Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

How to prevent impersonation of other users

by bart (Canon)
on Oct 27, 2004 at 10:46 UTC ( #402949=monkdiscuss: print w/replies, xml ) Need Help??

This morning (European time) there was a bit of a stir on the Chatterbox, due to the coming of a new user, im2.. Notice the dot. Many people, including myself, thought it was either castaway or theorbtwo, speaking through their well know robot account, im2. It wasn't.

I personally am not happy about the whole situation. I think choosing a user name that is so similar to the user name of another user, is going to far, and should be forbidden by the site policy. Even more, I think that maybe some automatic system should be installed to prevent creation of usernames that are too close to existing usernames. A difference of only a (some) dot(s), or a swap between an "o" and a "0" is too close, to my taste.

Well, there are always exceptions... like the powerful alter ego's of gods, I really don't mind demerphq having an alternate personality de-merphq, quite the contrary. But I wouldn't be too happy about it, if "de-merphq" was an alternate username for tye, for example.

Sometimes people want to correct typos in their chosen username by creating an account with a corrected name. But shouldn't they rather ask a god to correct the name in their current account?

My 2 cents...

Update Likely it's a joke, but somebody registered the user name bart.. It wasn't me, but it illustrates my point.

  • Comment on How to prevent impersonation of other users

Replies are listed 'Best First'.
Re: How to prevent impersonation of other users
by Yendor (Pilgrim) on Oct 27, 2004 at 13:00 UTC

    I've been a member of many online communities over the years, from online fora to newsgroups to muds. This is a topic that gets brought up from time to time in all of them, it seems. The "regulars" in a group all get to know each other over time, and get very comfortable around each other.

    Now, as with any group, there will be people who are not considered "regulars" -- I would be one of those people on PerlMonks. Sometimes, people feel left out not being a part of the "in crowd." Other times, you'll just run into people who want to cause a stir. (Note: I'm not saying either is the case with im2., for I simply don't know.)

    This leads to someone asking "How can we make our "entrance requirements" (name choosing, password auto-creation, email verification, what-have-you) a bit stricter so that <some situation> doesn't happen again?

    In my experience, this is usually a bad idea, as it has the tendency to limit who will/can be a part of the group.

    "But," you say, "that's exactly what I'm asking for!"

    Here, I would ask if that's really what you want. Do you intentionally want to turn potential new members away? Is that the best thing for the community?

    I have rarely seen the case where an intentional limit placed on community registration turns out to be a good thing for the community as a whole. In addition, even if you were to change the registration process so that new users "Yendor.", "Yen-dor", and "!Yendor" could not be created, would your process also check for, say "Ynedor"? There's always another way to get around that filter... Even if you place someone in charge of "approving" all incoming users, that's only as good as that person is at checking against all current users -- and that system is therefore fallible, as are all people.

    In this case, my experience tells me that you will get fooled once -- maybe twice -- by the new user, and then you will learn what to watch for, and likely not get bitten by it a third time.

      In my experience, this is usually a bad idea, as it has the tendency to limit who will/can be a part of the group.

      "But," you say, "that's exactly what I'm asking for!"

      Here, I would ask if that's really what you want. Do you intentionally want to turn potential new members away? Is that the best thing for the community?


      I have a strong dislike for programmatic content filters. If we must have an editorial policy on too-similar usernames (like, for instance, tye&nbsp; or im2.), let's make it part of the consideration system. This is not the sort of thing that belongs in code. I'm not convinced that it's the sort of thing that belongs anywhere else, either.

      Yours in pedantry,
      F o x t r o t U n i f o r m

      "Lines of code don't matter as long as I'm not writing them." -- merlyn

      Yendor writes:

      Here, I would ask if that's really what you want. Do you intentionally want to turn potential new members away? Is that the best thing for the community?

      As someone who has also been a member of many online communities over the years, I was sorely tempted to reply "Yes, that's exactly what I'd want". It seem to me that a false scenario - a concern being raised about a thing that isn't happening - is being invoked here. Who is being made to feel "excluded" by a 'clique' of Monks (well, I know somebody who had this feeling, but he has left ... and made his own bed)? Is this like when there were the "popular" kids in school, and then there were the "unpopular" kids, and you had to choose a seat in the lunch room based on which category you fell into? If that's the scenario, i'd like to humbly (not really, actually) suggest a jumbo dose of "Grow Up". People who bring their issues to the Monastery will find exactly what they are carrying around inside them.

      The contention being made - that people we want will be turned away by some limit on how they can choose their user name - sounds like an old joke: "I'd never want to be part of a {club / church / country} that would allow me to be a member", heh. I personally find it very troubling to see many people agree with this kind of thinking that denies all personal taking of responsibility for our experiences.

      Keeping it effortless to entry the Monastery with an unsuitable Nick contributes to guaranteeing that people with an agenda to cause trouble for others will find PerlMonks a congenial place to begin playing out their infantile or mentally-disordered plots. Furthermore I contend that it is human nature to see a membership that involves some degree of effort or investment as a far more desirable thing than one with no bar to go over at all.

      By setting the bar at entry just a little higher, we could not achieve anything other than an enhancement of the quality of participation in this community. I'd like to see the juveniles spend some time out in society first - becoming socialized and overcoming their baby-ish tendencies and neuroses elsewhere. We here could then spend a bit more of our time on developing fine ideas about how to enjoy Perl and so on. The juveniles would be welcome here in a few years when they've achieved some degree of maturity and learned how to behave.

          Soren A / somian / perlspinr / Intrepid

      Cynicism is not "cool" or "hip" or "intelligent". It's like Saddam Hussein's piss mixed with 004 grit and nitric acid. It's corrosive to everything it touches, destructive to human endeavors, foul and disgusting. And ultimately will eat away the insides of the person who nurtures it.
      I do not find Yendor's intentionally wanting to turn potential new members away a valid description of the scenario of someone not getting their chosen nick approved on first try. This is something that will happen on all kinds of systems these days. You're rarely the first and you definitely not always have the option of checking whether your chosen name is avaliable beforehand. This is something I think people are used to, so it would not normally turn anybody away. Annoy for a moment, yes. But turn away, not normally.

      On first thought FoxtrotUniform's nick up for consideration idea seems much more viable, but on second thought: What will some novice (or better!) think of the other monks if after some amount of time, they decide that he's had his nick long enough, just because he (possibly even unknowingly) hit too close to home? I wonder...
      In my opinion, this option would have to be limited to something like the first 24h of a monk's life, at most. And even then, I still don't like it.

Re: How to prevent impersonation of other users
by fergal (Chaplain) on Oct 27, 2004 at 12:58 UTC

    This reminded me of a problem with internationalised domain names, I think there's a Russian character that is pretty much indistinguishable from a lower case Latin "o" but it's not the same, it has it's own codepoint in unicode etc. The problem then is that someone can register using the Russion "o" and people will be confused, scammed etc.

    Veering off topic...

    I decided to see if PM was vulnerable to this and tried to create an account with a name of "你好“ (chinese for hello). It seemed to go alright (no error messages). However, the name didn't appear as Chinese characters, it appeared as &xxx;&xxx; so it seems PM doesn't correctly handle general utf characters in usernames (which may be a feature, rather than a bug). Also, I don't seem to have received an email about the account yet either.

      We're only latin-1. utf is for other web sites.
Re: How to prevent impersonation of other users (action > words)
by tye (Sage) on Oct 27, 2004 at 14:46 UTC

    If you think you can write a robust "this name is too similar to that name" routine (and implement it efficiently with the database), please do so. I'm not going to attempt it.

    - tye        

Re: How to prevent impersonation of other users
by Joost (Canon) on Oct 27, 2004 at 14:59 UTC
    I wouldn't put preventing an occasional (deliberatly?) confusing username very high on my priority list. The amount of new users that will be unfairly restricted in their choice of name will probably be much higher.

    I would think it's possible for the gods to change someone's username if it turns out to be too confusing. If people really try to abuse the system - and they can anyway, restrictions or not - the most appropriate action would be to disable their account, but I haven't seen any reason to do that (but I must admit I wasn't really paying attention this morning).


Re: How to prevent impersonation of other users
by EdwardG (Vicar) on Oct 27, 2004 at 13:02 UTC

    Bart:  User since: Aug 17, 2002 at 15:36 GMT-1

    Barrd: User since: Apr 20, 2001 at 14:48 GMT-1



Re: How to prevent impersonation of other users
by theroninwins (Friar) on Oct 27, 2004 at 13:10 UTC
    Well yes I agree to this matter 100%. I too was caught on this im2 thing althougth i guess i was first to know what happened...still. Ok the account is not going to be used again i got the account holder to not use the account again and get a new one (note: gods you can delete it; note2: I will not tell who it belongs to here and I think the right people know it already) ... put to the point yes please install a policy to prevent these things.
Re: How to prevent impersonation of other users
by dimar (Curate) on Oct 27, 2004 at 16:03 UTC

    Just a quick note in concurrence with the post of Yendor, with whom, in principle, I voice no disagreement: there is also the possibility (however remote) that someone may have the exact 'screen name' as your friend, but be someone else entirely. (creative people can think of numerous ways that could happen)

    Thus it is just another situation to be wary of, and another reason why healthy intellectual skepticism will always be a useful tool to have in one's internet-navigational toolbox.

Re: How to prevent impersonation of other users
by CountZero (Bishop) on Oct 27, 2004 at 20:38 UTC
    I put my trust in the gods taking care of the few and far between aberrations.


    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

      Actually, me too.

      If there's any technical assistance I'd like to see implemented, is a tool that could warn the responsible clan that something suspicious is going on. An extra pair of eyes, so to speak, be it of a technical nature. Perhaps, the approval of the wanted username could be put on hold, until it got approved by the clan. Maybe it could be approved temporarily, and be renamed in case of objections.

      It's not just (possibly vicious) willful impersonation, as was the case of Wassercrat (vs. Wassercrats), but also people that request several similar names, in order to correct a typo. Just check out the list for that new fairly new user: Iam2told4this, Iam2old4this, and 2old4this.

      And then there's numerous examples of people who have a name very much like the real Anonymous Monk: Anonvmous Monk, Anomynous Monk, Anonyrnous Monk, Anonamous Monk, Anønymous Monk, An Anonymous Monk, to take just the most striking ones.

      Now the latter can be seen as a joke, and doesn't actually hurt anyone. The case for Wassercrat and possibly im2. and bart., is different, IMO.

        Hey, while we're thinking name revisions, how about we rename "Anonymous Monk" to the shorter and more accurate 'ANonMonk'. (As in "real monks register and participate")
        Thanks for the vote of confidence; if someone hadn't taken my votes away, I'd ++ you.
Re: How to prevent impersonation of other users
by extremely (Priest) on Oct 29, 2004 at 17:47 UTC
    Yah know, we could probably just add a check for terminal and prefix non-chars and kill about 90% of the abuse. But, I'd be heart broken because I sometimes still use = as a login.

    Well, ok, I haven't used it in 199 weeks at this point but still...

    $you = new YOU;
    honk() if $you->love(perl)

Re: How to prevent impersonation of other users
by Anonymous Monk on Oct 29, 2004 at 23:42 UTC
    I read PM often, but don't have an account. I would think the following Algorithm would work best:

    for all accounts
    get general similarity of new with that account
    multiply by number of recent posts of that account

    most accounts where the result is over a thereshold must approve
    accounts that must approve can increment the thereshold

    for all accounts that have a regex set
    if regex matches account must approve
    accounts that must approve here can decrement the thereshold

    to set a regex the regex must match the own accountname and it must not match any other accountname or must be approved from this other matching account

Re: How to prevent impersonation of other users
by artist (Parson) on Oct 27, 2004 at 16:12 UTC
    I continue to coordinate with system with updated knowledge.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: monkdiscuss [id://402949]
Approved by Happy-the-monk
Front-paged by theroninwins
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (None)
    As of 2017-09-21 23:11 GMT
    Find Nodes?
      Voting Booth?
      During the recent solar eclipse, I:

      Results (254 votes). Check out past polls.