I’m certain the engineering team considered it, but I wonder why they didn’t pursue having accounts that haven’t signed in for a while issue a notice to the sender, or even have the account deactivate itself.
Make an opt-out default, you could disable that behaviour if your threat model needed to account for that 🤷
Ah yeah, I’d forgotten about that.
I’m certain the engineering team considered it, but I wonder why they didn’t pursue having accounts that haven’t signed in for a while issue a notice to the sender, or even have the account deactivate itself.
Make an opt-out default, you could disable that behaviour if your threat model needed to account for that 🤷