A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it’s welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
Icon by @Double_A@discuss.tchncs.de
- 0 users online
- 258 users / day
- 967 users / week
- 2.46K users / month
- 5.6K users / 6 months
- 1 subscriber
- 3.07K Posts
- 119K Comments
- Modlog
As the former U.S. president, I am proud to be a fellow member of this community. Despite evidence pointing to the alternative, I am confident impersonation will not be an issue.
Signed
As a doctor of humanology, I have examined and can confirm this is the real Obama.
We all know your degree is in art history!
Thanks Mr. Krabs!
Thanks, Obama
damn, he was killing off subreddits before it was cool
I hope this becomes a Lemmy meme
That’s impossible. I know it can’t be the real Obama since he said he only uses Tildes.
It’s signed all official like so it’s clearly legitimate.
While there are technical solutions to that problem, realistically it’s only a problem if people start thinking they’re celebrities. Personally I prefer a platform that lets people dunk on celebrities.
There’s value in knowing if a response is from a specific person, even if they aren’t a celebrity.
But if you want to confirm which instance a username is from, you can do that. Even if reader apps hide it, you can always check the web page.
Yeah but who’s going to bother doing that?
Haha, Liftoff! to the rescue. Full usernames FTW
Anyone who actually needs to know that info
The app I’m running (Mlem) shows that you’re lemm.ee while the other RickRussell_CA is lemmy.world when I click on either of your names.
I think that’s an easy enough lift to sort it out, (though direct display might still be better).
Damn, straight up doxxed a fella. Cold af
If you can’t be bothered to check you probably don’t need to know who the author really is
As a long time reddit moderator, people creating similar usernames to impersonate another user is definitely a problem. That was instantly bannable in all the subs I’ve moderated.
Having color coded usernames calculated based on their full user/ host could help. Something like https://gustu.github.io/string-to-color/. That would make it more obvious that two users aren’t the same user.
In the subreddits dedicated to the Cosmere multiverse created by Brandon Sanderson, who is an active redditors, we had a meme of pinging something close to but not actually his username. Especially when it wasn’t something worth wasting his time.
But yeah, completely agree. I am sure it was frustrating.
As a long time reddit moderator, people creating similar usernames to impersonate another user is definitely a problem. That was instantly bannable in all the subs I’ve moderated.
Having color coded usernames calculated based on their full user/ host could help. Something like https://gustu.github.io/string-to-color/. That would make it more obvious that two users aren’t the same user.
As a long time reddit moderator, people creating similar usernames to impersonate another user is definitely a problem. That was instantly bannable in all the subs I’ve moderated.
Having color coded usernames calculated based on their full user/ host could help. Something like https://gustu.github.io/string-to-color/. That would make it more obvious that two users aren’t the same user.
I often get mistaken for Margot Robbie
I sometimes get mistaken for the human pope, while you can clearly see that I’m the raccoon pope.
Hashtag relatable
If I become a celebrity, you can dunk on me.
I’m strongly of the opinion that we should never be hiding the domain for either communities nor users. The domain is an important part of both of those. !Technology@beehaw.org and !Technology@lemmy.world are entirely separate communities and may have very different rules, so it’s important to know which one you’re on.
And for users, impersonation aside (because let’s be honest, impersonation could just as easily utilize display names or look-a-like characters), there’s also just plain confusion from legitimate users. Common usernames are totally going to be used across multiple servers. If you’re seeing comments from
john@smith.nameand alsojohn@lemmy.world, you’re gonna wanna be able to tell them apart (display names kinda run counter to this and I’m not certain they’re a good idea).i think they would be a good idea if they worked like they do on mastodon: you get the display name and profile pic displayed prominently, but you still have the full username displayed below, with the domain included.
I agree. The domain is an important part of knowing
I think this is the only solution that makes sense, just like in email you always append your domain, whether is gmail.com or your own.
Identity theft is not a joke, Jim! Millions of families suffer every year!
Thanks for that important caution, actual real life Hollywood actresses Margot Robbie.
What kind of Internet weirdo would want to impersonate me anyways?
Funnily enough seems everyone is coming at this from the wrong angle personally. I don’t give af who I’m talking to sure, and I can confirm the instance if I must by clicking into their profile.
That said, I more so care about someone pretending to be me in an active thread. Like an active discussion or argument and someone decides to recreate your user on a different instanceand start inserting comments that confuse the discussion.
Or maybe you’ve stopped commenting, then someone else continues the conversation unbeknownst to you in your name.
you’re right, it’s a security issue!
client UIs must make it easy to keep track of who is who.
i think this could be resolved by assigning a color to each user based on a hash. maybe people would try to find collisions there (i.e. specifically find usernames that get the same color as you), but if you do something like
color_index = hmac(user_address, client_nonce) % color_countwhereclient_nonceis unique to each client, it would be impossible to manipulate usernames to get a collision or even a higher chance at it.The full user adress should suffice for the hash, because there is only one hyacinth@feddit.de, for example.
Also, do you really need a hash? Isn’t there a simpler alternative, developing an app?
yeah, the point is that if
hyazinthe@feddit.dehashes to, say, blue, they can try to find a similar-looking username that also hashes to blue, therefore helping with the impersonation. if you hash a client nonce that’s different for everyone, you may hash to blue on my screen but green on yours, and there will be no relation between who hashes to which color on your screen or mine. the impersonator will have no way to guess if their name would match colors on either of our screens, and if we have, say, 25, colors, it will be a static 4% chance no matter what they do.Ah, I understand. But couldn’t you just implement the unpredictable colors, you are trying to achive client-side, without hashing, say random order of colors?
I think it should go on the client, and the hash is pretty much a space saving measure. There are three options, as far as I see it:
Given that Lemmy does a lot of reloads on navigation I don’t think #1 would work well. The hash is a quick and easy way around the complexities of other implementations.
And yeah, in theory the server could store the client secret, making the colors consistent across all devices of a user, but it has to be non-public info. If it’s public, an impersonator could target a specific person and find a collision that fools them in particular.
Nice visual feedback.
Of course, I’d still want to see the instance with every user and also with every chanel.
Like email. Sure, some clients only show the first name, but somewhere I want to see the full address, can be small, can be hidden in a compact view, but full address is a must.
Bob@family.us is not bob@microsoft.com
www.bank.com is not www.bank.scammer.com
Berlin, Oregon is not Berlin (Germany)
Names are not unique. That’s why we have addresses.
Why would anyone do that?
https://www.youtube.com/watch?v=YWdD206eSv0
I’ve never even slightly gave a shit to whoever I’m talking to on Reddit/Lemmy. That’s why I like these platforms, they revolve around the content, not the user. On platforms like Mastodon it’d be a bigger issue, but not so much here because there aren’t noteworthy commenters or posters or whatever.
Yeah, it’s a forum, it should be more like a cafe in terms of anyone talking to anyone, regardless of who that person is.
For big personalities and stuff every time it mattered in reddit, I saw proof that they’re them (ama’s usually)
YET
No. The way Reddit works is that you care about the content, not the people posting it.
Mastodon must have a bigger problem with that (impersonation), but I don’t know if/how they solved it
I agree. An AMA would be hilarious with several imposter accounts answering people’s questions.
That’s mostly true, but not entirely. The OP of a thread should be a distinguished role, since their updates have significance in things like AMAs. It would also be good to highlight situations where a different person has joined a reply chain - if you have been having a 1:1 back-and-forth, and you see a new reply in that context, it’s easy to assume it’s coming from the same - an assumption that might make you incorrectly reference prior claims in the conversation as if they were made by that person.
RIF did the former, but not the latter (AFAIK).
it already is though. you get stuff like “creator”, “mod”, or “admin” appended next to usernames, at least on the web ui (“creator” means op, idk why they worded it this way)
Mastodon allows you to verify an account by adding a link to your Mastodon profile on a website you control, which will make the website marked as verified in the profile. It’s only worth as much as the trustworthiness of the website itself though.
Eh. I use this for a videogame development community, and the sort of trolling we’ve had on Reddit would absolutely fit with someone trying to impersonate one of the developers to cause shit.
In fact that actually happened once on one forum.
This isn’t reddit
removed by mod
Holy shit! You just turned email addresses into lemmy posts/profiles!
Do people generally pay much attention to usernames anyway? One of the things that attracted me to old-school forums, then reddit, and now the feddiverse is the decentralized anonymity. It’s all just voices, and they’re all treated as equal, though you can still look at their histories or profiles and get more context if you want. I like that it’s not front-facing. The ideas come first, and personality is secondary.
Usually not, but I saw a poppinKREAM on here and based on their post history, they’re not the same person as on Reddit.
On Reddit, it depends on the subreddit. Some of them I don’t care about usernames at all, but on smaller or more specialty/niche subreddits there actually can be a “community” of people who learn about each other
I imagine it can be similar here
Fair point.
Something I can’t seem to figure out is what determines the @instance.whatever to appear after the username. For example, I’m on lem.ee and you are on lemmy.ml, but I see you as theksepyro, not theksepyro@lemmy.ml
Edit: WAIT I’m dumb. Is it just display name? hahah.
That’s what OP is referring to. You could make thekseyro@lem.ee and comment here, you’d both end up showing up as the same person on anyone using an app that doesn’t show the instance in the username.
Yeah, I don’t remember usernames. Everyone might as well be anon. I remember comments more than the username that posted it.
As far as I can tell the full username is only hidden on the same instance. So for instance, I see your full user name, but I only see the shortname for mine.
Mhm strangely your Name is shortened to Joe for me; but you are on a different Instance than I.
Oh this is interesting. Yours is shortened too.
I host my own instance and it’s just me (because I’m so unlikable I can’t even get my 2 FRIENDS to join my instance. I digress)
I wonder if there’s some setting or ENV variable somewhere on the instance to change that.
Both of you are shortened for me, unlike most others in this comment section. Weird.
If someone sets a display name that is used instead.
Ahh, that makes sense I suppose. Still would be nice to know the home instance at a glance somehow.
Mhm when you hover over a name, it displays the qualified name.
Isn’t it only if you have something configured in display name?
Oh yeah good point, I have a displayname configured.
Same here on memmy but I can click the username and see the full path, like so:
Oh I just noticed that its under the username always!
Interesting that your client doesn’t show my Display Name (macniel) but instead uses my username (DmMacniel)
I think it’s also shortened if you set a “Display name”
I second this
Third
Hi Dr Zoidberg!
I think it would be nice to expect to see user’s full addresses in ui. You can tap around and find it in the options but that takes an active input. If someone is trying to spoof a well known user it should be readily apparent by their @instance registration.
Who cares about impersonation? I barely even look at usernames. It’s the thing I liked about Reddit, and now lemmy. The contrary to things like twitter, the who is way less important than the what.
Yup, the comment and post is way more important here than some wannabe celeb avatar next to it.
It’s the internet the women are men the men are children and the children are fbi
Lemmy has display names.
Two users can have the same name on the same instance, even.
If you need to confirm someone is who they seem to be, the full handle is the only unique aspect.
No I don’t think it’ll be an issue.
I’m on liftoff and it displays the domain for everyone unless it matches the domain the post is on. I think this is a good solution. It cuts down some superfluous text while still fully identifying each commenter.
I disagree. That requires me to be cognizant of which community the post was in when I’m half way through the comments. Just consistently always show the full name.