🎉 It is time! #Mastodon 3.2.0 is here! What's in it? Have a look:
@Mastodon "Album art is automatically extracted from audio files"
oh that's nice
honey it's 4pm, time for your daily rebase
That' s an impressie huge Changelog ! Great work.
> Add e-mail-based sign in challenge for users with disabled 2FA
> If user tries signing in after:
> * Being inactive for a while
> * With a previously unknown IP
> * Without 2FA being enabled
> Require to enter a token sent via e-mail before sigining in
@Gargron Aside from requiring to do something the user opted-out of?
* leaking more data to email provider;
* creating problems/annoyances logging in, especially if your email provider is blocked in your country and you have to run Tor or something to access it;
* then there can also be a problem when I'd want to login from a device which has no access to email or such an access is undesirable.
@loganer @tennoseremel Did y'all miss how it only activates if you haven't signed in for a while (2 weeks, to be exact) and only if you're trying to sign in from an IP you haven't signed in from before? Your hijacked account is a liability for the whole network, so no, you don't get a choice about how we safeguard inactive accounts from being hijacked.
@Gargron Which is:
a) rather short;
b) still does what the user opted-out of;
c) IP doesn't matter as it changes daily pretty much for everyone.
2 weeks is not hijacked, it's barely a vacation.
I'd expect such a move from big brother companies (you haven't logged in in X amount of time, punishment time), not an open source project.
1. People tend to namesquat on Mastodon (reserve username, stop paying attention indefinitely)
2. People tend to re-use passwords between different websites and often pop up on haveibeenpwned.com
3. People who namesquat often have bad password security and don't bother setting up 2FA
As a result, we've been dealing with a lot of account hijackings on Mastodon. Spammers take over legit looking accounts and transform them into spam.
Bondiou ! Je suis en retard !!
@Mastodon Why the dramatic sound effects? 😀
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!