@dansup approval mode works far better

@dansup works better in jurisdictions like China where every phone number is tied to a legal identity. Wherever prepaid SIM cards can be bought it'd only slightly raise costs for mass spammers, so I'd prefer a method that doesn't require personal information.

@dansup Would this require some external SMS verification service? The chances that such a service is cheap enough and at the same time can be trusted with that information, is I guess close to zero. Or have you found good candidates?

If such a service costs even a tiny little bit of money per check, this provides an opening to malicious actors to drive up your bill by just firing millions of sign up requests at it, even if they know they'll fail.

@dansup I like how @armbian enforces 2FA with a device/service by default personally. SMS is not secure anymore.

@dansup the social I’d like, would use lobste.rs invitation tree + lemmy’s questionnaire; I hope this gives you a direction to draw ideas from :)

@dansup "there is nothing better in the morning" than get figure out You cut from gmail and provide security code from recovery email (bless the existence of rock solid @protonmail ) move You into unskippable phone number filling screen (obviously fresh and non existent one no phone number ever used under this account) to prove me is me sure google logic... That is one of reasons why any online accounts phone requirements (especially forced ones) its worst idea ever invented...

@dansup the problem (to me) with the phone number thing is that there's zero guarantee that the instance you're signing up to hasn't tweaked the code to save the phone numbers. Just because instances of X _usually_ don't save something doesn't mean they _all_ don't.