These are Lemmy instances with a “Sign Up” link which present you with a form to fill out to register. Then after you fill out the form and supply information like email address to the server, they respond with “registration closed”:

I suppose it’s unlikely to be malice considering how many there are. It’s likely a case of shitty software design. There should be a toggle for open/closed registration and when it’s closed there should be no “Sign Up” button in the first place. And if someone visits the registration URL despite a lack of Sign Up link, it should show a reg. closed announcement.

Guess it’s worth mentioning there are some instances that accept your application for review (often with interview field) but then either let your application rot (“pending application” forever) or they silently reject it (you only discover non-acceptance when you make a login attempt and either get “login failed” or even more rudely it just re-renders the login form with no msg). These nodes fall into the selective non-acceptance category:

To be fair, I use a disposable email address which could be a reason the 5 above to reject my application. And if they did give a reason via email, I would not see it. Not sure if that’s happening but that’s also a case of bad software. That is, when a login attempt is made, the server could present the rationale for refusal. Another software defect would be failing to instantly reject an unacceptible email address.

  • Darkassassin07@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    ·
    4 months ago

    And if they did give a reason via email, I would not see it. Not sure if that’s happening but that’s also a case of bad software.

    No, that ones entirely on you. Don’t provide a false means of communication then blame them for using it.

    • debanqued@beehaw.orgOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      4 months ago

      I’m not seeing how this is a good justification for login refusals to lack information and transparency. When you are denied a login, a well designed system tells you why you are denied and the rationale the server gives you should either include enough info to imply a remedial course of action (e.g. “re-apply and tell us more detail about why you like our node”), or at least make it clear that the refusal is final for reasons that are non-remedial. Users should not have to guess about why they are denied a login when countless things can go wrong with email at any moment. The denial rationale should be emailed and also copied into the server records to present upon login attempts.

      The only exception to this would be if they really believe they are blocking a malicious user. Then there is some merit to being non-transparent to threat agents. But the status quo is to treat apps rejected for any arbitrary reason as they would an attacker.

      • Darkassassin07@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        I could understand that if you had been granted an account you’d successfully logged into, and then started receiving login refusal afterwards; but to have not actually had an account yet makes it pretty obvious when you try to login and fail that the application has not been accepted. Whether that’s an explicit refusal, or just an idle queue that’s being ignored, doesn’t really make a difference. If the instance admins wanted to talk about it, they’d have emailed you; or published some means of contacting them outside lemmy.

        I wouldn’t expect to receive the reason for refusing the application via any other means than the email I’d provided in that application. That’s the entire purpose of providing an email; so you could be contacted when/if there are updates to your applications status.

        If you’re going to provide false contact info, you can’t be all that surprised when you don’t receive communication(s).

      • stevedidwhat_infosec@infosec.pub
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        The cognitive dissonance in this Jesus Christ

        You don’t think providing an email from a throw away service would strike the software as a malicious user/spam bot???

        You keep talking like you know everything and then step onto rakes and start screaming about how it’s the gardeners fault (you live alone and do the gardening, naturally)

        • debanqued@beehaw.orgOP
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          4 months ago

          The cognitive dissonance in this

          It seems you don’t know what that phrase means. It doesn’t follow from anything else you wrote why you think that.

          You don’t think providing an email from a throw away service would strike the software as a malicious user/spam bot???

          You don’t think that legitimate streetwise users secure themselves by supplying disposable email addresses???

          You keep talking like you know everything

          The post intends to solicit intelligent and civil discourse with logical reasoning, not the sort of ego-charged emotional hot-headed pissing contest you’re trying to bring here.

          • stevedidwhat_infosec@infosec.pub
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            4 months ago

            Your post and subsequent comments say quite the opposite - they’re oozing ego-charged.

            Try coming from a place of genuine curiosity and not “this is wrong and stupid”

            I’m not interested in bickering with you about semantics of social conduct. Black boxing applications from disposable/abusable mechanisms is absolutely a-okay in cybersecurity terms.