrations mode)

I ask this because admission-based registrations mode is done and merged in master, but making decisions based on picked username and e-mail is just guessing.

I suppose even now the mode isn't too bad for certain purposes. Maybe hard to tell who exactly you're letting in, but lets you control how many and when.

Would definitely want to see some real-world usage from other admins to gather feedback

@Gargron It sounds “good enough” IMO. If admins want more information then you start going down the rabbit hole of either you create some sort of customisable form builder or they just use Google Forms. Feels like diminishing returns to overcomplicate it.

@Gargron maybe add their interface language? in exemple, if it’s japanese I will not allow them to sign up into my server

@Gargron There is document upload. Like on banks, or freelance platforms, you need to upload some ID. On some subreddit, you need to post verification proof like a photograph of your work with your username written on a paper.

@Gargron as a FB group admin I can ask a question (probably multiple, but I just roll it into one) and they get a text area to answer. That often let's me figure out a decent way of filtering people in the group, or following up with ones in question.

display name: Nope, don't do that.
bio: that's okay (more info a good thing if not obligatory.

@Gargron Back in the day, BBSs asked you to send a message to the SysOp/admin. Usually you would put a reason why you want to join the BBS. Not unlike FB groups where they might ask you a question or 2 to confirm you are at least paying attention to what you're signing up for and/or you are not a bot.

@Gargron The closest thing I can think of right now is discord servers where anyone can join but you only get access to the "welcome channel" until you've introduced yourself.. Maybe write the bio and send a message to mods with the questions they've asked..

To me it sound mostly like a filter to avoid spammers and then it's down to "did you at least read the question". or it might be to keep kids out if your instance is adult focused.. IDK


Could have it be optional fields marked as such? "If you want, you can put your display name and bio in down here, too."


(also, tons of forums do this IME, specifically because they're curating the community they have; I've seen it numerous times)

@Gargron I dunno if it's a workable concept, but old BBS systems back in the 90s usually had a bit of a "get to know you" questionnaire - and the workflow was usually that you could then log in, look around, maybe access one or two local message boards until you were approved for later access.

So maybe a "provisional" access step, so you're not bouncing completely - you can log in, maybe read-only, local timeline only? Instance-set options for access ranging from nothing to limited interaction?

@Gargron we do this on a mailing list sign up - in our case we have a message asking for them to say who they are and provide some types of info, then have a big ol' text field for them to provide what info they think is appropriate. Since it's all human-reviewed, this works fine.

@Gargron One car forum I'm on has you specify what car you own and where you're located.

If the car is something available in the market where you say you're from, and your IP's geolocation is reasonably close to your stated location, you're probably gonna be let in.

If the geolocation doesn't match, the car is something not available in the market you say you're from, or you just put garbage in the fields, you're probably gonna get denied and have to e-mail the admins to make your case.

@Gargron This usage model also implies a couple of necessary features:

Custom fields so that communities can determine who to let in based on factors that they determine, flexibly

The ability to go back and approve an account that was previously denied (in the case of a denied account turning out to be legitimate).

@bhtooefr @gargron

A British equivalent I've seen was sending a selfie standing next to the car holding a random grocery item (ranging from loaves of bread to a pack of Birds Custard (similar to vanilla pudding))

To be fair this made some sense as it wouldn't be unusual to have these items to hand after a trip to the supermarket and also meant the driver didn't have to risk giving away their exact home location..

@vfrmedia @Gargron Note that location meant, like, US state/European nation, or at the most precise, city, in this example.

(The idea was really to weed out gross errors in location/geolocation/car, like someone claiming they had a Skoda Octavia TDI in Florida (Skodas have never even been sold in the US) with a Moscow IP address or something like that.)

@bhtooefr @gargron

to be fair this was a car enthusiasts forum and apparently a lot of people would claim to own a vehicle they didn't have, hence the picture requirement (it was also seen as more a fun way of gaining trust)

IP geolocation can be a bit ropey sometimes, the *static* IPs used at my work can show up as Germany in some DB's rather than the UK (I have no idea why this happens)

@vfrmedia In this case, it's a Volkswagen TDI enthusiast's forum - the kind of person who's going to lie about having a *TDI* of all things and *isn't* a spammer is the kind of person who will #1 know how to lie convincingly and #2 would have probably ended up getting a TDI eventually anyway

@Gargron one use case I could think of, is one university has an instance where only employees or students are allowed. I think the fields used to validate access should be defined by the admin, but I don't know if it makes sense to have an instance with access validation and be able to talk with other instances in the fediverse.

@estebanz01 It's already possible to solve this with e-mail domain whitelists, or single-sign-on integration

@gargron the forum software i use has a question you have to answer along with the request

@Gargron Hmm some closed FB groups (art/artjobs related) were basically "tell us a few words about yourself esp re: why do you want to join is"

@Gargron as others have suggested perhaps filling in the bio, the metadata, and a small message about why they want to join (or some sort of per-instance customisable link to a form) - and if they know any users on the system who may want to vouch for them.

The ability to have some kind of back and forth chat with the mods/admins could be useful - and while admins *could* email the users email account that does expose the admins email account which could leak information.

@Gargron If ya do go down this path, you could shadowban new accounts by default until an admin approves' them. That way people can still get started using masto, and any of their friends can find & interact with them straight away.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!