Conversation #saz2moa

Recent tws in this reply to #saz2moa

@prologic (#saz2moa) considering the negatives of social media on a large scale, wondering about an alternative for a local region. In my case, an expat pod for Vietnam. Mightn’t need to complicate the feed with feeds from other pods that can have their own specific content.

Unless seperate pods were made to serve different languages and then joined for the multi lingual.


@prologic (#saz2moa) Yes, makes sense. I appreciate a minimalist design and service that focuses on one particular thing.

Now, on this pod, each user has a profile link to their twtxt.txt which can be accessed by anyone without an account, and I noticed @xuu for example doesn’t have his link displayed.

Can the pod owner choose to have accounts private? Like I can view some twitter accounts without logging in and others I can’t.

or will the *.txt file always remain hosted somewhere in plaintext by design?


@prologic (#saz2moa) Hi James, I caught up with some of your blog posts and discussions on github. Maybe you’re right, and we shouldn’t have the misconception of privacy on any of these platforms. Even if closed to non-users, one hack or one unblocked user with access can archive everything. Still, with the simplicity of retrieving the archive of users twts, even if a pod owner claims not to track users, it unfortunately doesn’t stop someone else from doing so.

So a pod owner can turn off open registrations and open profiles. I’m feeling dumb but what does disabling open profiles mean for users?


@prologic (#saz2moa) I’m not sure I know enough to implement OAuth2. I’m still considering that twt in combination with say XMMP for private dm and group chat could work for a local community.

Is twtxt.net setup to hash user’s passwords and emails? You have the ability for users to retrieve passwords but you mention you don’t keep emails. I’m curious as I have just realized that the ejabberd server I setup stores passwords as plain text and I need to research this more.


@prologic (#saz2moa)

Passwords are encrypted with scrypt.

Emails are not stored, only a hash is. If you need to recover your account for any reason (password reset) you must supply the same email used on signup, if the hash matches the backend will happily send a reset token.

This is pretty clever. Is this the default setup from installing one of the pre-built binaries?


You must be Logged in to join the conversation.