I mean, pretending to be someone in another instance, “stealing” the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?

  • sim642@lemm.ee
    link
    fedilink
    English
    arrow-up
    19
    ·
    1 year ago

    That’s why instance is part of the username. It’s no different than email addresses.

  • BlackEco@lemmy.blackeco.com
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Some other projects in the fediverse have a verification mechanism in place.

    I personally like Mastodon’s: if you add on your profile a link to a webpage that itself links to your profile, Mastodon will show a green checkmark next to the link.

    So you can verify your profile by linking to a webpage you own or testifies your account’s authenticity (ie. your blog, your author page of the publication your write for, etc.)

  • Lvxferre@lemmy.ml
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    1 year ago

    It’s a bit of a problem, indeed. Here’s a practical example of that:

    In this example, I’m writing from a lemmy.ml account, but the display name impersonates another account in another instance (beehaw.org). Anyone could do this with someone else’s account.

    Based on that, I think that:

    • the Lemmy software should not allow you to use “@” as part of your display name. Ever. Reserve it as a special character.
    • clients should always show which instance you’re from, even with a display name. A simple icon would be enough as long as instance admins set up uniquely identifiable ones.
    • two accounts in the same instance should never be allowed to use the same display name.

    And for us, users: never rely on the display name. If the identity of someone is contextually relevant, always check the actual username, not the display name.

    • skomposzczet@vlemmy.net
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Twitter implementation seems good enough. Big display name with smaller unique handle below. Might be a bit bloat, but solves the problem.

  • n2burns@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    To me, this just seems like a variation of the age-old issue of online impersonation. In the early days of social media, there were people squatting on famous people’s name/registering variations.

    On my instance, admins are tagged as such which seems like a good solution. I wouldn’t be surprised if we start seeing verification like on Mastodon, though I couldn’t find any issues for this on their github.

  • Granixo@feddit.cl
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    5
    ·
    1 year ago

    It’s something we should be worried about everywhere we go online.

    So try having at least 3 different passwords for personal accounts/websites and also contact moderators or support if you suspect your account has been compromised.

    • Vlyn@lemmy.ml
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      1 year ago

      So try having at least 3 different passwords for personal accounts/websites

      That’s an awful take. Grab a password manager and have a random password for every single account of yours. That way all you have to do is remember a single strong password and that’s it. Instead of playing Russian roulette when one service you use gets hacked and someone gets a hold of your username / email and one of your 3 different passwords…

    • n2burns@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      So try having at least 3 different passwords for personal accounts/websites

      That’s terrible advice when password managers are a thing. Also, this is about impersonation, not credential theft.