Open pfunks opened 6 years ago
sneak
commented
6 years ago I like this idea but I'm hesitant to move forward with it until we have a good idea of how many password changes are illegitimate versus benign. If most password changes are benign, then not letting someone inline images or links for 24h is undue burden on normal users. Maybe 6-12h?
pfunks
commented
6 years ago That's a valid point, though password/owner key changes are infrequent enough, or should be, that it's reasonable to have some cool-off period on linking. A good phishing attack on Steem/Steemit has viral potential that we haven't seen the peak of yet.
In issue #2545, @sneak mentioned listing specific accounts on a known-compromised or phishing blacklist, with the possible use of disabling inline linking in posts/comments.
Instead of or in addition to that:
To add friction to these attacks, which have viral potential, any account that has changed its owner key (assume changed password) in the last 7 (or 14, something not too short but not too long) days could have an asterisk added to its reputation score display
Furthermore it could be a good idea to disable inline linking from those accounts for some period of time. I think 7 days would be too long to disable inline linking because there are some legitimate reasons for changing password and posting soon after. Maybe 24/48/72 hours.