1
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 19 Mar 2025
1 points (66.7% liked)
Voyager
6290 readers
4 users here now
The official lemmy community for Voyager, an open source, mobile-first client for lemmy.
Rules
- Be nice.
- lemmy.world instance policy
Sponsor development! 👇
💙
founded 2 years ago
MODERATORS
that’s still making assumptions about where you want to login to. The fact is that you can login, today, to Lemmy.world with “username” of “me@lemmy.wtf” assuming Lemmy.wtf has an email server setup. And it’s not a safe assumption because users DO have email addresses saved in their passwords manager as a username for whatever random instance, and there should be a 0% chance of sending user credentials to the wrong domain.
I can’t just trust that domain to say they’re a Lemmy instance, and there is a user with that username on the domain. That’s trivial to exploit.