I was recently approached by a user claiming to be the developer of Sync for Lemmy who wanted to be a moderator of the community I created, !syncforlemmy.
I was able to verify this user was indeed LJ Dawson as I knew where to contact him on Discord.
It is quite possible that an impostor user on another instance may be created, for example [email protected] could easily be made.
Should Lemmy have a verified user marker for members who are of importance to any given community? Are there any other options to protect users against nefarious persons playing impostor?
That’s doesn’t mean anything though.
Nobody else can have the username [email protected] but Lemmy.world is only one of hundreds of instances on Lemmy.
I could go right now and make Izzy@<any other Lemmy instance> and depending on the client used, nobody would be able to tell the difference if that client doesn’t list the instance as part of the username. For example, both mlem and Memmy on iOS do not show full usernames by default. You just show up as Izzy to me. So [email protected] and [email protected] would show as the same user to me.
That is a deficiency in those implementations, not in the platform itself.
Unless the Lemmy devs create their own app, the vast majority of users are going to use third party apps like mlem and Memmy.
So it’s still a problem with the platform if the username databases for instances don’t validate against each other to prevent reuse and impersonation.
At least in every UI implementation I’ve seen so far that would show up as [email protected]. Only usernames that are on the same instance omit the @instance part of the username. Not adding that would be as silly as not adding it in email.