Account Switching by ekzyis · Pull Request #644 · stackernews/stacker.news \ stacker news ~meta

pull down to refresh

Account Switching by ekzyis · Pull Request #644 · stackernews/stacker.news github.com/stackernews/stacker.news/pull/644

13.9k sats \ 45 comments \ @ek 19 Nov 2023 meta freebie

Made some progress on account switching and interested in feedback, if there's any.

With this feature, you'll be able to switch between accounts. @sn and @kr or @hn and me are good examples: Currently, I always create an incognito tab to login as @hn to keep my session as @ekzyis alive. Now, I will be able to login as @hn within my session as @ekzyis. So if there are stackers out there with multiple nyms: this feature is for you!

However, keep in mind that in theory, we would be able to link your accounts. We haven't found a secure and private solution. See discussion in the PR.

The changes in this pull request should also make anon UX better since you no longer will have to logout to post anonymously. You can just switch to anon and then when you're done, you will be able to return to your session.

Again: anonymously means here you're anonymous in front of other stackers. You're trusting us that we don't log request cookies if you use this feature to post as @anon. If you logout and then post as @anon, the only way for us to find out who you are is to compare IP addresses. Which is always something you trust services to not do. Or simply use a VPN.

For video showcase, click here.

view all related items

503 sats \ 1 reply \ @WeAreAllSatoshi 19 Nov 2023

I wonder if it'd be a good idea to make this kind of posts for all pending PRs, to solicit feedback? I realize this one might be a bit more geared towards feedback than others, so maybe not every PR should be shared, but it's still probably a good idea!

10 sats \ 0 replies \ @ek OP 19 Nov 2023

Yes, I think in general, it's good to ask for feedback here.

As you mentioned, some PRs might be better suited than others.

For example, stackers might have have more feedback when it comes to feature PRs compared to bug PRs.

I think this is something every PR author can decide for themselves :)

449 sats \ 2 replies \ @benthecarman 19 Nov 2023

Why not have individual login tokens per account and client side it picks which to use based on which account is selected?

0 sats \ 1 reply \ @ek OP 19 Nov 2023

Is this different to what I am doing?

I am setting individual ~~login~~ session tokens (JWTs) per account (multi_auth.<userId>).

The client uses a "cointer pookie" (I made that term up) to switch between accounts since we don't want to give JS access to the actual session tokens.

My assumption is that using pointer cookies should prevent XSS vulns since in case of a XSS vuln, an attacker could only see which accounts you're linked to. But don't access the actual session tokens.

100 sats \ 0 replies \ @ek OP 19 Nov 2023

lol, cointer pookie. I meant pointer cookie

428 sats \ 1 reply \ @WeAreAllSatoshi 19 Nov 2023

I guess this is intentional, but the account switching only works in your current browser session, right? Meaning, there is no actual link established between one account and another, it's all just managed via the cookies in your browser.

0 sats \ 0 replies \ @ek OP 19 Nov 2023

there is no actual link established between one account and another, it's all just managed via the cookies in your browser.

Yes

428 sats \ 1 reply \ @WeAreAllSatoshi 19 Nov 2023

Would you prefer feedback here or on the PR?

0 sats \ 0 replies \ @ek OP 19 Nov 2023

Mhh, good question. I don't really mind but here, more people might see it

10 sats \ 2 replies \ @SpaceHodler 19 Nov 2023

Would it also be possible to allow transferring an SN account to another lightning login? For example I log into my SN account via Alby. But Alby is only available on desktop. I'd like to transfer my account to WoS so I can log in on mobile without needing access to my desktop. But I don't want to abandon my SN account and create a new one.

I know e.g. lnmarkets.com has that feature.

5 sats \ 1 reply \ @ek OP 19 Nov 2023

Linking multiple lightning logins is a different ticket.

But what you want to do, you can already do. Since currently, you can only link a single lightning login, you need to link a different auth method first (or if you feel reckless, don't) and then you can unlink your lightning auth. You can then link your WoS wallet (do they support LNURL-auth now?).

0 sats \ 0 replies \ @SpaceHodler 19 Nov 2023

Thanks, I'll look into it when I get home.

Yes, they do: #118606 , and I have actually used it with lnmarkets.

0 sats \ 0 replies \ @faithandcredit 19 Nov 2023

I will probably never use this. But thanks for pushing the limits of social media ever so slightly. It can help secure its future.

0 sats \ 2 replies \ @Zepasta 19 Nov 2023 freebie

Personally im not big fan of the Anon feature.

Just a recent experience on my "You Shouldnt DCA" thread, many users were using those anon acc to insult me and my "take". If you are gonna call me a retard for saying DCA is stupid (which has been proven by math) atleast have the balls to use your real acc and not anon.

@DarthCoin said it best:

stackers with a SN account that are (ab)using the anon feature to post stuff that could be opposite or affect their regular SN account reputation. That means they are NOT responsible for their own actions/words, they do not have balls to take that responsibility, they do not know how to stand your ground.

0 sats \ 28 replies \ @DarthCoin 19 Nov 2023 freebie

OMG you are just feeding spammers. Who is using anon and also using a SN nym are just cowards and I do not believe any words they say. You are just opening pandora"s box with this feature. How am I suppose to take in consideration any post by an anon if everybody could be an anon ?