25

I mean, pretending to be someone in another instance, "stealing" the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?

top 26 comments
sorted by: hot top controversial new old
[-] sim642@lemm.ee 19 points 1 year ago

That's why instance is part of the username. It's no different than email addresses.

[-] director@some.institute 5 points 1 year ago

Confusing similar domain names are a common thing with email. Micr0soft.com vs Microsoft.com. Same idea could be done with instances.

[-] PonyOfWar@pawb.social 3 points 1 year ago

Setting a display name hides the instance bit. You have to check the URL or profile to see which instance they're on, which people definitely won't do every time. Especially if an impersonator just joins inside a thread mid-conversation, it won't be obvious at all that it's suddenly a different person writing.

[-] ritswd@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

Just like emails, when people write something like ”Amazon Gift Cards” <yolo@yolo.com> in the From field.

[-] skomposzczet@vlemmy.net 1 points 1 year ago

His concern is probably that in comments etc. only username is displayed. You have to go to person's profile to discover their instance.

[-] sideone@lemmy.world 1 points 1 year ago

Instance is shown if it's different to the one you're on. I can see your instance is vlemmy.net

[-] nan@lemmy.blahaj.zone 1 points 1 year ago* (last edited 1 year ago)

Not if they set a display name. Many of the mobile apps are also bad about it even without a display name.

[-] saba 1 points 1 year ago

that's true, but currently people can set their display name to anything, for example, i could set my display name to @sideone@lemmy.world

we could all set that as our display name.

[-] sideone@lemmy.world 1 points 1 year ago
[-] PonyOfWar@pawb.social 14 points 1 year ago

Yes, for sure. While the identity of a user can be checked, nobody is going to do this every time. IMO the simplest solution would be to just always show the instance even if a display name is set.

[-] terribleplan@lemmy.nrd.li 5 points 1 year ago

Yeah, I think how most Lemmy clients (including the default web UI) handle display name is a real mistake.

[-] ICastFist@programming.dev 1 points 1 year ago

It currently shows: pic, username (or login name@instance), local link to the comment, federated link, language

Seems like the easiest solution would be to always show the user's instance in a separated column

[-] dQw4w9WgXcQ@vlemmy.net 1 points 1 year ago

I feel like they could solve it by adding instance only when another user with similar name is present in the comment section. It would make it clear that a duplicate username is present without changing a lot for a majority of lemmy-commenr sections.

[-] BlackEco@lemmy.blackeco.com 7 points 1 year ago* (last edited 1 year ago)

Some other projects in the fediverse have a verification mechanism in place.

I personally like Mastodon's: if you add on your profile a link to a webpage that itself links to your profile, Mastodon will show a green checkmark next to the link: https://joinmastodon.org/verification

So you can verify your profile by linking to a webpage you own or testifies your account's authenticity (ie. your blog, your author page of the publication your write for, etc.)

[-] lvxferre@lemmy.ml 4 points 1 year ago* (last edited 1 year ago)

It's a bit of a problem, indeed. Here's a practical example of that:

In this example, I'm writing from a lemmy.ml account, but the display name impersonates another account in another instance (beehaw.org). Anyone could do this with someone else's account.

Based on that, I think that:

  • the Lemmy software should not allow you to use "@" as part of your display name. Ever. Reserve it as a special character.
  • clients should always show which instance you're from, even with a display name. A simple icon would be enough as long as instance admins set up uniquely identifiable ones.
  • two accounts in the same instance should never be allowed to use the same display name.

And for us, users: never rely on the display name. If the identity of someone is contextually relevant, always check the actual username, not the display name.

[-] skomposzczet@vlemmy.net 3 points 1 year ago

Twitter implementation seems good enough. Big display name with smaller unique handle below. Might be a bit bloat, but solves the problem.

[-] n2burns@lemmy.ca 2 points 1 year ago

To me, this just seems like a variation of the age-old issue of online impersonation. In the early days of social media, there were people squatting on famous people's name/registering variations.

On my instance, admins are tagged as such which seems like a good solution. I wouldn't be surprised if we start seeing verification like on Mastodon, though I couldn't find any issues for this on their github.

[-] hsl@wayfarershaven.eu 0 points 1 year ago

This was discussed deeply a few days back.

load more comments
view more: next ›
this post was submitted on 05 Jul 2023
25 points (96.3% liked)

Asklemmy

43992 readers
692 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS