Decide on the initial privacy and security measures

[Aurorathebadass]

I got a recommendation from reddit for AWS cognito to handle user management . it is free for the first 50k profiles

[Hopetheheartmagicmusician]

options https://www.reddit.com/r/webdev/comments/rtuing/whats_everyone_using_for_database_hosting_on/

[Hopetheheartmagicmusician]

negative discussion about cognito https://www.reddit.com/r/aws/comments/11q1j8e/why_does_cognito_get_a_bad_wrap/

[Hopetheheartmagicmusician]

string of advice received

there are open source platforms like this like supabase that you can self host but i can't say how good they actually are.

Simply plural moved away from fire base to have better control over privacy and authentication, for example firebase wouldn't let SP have stronger passwords, at least this is the reason they have said publicly in the server, Did they say this in the server as well or?

as someone who has developed a mobile app using firebase: avoid firebase at all costs it is incredibly frustrating for a number of reasons, even ignoring the financial cost (and the financial cost will be large!)

overwhelming negativity about firebase

[Hopetheheartmagicmusician]

I feel like databases and privacy go hand in hand so I will be referencing these replies in the database issue.

[Hopetheheartmagicmusician]

1. What kinds of information will users want to keep private?

2. Who should be able to access that information?

[Hopetheheartmagicmusician]

1. What kinds of information will users want to keep private?

Things to keep private user profiles, messages, system names, email addresses. headmate names, headmate count, ages, body ages, posts(Comets), friends/following list

3. Who should be able to access that information?

maybe different privacy within the system as well that can be toggled on and off. It would be nice for the program to be something that a system can use completely without outside involvement should they choose they just want to use it for system communication only. I don't want to limit it to that because there are plenty of good options out for that like twinote, sp's chat, pluralkit in a single server, and antar. but I think having an option that has functions still in use and not buggy would be nice as an alternative considering twinote isn't being worked on anymore.

[Hopetheheartmagicmusician]

Step 3: Research Simple Security Practices

Look into some basic security practices for beginner apps:

1. Encryption: Encryption helps make sure that even if someone intercepts messages, they can’t read them. Look up terms like "basic message encryption" or "secure data storage for apps" to get started.
2. Secure Passwords: Require users to use strong passwords (e.g., at least 8 characters, a mix of letters, numbers, and symbols). You can also look into storing passwords securely using tools like "hashing" (there are beginner-friendly libraries that can help with this).

[Hopetheheartmagicmusician]

Step 4: Start with Simple Privacy Features

Some easy-to-implement privacy features could be:

1. Private Mode: Give users the option to make their profiles completely private (so only people they allow can see their system).
2. Message Deletion: Allow users to delete their messages from both their own inbox and the recipient's inbox.
3. Two-Factor Authentication (Optional): For extra security, you can allow users to add a second layer of protection (like a code sent to their email or phone).

[Hopetheheartmagicmusician]

Step 5: Get Feedback

1. What kind of information would they want to keep private?
2. How would they feel about using a password or other security features?

[Hopetheheartmagicmusician]

Can I request a privacy mode where a higher part or adult part can lock messaging to just within the system? genius. turning this into a ticket