• Barack Obama@sh.itjust.works
    link
    fedilink
    arrow-up
    72
    ·
    edit-2
    1 year ago

    As the former U.S. president, I am proud to be a fellow member of this community. Despite evidence pointing to the alternative, I am confident impersonation will not be an issue.

    • Signed

      • Barack Obama, former U.S. president
  • fiasco@possumpat.io
    link
    fedilink
    arrow-up
    39
    arrow-down
    2
    ·
    1 year ago

    While there are technical solutions to that problem, realistically it’s only a problem if people start thinking they’re celebrities. Personally I prefer a platform that lets people dunk on celebrities.

    • bionicjoey@lemmy.ca
      link
      fedilink
      arrow-up
      17
      arrow-down
      3
      ·
      1 year ago

      There’s value in knowing if a response is from a specific person, even if they aren’t a celebrity.

      • Jay K@lemmy.ml
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        As a long time reddit moderator, people creating similar usernames to impersonate another user is definitely a problem. That was instantly bannable in all the subs I’ve moderated.

        Having color coded usernames calculated based on their full user/ host could help. Something like https://gustu.github.io/string-to-color/. That would make it more obvious that two users aren’t the same user.

        • milkisklim@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          In the subreddits dedicated to the Cosmere multiverse created by Brandon Sanderson, who is an active redditors, we had a meme of pinging something close to but not actually his username. Especially when it wasn’t something worth wasting his time.

          But yeah, completely agree. I am sure it was frustrating.

      • RickRussell_CA@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        But if you want to confirm which instance a username is from, you can do that. Even if reader apps hide it, you can always check the web page.

          • buckybeaky@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            If you can’t be bothered to check you probably don’t need to know who the author really is

          • b34k@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            1 year ago

            The app I’m running (Mlem) shows that you’re lemm.ee while the other RickRussell_CA is lemmy.world when I click on either of your names.

            I think that’s an easy enough lift to sort it out, (though direct display might still be better).

      • Jay K@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        As a long time reddit moderator, people creating similar usernames to impersonate another user is definitely a problem. That was instantly bannable in all the subs I’ve moderated.

        Having color coded usernames calculated based on their full user/ host could help. Something like https://gustu.github.io/string-to-color/. That would make it more obvious that two users aren’t the same user.

  • CoderKat@lemm.ee
    link
    fedilink
    arrow-up
    29
    ·
    1 year ago

    I’m strongly of the opinion that we should never be hiding the domain for either communities nor users. The domain is an important part of both of those. [email protected] and [email protected] are entirely separate communities and may have very different rules, so it’s important to know which one you’re on.

    And for users, impersonation aside (because let’s be honest, impersonation could just as easily utilize display names or look-a-like characters), there’s also just plain confusion from legitimate users. Common usernames are totally going to be used across multiple servers. If you’re seeing comments from [email protected] and also [email protected], you’re gonna wanna be able to tell them apart (display names kinda run counter to this and I’m not certain they’re a good idea).

    • b3nsn0w@pricefield.org
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      display names kinda run counter to this and I’m not certain they’re a good idea

      i think they would be a good idea if they worked like they do on mastodon: you get the display name and profile pic displayed prominently, but you still have the full username displayed below, with the domain included.

  • ramplay@lemmy.ca
    link
    fedilink
    arrow-up
    14
    ·
    1 year ago

    Funnily enough seems everyone is coming at this from the wrong angle personally. I don’t give af who I’m talking to sure, and I can confirm the instance if I must by clicking into their profile.

    That said, I more so care about someone pretending to be me in an active thread. Like an active discussion or argument and someone decides to recreate your user on a different instanceand start inserting comments that confuse the discussion.

    Or maybe you’ve stopped commenting, then someone else continues the conversation unbeknownst to you in your name.

    • helo@lemm.ee
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      you’re right, it’s a security issue!

      client UIs must make it easy to keep track of who is who.

      • b3nsn0w@pricefield.org
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        i think this could be resolved by assigning a color to each user based on a hash. maybe people would try to find collisions there (i.e. specifically find usernames that get the same color as you), but if you do something like color_index = hmac(user_address, client_nonce) % color_count where client_nonce is unique to each client, it would be impossible to manipulate usernames to get a collision or even a higher chance at it.

        • hyazinthe@feddit.de
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          The full user adress should suffice for the hash, because there is only one [email protected], for example.

          Also, do you really need a hash? Isn’t there a simpler alternative, developing an app?

          • b3nsn0w@pricefield.org
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            yeah, the point is that if hyazinthe@feddit.de hashes to, say, blue, they can try to find a similar-looking username that also hashes to blue, therefore helping with the impersonation. if you hash a client nonce that’s different for everyone, you may hash to blue on my screen but green on yours, and there will be no relation between who hashes to which color on your screen or mine. the impersonator will have no way to guess if their name would match colors on either of our screens, and if we have, say, 25, colors, it will be a static 4% chance no matter what they do.

            • hyazinthe@feddit.de
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Ah, I understand. But couldn’t you just implement the unpredictable colors, you are trying to achive client-side, without hashing, say random order of colors?

  • pistachio@lemmy.ml
    link
    fedilink
    arrow-up
    13
    ·
    1 year ago

    No. The way Reddit works is that you care about the content, not the people posting it.

    Mastodon must have a bigger problem with that (impersonation), but I don’t know if/how they solved it

    • m-p{3}@lemmy.ca
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      1 year ago

      Mastodon alloes you to verify an account by adding a link to your Mastodon profile on a website you control, which will make the website marked as verified in the profile. It’s only worth as much as the trustworthiness of the website itself though.

    • scubbo@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      The way Reddit works is that you care about the content, not the people posting it.

      That’s mostly true, but not entirely. The OP of a thread should be a distinguished role, since their updates have significance in things like AMAs. It would also be good to highlight situations where a different person has joined a reply chain - if you have been having a 1:1 back-and-forth, and you see a new reply in that context, it’s easy to assume it’s coming from the same - an assumption that might make you incorrectly reference prior claims in the conversation as if they were made by that person.

      RIF did the former, but not the latter (AFAIK).

    • Erk@cdda.social
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Eh. I use this for a videogame development community, and the sort of trolling we’ve had on Reddit would absolutely fit with someone trying to impersonate one of the developers to cause shit.

      In fact that actually happened once on one forum.

  • 👁️👄👁️@lemm.ee
    link
    fedilink
    arrow-up
    11
    ·
    1 year ago

    I’ve never even slightly gave a shit to whoever I’m talking to on Reddit/Lemmy. That’s why I like these platforms, they revolve around the content, not the user. On platforms like Mastodon it’d be a bigger issue, but not so much here because there aren’t noteworthy commenters or posters or whatever.

    • FierroGamer@vlemmy.net
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Yeah, it’s a forum, it should be more like a cafe in terms of anyone talking to anyone, regardless of who that person is.

      For big personalities and stuff every time it mattered in reddit, I saw proof that they’re them (ama’s usually)

  • CeruleanRuin@lemmy.one
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    Do people generally pay much attention to usernames anyway? One of the things that attracted me to old-school forums, then reddit, and now the feddiverse is the decentralized anonymity. It’s all just voices, and they’re all treated as equal, though you can still look at their histories or profiles and get more context if you want. I like that it’s not front-facing. The ideas come first, and personality is secondary.

    • loutr@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Usually not, but I saw a poppinKREAM on here and based on their post history, they’re not the same person as on Reddit.

    • NightOwl@lemmy.one
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Yeah, I don’t remember usernames. Everyone might as well be anon. I remember comments more than the username that posted it.

    • theksepyro@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      On Reddit, it depends on the subreddit. Some of them I don’t care about usernames at all, but on smaller or more specialty/niche subreddits there actually can be a “community” of people who learn about each other

      I imagine it can be similar here

  • Joe@lemmy.knocknet.net
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    As far as I can tell the full username is only hidden on the same instance. So for instance, I see your full user name, but I only see the shortname for mine.

  • MentalEdge@sopuli.xyz
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    Lemmy has display names.

    Two users can have the same name on the same instance, even.

    If you need to confirm someone is who they seem to be, the full handle is the only unique aspect.

    • Artemis@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I was wondering about this. I was surprised to get this name on an active instance. What would the next persons display name be on my instance if they signed up as Artemis?

  • yuri@lemm.ee
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    I’m on liftoff and it displays the domain for everyone unless it matches the domain the post is on. I think this is a good solution. It cuts down some superfluous text while still fully identifying each commenter.

  • justineie_bobeanie@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    I think it would be nice to expect to see user’s full addresses in ui. You can tap around and find it in the options but that takes an active input. If someone is trying to spoof a well known user it should be readily apparent by their @instance registration.

  • lurker@lemmy.zone
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    Social engineering seems like it could be a bigger problem in the fediverse than on traditional social media platforms.

    I feel that phishing becomes easier when there’s no single authoritative site to log into, as people may not check the URL as thoroughly. Impersonation also seems problematic.

    Like much of the early internet, this new tech seems reliant on trusting the goodwill of others. I’m sure in time we will see the platform evolve to counteract the bad actors.

  • Lapistola@lemmy.world
    link
    fedilink
    arrow-up
    5
    arrow-down
    1
    ·
    1 year ago

    Who cares about impersonation? I barely even look at usernames. It’s the thing I liked about Reddit, and now lemmy. The contrary to things like twitter, the who is way less important than the what.

    • RedditWanderer@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Agree! I don’t think we need to care or that it’s a problem, but it was cool to be able to “page” a celebrity and know they (their publicist) are answering.

      Or paging /u/captaindisillusion to end up seeing the post in one of his videos, or realizing the guy who “had you going in the first half” was /u/shittymorph himself.

      We can totally do without it though.

      • CeruleanRuin@lemmy.one
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        It would be a good idea to have some kind of verification protocol that mods or instance admins can use for specific cases like AMAs or ‘expert’ accounts like you mention.

        But with AMAs, those are typically one-time use accounts anyway, and the traditional verification of a current photo with a handwritten note in it is simple and sufficient.

    • macniel@feddit.de
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Yup, the comment and post is way more important here than some wannabe celeb avatar next to it.