this post was submitted on 05 Jul 2023
20 points (100.0% liked)

Asklemmy

1454 readers
76 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
mekhos@lemmy.ml
tmpod@lemmy.pt
14specks@lemmy.ml
20
Is impersonation a possible problem in the fediverse? (programming.dev)
submitted 1 year ago by ICastFist@programming.dev to c/asklemmy@lemmy.ml
14 comments fedilink hide all child comments
 

I mean, pretending to be someone in another instance, "stealing" the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] lvxferre@lemmy.ml 5 points 1 year ago* (last edited 1 year ago) (1 children)

It's a bit of a problem, indeed. Check my current display name as an example - I'm writing from a lemmy.ml account, but the display name impersonates another account in another instance (beehaw.org). Granted, both accs are owned by the same user, but nothing prevents me from doing it towards someone else's account.

Based on that, I think that:

  • the Lemmy software should not allow you to use "@" as part of your display name. Ever.
  • clients should always show which instance you're from, even with a display name. (A simple icon would be fine, as long as instance admins set up unique and identifiable instance icons.)
  • two accounts in the same instance should never be allowed to use the same display name.

And for us, users: never rely on the display name. If the identity of someone is contextually relevant, always check the actual username, not the display name.

[โ€“] skomposzczet@vlemmy.net 4 points 1 year ago

Twitter implementation seems good enough. Big display name with smaller unique handle below. Might be a bit bloat, but solves the problem.