this post was submitted on 05 Jul 2023
7 points (100.0% liked)

Asklemmy

42609 readers
831 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
mekhos@lemmy.ml
tmpod@lemmy.pt
14specks@lemmy.ml
ada@lemmy.blahaj.zone
AdaShovelace@lemmy.ml
7
Is impersonation a possible problem in the fediverse? (programming.dev)
submitted 1 year ago by ICastFist@programming.dev to c/asklemmy@lemmy.ml
11 comments fedilink hide all child comments
 

I mean, pretending to be someone in another instance, "stealing" the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] lvxferre@lemmy.ml 1 points 1 year ago* (last edited 1 year ago) (1 children)

It's a bit of a problem, indeed. Here's a practical example of that:

In this example, I'm writing from a lemmy.ml account, but the display name impersonates another account in another instance (beehaw.org). Anyone could do this with someone else's account.

Based on that, I think that:

  • the Lemmy software should not allow you to use "@" as part of your display name. Ever. Reserve it as a special character.
  • clients should always show which instance you're from, even with a display name. A simple icon would be enough as long as instance admins set up uniquely identifiable ones.
  • two accounts in the same instance should never be allowed to use the same display name.

And for us, users: never rely on the display name. If the identity of someone is contextually relevant, always check the actual username, not the display name.

[โ€“] skomposzczet@vlemmy.net 1 points 1 year ago

Twitter implementation seems good enough. Big display name with smaller unique handle below. Might be a bit bloat, but solves the problem.