As the former U.S. president, I am proud to be a fellow member of this community. Despite evidence pointing to the alternative, I am confident impersonation will not be an issue.
-
Signed
- Barack Obama, former U.S. president
As a doctor of humanology, I have examined and can confirm this is the real Obama.
Thanks Mr. Krabs!
We all know your degree is in art history!
Thanks, Obama
damn, he was killing off subreddits before it was cool
I hope this becomes a Lemmy meme
That’s impossible. I know it can’t be the real Obama since he said he only uses Tildes.
-
While there are technical solutions to that problem, realistically it’s only a problem if people start thinking they’re celebrities. Personally I prefer a platform that lets people dunk on celebrities.
There’s value in knowing if a response is from a specific person, even if they aren’t a celebrity.
As a long time reddit moderator, people creating similar usernames to impersonate another user is definitely a problem. That was instantly bannable in all the subs I’ve moderated.
Having color coded usernames calculated based on their full user/ host could help. Something like https://gustu.github.io/string-to-color/. That would make it more obvious that two users aren’t the same user.
In the subreddits dedicated to the Cosmere multiverse created by Brandon Sanderson, who is an active redditors, we had a meme of pinging something close to but not actually his username. Especially when it wasn’t something worth wasting his time.
But yeah, completely agree. I am sure it was frustrating.
But if you want to confirm which instance a username is from, you can do that. Even if reader apps hide it, you can always check the web page.
Yeah but who’s going to bother doing that?
Haha, Liftoff! to the rescue. Full usernames FTW
Anyone who actually needs to know that info
If you can’t be bothered to check you probably don’t need to know who the author really is
The app I’m running (Mlem) shows that you’re lemm.ee while the other RickRussell_CA is lemmy.world when I click on either of your names.
I think that’s an easy enough lift to sort it out, (though direct display might still be better).
Damn, straight up doxxed a fella. Cold af
As a long time reddit moderator, people creating similar usernames to impersonate another user is definitely a problem. That was instantly bannable in all the subs I’ve moderated.
Having color coded usernames calculated based on their full user/ host could help. Something like https://gustu.github.io/string-to-color/. That would make it more obvious that two users aren’t the same user.
If I become a celebrity, you can dunk on me.
I often get mistaken for Margot Robbie
I sometimes get mistaken for the human pope, while you can clearly see that I’m the raccoon pope.
Hashtag relatable
I’m strongly of the opinion that we should never be hiding the domain for either communities nor users. The domain is an important part of both of those. [email protected] and [email protected] are entirely separate communities and may have very different rules, so it’s important to know which one you’re on.
And for users, impersonation aside (because let’s be honest, impersonation could just as easily utilize display names or look-a-like characters), there’s also just plain confusion from legitimate users. Common usernames are totally going to be used across multiple servers. If you’re seeing comments from [email protected] and also [email protected], you’re gonna wanna be able to tell them apart (display names kinda run counter to this and I’m not certain they’re a good idea).
display names kinda run counter to this and I’m not certain they’re a good idea
i think they would be a good idea if they worked like they do on mastodon: you get the display name and profile pic displayed prominently, but you still have the full username displayed below, with the domain included.
I agree. The domain is an important part of knowing
Funnily enough seems everyone is coming at this from the wrong angle personally. I don’t give af who I’m talking to sure, and I can confirm the instance if I must by clicking into their profile.
That said, I more so care about someone pretending to be me in an active thread. Like an active discussion or argument and someone decides to recreate your user on a different instanceand start inserting comments that confuse the discussion.
Or maybe you’ve stopped commenting, then someone else continues the conversation unbeknownst to you in your name.
you’re right, it’s a security issue!
client UIs must make it easy to keep track of who is who.
i think this could be resolved by assigning a color to each user based on a hash. maybe people would try to find collisions there (i.e. specifically find usernames that get the same color as you), but if you do something like
color_index = hmac(user_address, client_nonce) % color_count
whereclient_nonce
is unique to each client, it would be impossible to manipulate usernames to get a collision or even a higher chance at it.The full user adress should suffice for the hash, because there is only one [email protected], for example.
Also, do you really need a hash? Isn’t there a simpler alternative, developing an app?
yeah, the point is that if
hyazinthe@feddit.de
hashes to, say, blue, they can try to find a similar-looking username that also hashes to blue, therefore helping with the impersonation. if you hash a client nonce that’s different for everyone, you may hash to blue on my screen but green on yours, and there will be no relation between who hashes to which color on your screen or mine. the impersonator will have no way to guess if their name would match colors on either of our screens, and if we have, say, 25, colors, it will be a static 4% chance no matter what they do.Ah, I understand. But couldn’t you just implement the unpredictable colors, you are trying to achive client-side, without hashing, say random order of colors?
Why would anyone do that?
No. The way Reddit works is that you care about the content, not the people posting it.
Mastodon must have a bigger problem with that (impersonation), but I don’t know if/how they solved it
I agree. An AMA would be hilarious with several imposter accounts answering people’s questions.
Mastodon alloes you to verify an account by adding a link to your Mastodon profile on a website you control, which will make the website marked as verified in the profile. It’s only worth as much as the trustworthiness of the website itself though.
This isn’t reddit
The way Reddit works is that you care about the content, not the people posting it.
That’s mostly true, but not entirely. The OP of a thread should be a distinguished role, since their updates have significance in things like AMAs. It would also be good to highlight situations where a different person has joined a reply chain - if you have been having a 1:1 back-and-forth, and you see a new reply in that context, it’s easy to assume it’s coming from the same - an assumption that might make you incorrectly reference prior claims in the conversation as if they were made by that person.
RIF did the former, but not the latter (AFAIK).
Eh. I use this for a videogame development community, and the sort of trolling we’ve had on Reddit would absolutely fit with someone trying to impersonate one of the developers to cause shit.
In fact that actually happened once on one forum.
Removed by mod
Holy shit! You just turned email addresses into lemmy posts/profiles!
Removed by mod
Identity theft is not a joke, Jim! Millions of families suffer every year!
Thanks for that important caution, actual real life Hollywood actresses Margot Robbie.
What kind of Internet weirdo would want to impersonate me anyways?
I’ve never even slightly gave a shit to whoever I’m talking to on Reddit/Lemmy. That’s why I like these platforms, they revolve around the content, not the user. On platforms like Mastodon it’d be a bigger issue, but not so much here because there aren’t noteworthy commenters or posters or whatever.
Yeah, it’s a forum, it should be more like a cafe in terms of anyone talking to anyone, regardless of who that person is.
For big personalities and stuff every time it mattered in reddit, I saw proof that they’re them (ama’s usually)
YET
Do people generally pay much attention to usernames anyway? One of the things that attracted me to old-school forums, then reddit, and now the feddiverse is the decentralized anonymity. It’s all just voices, and they’re all treated as equal, though you can still look at their histories or profiles and get more context if you want. I like that it’s not front-facing. The ideas come first, and personality is secondary.
Usually not, but I saw a poppinKREAM on here and based on their post history, they’re not the same person as on Reddit.
Yeah, I don’t remember usernames. Everyone might as well be anon. I remember comments more than the username that posted it.
On Reddit, it depends on the subreddit. Some of them I don’t care about usernames at all, but on smaller or more specialty/niche subreddits there actually can be a “community” of people who learn about each other
I imagine it can be similar here
Something I can’t seem to figure out is what determines the @instance.whatever to appear after the username. For example, I’m on lem.ee and you are on lemmy.ml, but I see you as theksepyro, not [email protected]
Edit: WAIT I’m dumb. Is it just display name? hahah.
That’s what OP is referring to. You could make [email protected] and comment here, you’d both end up showing up as the same person on anyone using an app that doesn’t show the instance in the username.
Fair point.
As far as I can tell the full username is only hidden on the same instance. So for instance, I see your full user name, but I only see the shortname for mine.
Mhm strangely your Name is shortened to Joe for me; but you are on a different Instance than I.
If someone sets a display name that is used instead.
Ahh, that makes sense I suppose. Still would be nice to know the home instance at a glance somehow.
Mhm when you hover over a name, it displays the qualified name.
Isn’t it only if you have something configured in display name?
Oh yeah good point, I have a displayname configured.
Oh. This makes sense.
Oh this is interesting. Yours is shortened too.
I host my own instance and it’s just me (because I’m so unlikable I can’t even get my 2 FRIENDS to join my instance. I digress)
I wonder if there’s some setting or ENV variable somewhere on the instance to change that.
Both of you are shortened for me, unlike most others in this comment section. Weird.
Same here on memmy but I can click the username and see the full path, like so:
Oh I just noticed that its under the username always!
Interesting that your client doesn’t show my Display Name (macniel) but instead uses my username (DmMacniel)
I think it’s also shortened if you set a “Display name”
I second this
Third
Hi Dr Zoidberg!
Lemmy has display names.
Two users can have the same name on the same instance, even.
If you need to confirm someone is who they seem to be, the full handle is the only unique aspect.
I was wondering about this. I was surprised to get this name on an active instance. What would the next persons display name be on my instance if they signed up as Artemis?
I’m on liftoff and it displays the domain for everyone unless it matches the domain the post is on. I think this is a good solution. It cuts down some superfluous text while still fully identifying each commenter.
I disagree. That requires me to be cognizant of which community the post was in when I’m half way through the comments. Just consistently always show the full name.
It’s the internet the women are men the men are children and the children are fbi
I think it would be nice to expect to see user’s full addresses in ui. You can tap around and find it in the options but that takes an active input. If someone is trying to spoof a well known user it should be readily apparent by their @instance registration.
Social engineering seems like it could be a bigger problem in the fediverse than on traditional social media platforms.
I feel that phishing becomes easier when there’s no single authoritative site to log into, as people may not check the URL as thoroughly. Impersonation also seems problematic.
Like much of the early internet, this new tech seems reliant on trusting the goodwill of others. I’m sure in time we will see the platform evolve to counteract the bad actors.
Who cares about impersonation? I barely even look at usernames. It’s the thing I liked about Reddit, and now lemmy. The contrary to things like twitter, the who is way less important than the what.
Agree! I don’t think we need to care or that it’s a problem, but it was cool to be able to “page” a celebrity and know they (their publicist) are answering.
Or paging /u/captaindisillusion to end up seeing the post in one of his videos, or realizing the guy who “had you going in the first half” was /u/shittymorph himself.
We can totally do without it though.
It would be a good idea to have some kind of verification protocol that mods or instance admins can use for specific cases like AMAs or ‘expert’ accounts like you mention.
But with AMAs, those are typically one-time use accounts anyway, and the traditional verification of a current photo with a handwritten note in it is simple and sufficient.
Yup, the comment and post is way more important here than some wannabe celeb avatar next to it.