You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The mailing list linked from the README (https://groups.google.com/g/faye-users) has hundreds of spam messages sent to it and exposes users' email addresses. I'd like to join this mailing list to stay up to date on security issues, but don't want to sign up for spam or expose my address.
The current privacy configuration is as follows:
I believe that more secure settings that would prevent the above issues are as follows:
Along with this, the group owner needs to ban the current spammers.
Allowing group members to view members means that the full member list will be exposed to anyone who is able to join the group. Currently anyone may join, but even after that is restricted, this is still undesirable as this means that if there were some zero day vulnerability, a malicious user would only need to gain access to this mailing list to get a list of potential attack targets.
Allowing non-members to view conversations means that the email address of posters will be exposed publicly.
Allowing anyone on the web to join the group means that spammers can join and immediately post.
The text was updated successfully, but these errors were encountered:
The mailing list linked from the README (https://groups.google.com/g/faye-users) has hundreds of spam messages sent to it and exposes users' email addresses. I'd like to join this mailing list to stay up to date on security issues, but don't want to sign up for spam or expose my address.
The current privacy configuration is as follows:
I believe that more secure settings that would prevent the above issues are as follows:
Along with this, the group owner needs to ban the current spammers.
Allowing group members to view members means that the full member list will be exposed to anyone who is able to join the group. Currently anyone may join, but even after that is restricted, this is still undesirable as this means that if there were some zero day vulnerability, a malicious user would only need to gain access to this mailing list to get a list of potential attack targets.
Allowing non-members to view conversations means that the email address of posters will be exposed publicly.
Allowing anyone on the web to join the group means that spammers can join and immediately post.
The text was updated successfully, but these errors were encountered: