Implement trustee system #6

New issue

Open

opened 2024-06-30 17:56:43 +00:00 by sofia · 0 comments

sofia commented

2024-06-30 17:56:43 +00:00

Owner

Currently, there is no trustee system in place. Users can add heirs, but that information is not used for anything.

The heir system should work as follows:

A user adds trustees that can request access to their memories.
If something happens to the user (see the rationale at the README), trustees can request access to the user's data.
The user is informed and given a period of time to stop the account transfer.
Once that period is over, the account of the user is given new credentials linked to the heir.
The heir can log-in with those credentials and access a read-only version of the user's memories.
If the user ever signs-in using their original credentials, the account transfer is undone and a message is automatically sent to the instance staff.
The staff will determine if the account was accessed by mistake or if any abuse has taken place.
If abuse has taken place, the staff will inform the user and any interested parties.

In order for this to work properly, we need to implement and e-mail verification system (#1) and strong abuse prevention (#4).

Open questions

Should the staff be involved in the transfer process?
- If so, should any documentation be requested before completing the transfer process?
How can the staff determine abuse once a user whose account has been transferred signs-in?
Should the transferred account be read-only? Could the memories created after the transfer be stored in another section instead of not at all?
- Further research needs to be done to determine the use-case, benefits, and drawbacks of each option.

Currently, there is no trustee system in place. Users can add heirs, but that information is not used for anything. The heir system should work as follows: 1. A user adds trustees that can request access to their memories. 2. If something happens to the user (see the rationale at the README), trustees can request access to the user's data. 3. The user is informed and given a period of time to stop the account transfer. 4. Once that period is over, the account of the user is given new credentials linked to the heir. 5. The heir can log-in with those credentials and access a read-only version of the user's memories. 6. If the user ever signs-in using their original credentials, the account transfer is undone and a message is automatically sent to the instance staff. 7. The staff will determine if the account was accessed by mistake or if any abuse has taken place. 8. If abuse has taken place, the staff will inform the user and any interested parties. In order for this to work properly, we need to implement and e-mail verification system (#1) and strong abuse prevention (#4). **Open questions** - [ ] Should the staff be involved in the transfer process? - [ ] If so, should any documentation be requested before completing the transfer process? - [ ] How can the staff determine abuse once a user whose account has been transferred signs-in? - [ ] Should the transferred account be read-only? Could the memories created after the transfer be stored in another _section_ instead of _not at all_? - Further research needs to be done to determine the use-case, benefits, and drawbacks of each option.