I mean, pretending to be someone in another instance, “stealing” the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?

  • Lvxferre
    link
    fedilink
    English
    4
    edit-2
    1 year ago

    It’s a bit of a problem, indeed. Here’s a practical example of that:

    In this example, I’m writing from a lemmy.ml account, but the display name impersonates another account in another instance (beehaw.org). Anyone could do this with someone else’s account.

    Based on that, I think that:

    • the Lemmy software should not allow you to use “@” as part of your display name. Ever. Reserve it as a special character.
    • clients should always show which instance you’re from, even with a display name. A simple icon would be enough as long as instance admins set up uniquely identifiable ones.
    • two accounts in the same instance should never be allowed to use the same display name.

    And for us, users: never rely on the display name. If the identity of someone is contextually relevant, always check the actual username, not the display name.

    • @[email protected]
      link
      fedilink
      English
      31 year ago

      Twitter implementation seems good enough. Big display name with smaller unique handle below. Might be a bit bloat, but solves the problem.