Re: How to prevent impersonation of other users
by Yendor (Pilgrim) on Oct 27, 2004 at 13:00 UTC
|
I've been a member of many online communities over the years, from online fora to newsgroups to muds. This is a topic that gets brought up from time to time in all of them, it seems. The "regulars" in a group all get to know each other over time, and get very comfortable around each other.
Now, as with any group, there will be people who are not considered "regulars" -- I would be one of those people on PerlMonks. Sometimes, people feel left out not being a part of the "in crowd." Other times, you'll just run into people who want to cause a stir. (Note: I'm not saying either is the case with im2., for I simply don't know.)
This leads to someone asking "How can we make our "entrance requirements" (name choosing, password auto-creation, email verification, what-have-you) a bit stricter so that <some situation> doesn't happen again?
In my experience, this is usually a bad idea, as it has the tendency to limit who will/can be a part of the group.
"But," you say, "that's exactly what I'm asking for!"
Here, I would ask if that's really what you want. Do you intentionally want to turn potential new members away? Is that the best thing for the community?
I have rarely seen the case where an intentional limit placed on community registration turns out to be a good thing for the community as a whole. In addition, even if you were to change the registration process so that new users "Yendor.", "Yen-dor", and "!Yendor" could not be created, would your process also check for, say "Ynedor"? There's always another way to get around that filter... Even if you place someone in charge of "approving" all incoming users, that's only as good as that person is at checking against all current users -- and that system is therefore fallible, as are all people.
In this case, my experience tells me that you will get fooled once -- maybe twice -- by the new user, and then you will learn what to watch for, and likely not get bitten by it a third time.
| [reply] [Watch: Dir/Any] |
|
In my experience, this is usually a bad idea, as it has the tendency to limit who will/can be a part of the group.
"But," you say, "that's exactly what I'm asking for!"
Here, I would ask if that's really what you want. Do you intentionally want to turn potential new members away? Is that the best thing for the community?
Bravo!
I have a strong dislike for programmatic content filters. If we must have an editorial policy on too-similar usernames (like, for instance, tye or im2.), let's make it part of the consideration system. This is not the sort of thing that belongs in code. I'm not convinced that it's the sort of thing that belongs anywhere else, either.
| [reply] [Watch: Dir/Any] |
|
Yendor writes:
Here, I would ask if that's really what you want. Do you intentionally want to turn potential new members away? Is that the best thing for the community?
As someone who has also been a member of many online communities over the years,
I was sorely tempted to reply "Yes, that's exactly what I'd want".
It seem to me that a false scenario - a concern being raised about a thing that isn't happening - is being invoked here. Who is being made to feel
"excluded" by a 'clique' of Monks (well, I know somebody who had this feeling, but he
has left ... and made his own bed)? Is this like when there were the "popular" kids in school, and then there
were the "unpopular" kids, and you had to choose a seat in the lunch room based on
which category you fell into? If that's the scenario, i'd like to humbly (not really, actually) suggest a jumbo dose of "Grow Up". People who bring their issues
to the Monastery will find exactly what they are carrying around inside them.
The contention being made - that people we want will be turned away by some limit
on how they can choose their user name - sounds like an old joke: "I'd never want
to be part of a {club / church / country} that would allow me to be a member", heh.
I personally find it very troubling to see many people agree with this kind of thinking
that denies all personal taking of responsibility for our experiences.
Keeping it effortless to entry the Monastery with an unsuitable Nick contributes to guaranteeing that people with an agenda to cause trouble for others
will find PerlMonks a congenial place to begin playing out their infantile or mentally-disordered
plots. Furthermore I contend that it is human nature to see a membership that involves some
degree of effort or investment as a far more desirable thing than one with no bar to
go over at all.
By setting the bar at entry just a little higher, we could not achieve anything other
than an enhancement of the quality of participation in this community. I'd like to see
the juveniles spend some time out in society first - becoming socialized and overcoming their baby-ish
tendencies and neuroses elsewhere. We here could then spend a bit more of our time on
developing fine ideas about how to enjoy Perl and so on. The juveniles would be welcome
here in a few years when they've achieved some degree of maturity and learned how to
behave.
Soren A / somian / perlspinr / Intrepid
--
Cynicism is not "cool" or "hip" or "intelligent". It's like Saddam Hussein's piss mixed
with 004 grit and nitric acid. It's corrosive to everything it touches, destructive to
human endeavors, foul and disgusting. And ultimately will eat away the insides of the
person who nurtures it.
| [reply] [Watch: Dir/Any] |
|
I do not find Yendor's intentionally wanting to turn potential new members away a valid description of the scenario of someone not getting their chosen nick approved on first try. This is something that will happen on all kinds of systems these days. You're rarely the first and you definitely not always have the option of checking whether your chosen name is avaliable beforehand. This is something I think people are used to, so it would not normally turn anybody away. Annoy for a moment, yes. But turn away, not normally.
On first thought FoxtrotUniform's nick up for consideration idea seems much more viable, but on second thought: What will some novice (or better!) think of the other monks if after some amount of time, they decide that he's had his nick long enough, just because he (possibly even unknowingly) hit too close to home? I wonder...
In my opinion, this option would have to be limited to something like the first 24h of a monk's life, at most. And even then, I still don't like it.
| [reply] [Watch: Dir/Any] |
Re: How to prevent impersonation of other users
by fergal (Chaplain) on Oct 27, 2004 at 12:58 UTC
|
This reminded me of a problem with internationalised domain names, I think there's a Russian character that is pretty much indistinguishable from a lower case Latin "o" but it's not the same, it has it's own codepoint in unicode etc. The problem then is that someone can register perlmonks.org using the Russion "o" and people will be confused, scammed etc.
Veering off topic...
I decided to see if PM was vulnerable to this and tried to create an account with a name of "你好“ (chinese for hello). It seemed to go alright (no error messages). However, the name didn't appear as Chinese characters, it appeared as &xxx;&xxx; so it seems PM doesn't correctly handle general utf characters in usernames (which may be a feature, rather than a bug). Also, I don't seem to have received an email about the account yet either.
| [reply] [Watch: Dir/Any] |
|
We're only latin-1. utf is for other web sites.
| [reply] [Watch: Dir/Any] |
Re: How to prevent impersonation of other users (action > words)
by tye (Sage) on Oct 27, 2004 at 14:46 UTC
|
If you think you can write a robust "this name is too similar to that name" routine (and implement it efficiently with the database), please do so. I'm not going to attempt it.
| [reply] [Watch: Dir/Any] |
|
| [reply] [Watch: Dir/Any] |
Re: How to prevent impersonation of other users
by Joost (Canon) on Oct 27, 2004 at 14:59 UTC
|
I wouldn't put preventing an occasional (deliberatly?) confusing username very high on my priority list. The amount of new users that will be unfairly restricted in their choice of name will probably be much higher.
I would think it's possible for the gods to change someone's username if it turns out to be too confusing. If people really try to abuse the system - and they can anyway, restrictions or not - the most appropriate action would be to disable their account, but I haven't seen any reason to do that (but I must admit I wasn't really paying attention this morning).
Joost.
| [reply] [Watch: Dir/Any] |
Re: How to prevent impersonation of other users
by EdwardG (Vicar) on Oct 27, 2004 at 13:02 UTC
|
Bart: User since: Aug 17, 2002 at 15:36 GMT-1
Barrd: User since: Apr 20, 2001 at 14:48 GMT-1
{egrin}
| [reply] [Watch: Dir/Any] [d/l] [select] |
Re: How to prevent impersonation of other users
by theroninwins (Friar) on Oct 27, 2004 at 13:10 UTC
|
Well yes I agree to this matter 100%. I too was caught on this im2 thing althougth i guess i was first to know what happened...still. Ok the account is not going to be used again i got the account holder to not use the account again and get a new one (note: gods you can delete it; note2: I will not tell who it belongs to here and I think the right people know it already) ... put to the point yes please install a policy to prevent these things.
| [reply] [Watch: Dir/Any] |
Re: How to prevent impersonation of other users
by dimar (Curate) on Oct 27, 2004 at 16:03 UTC
|
Just a quick note in concurrence with the post of Yendor, with whom, in principle, I voice no disagreement: there is also the possibility (however remote) that someone may have the exact 'screen name' as your friend, but be someone else entirely. (creative people can think of numerous ways that could happen) Thus it is just another situation to be wary of, and another reason why healthy intellectual skepticism will always be a useful tool to have in one's internet-navigational toolbox.
| [reply] [Watch: Dir/Any] |
Re: How to prevent impersonation of other users
by CountZero (Bishop) on Oct 27, 2004 at 20:38 UTC
|
I put my trust in the gods taking care of the few and far between aberrations.
CountZero "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law
| [reply] [Watch: Dir/Any] |
|
Actually, me too.
If there's any technical assistance I'd like to see implemented, is a tool that could warn the responsible clan that something suspicious is going on. An extra pair of eyes, so to speak, be it of a technical nature. Perhaps, the approval of the wanted username could be put on hold, until it got approved by the clan. Maybe it could be approved temporarily, and be renamed in case of objections.
It's not just (possibly vicious) willful impersonation, as was the case of Wassercrat (vs. Wassercrats), but also people that request several similar names, in order to correct a typo. Just check out the list for that new fairly new user: Iam2told4this, Iam2old4this, and 2old4this.
And then there's numerous examples of people who have a name very much like the real Anonymous Monk: Anonvmous Monk, Anomynous Monk, Anonyrnous Monk, Anonamous Monk, Anønymous Monk, An Anonymous Monk, to take just the most striking ones.
Now the latter can be seen as a joke, and doesn't actually hurt anyone. The case for Wassercrat and possibly im2. and bart., is different, IMO.
| [reply] [Watch: Dir/Any] |
|
Hey, while we're thinking name revisions, how about we rename "Anonymous Monk" to the shorter and more accurate 'ANonMonk'. (As in "real monks register and participate")
| [reply] [Watch: Dir/Any] |
|
Thanks for the vote of confidence; if someone hadn't taken my votes away, I'd ++ you.
| [reply] [Watch: Dir/Any] |
Re: How to prevent impersonation of other users
by extremely (Priest) on Oct 29, 2004 at 17:47 UTC
|
Yah know, we could probably just add a check for terminal and prefix non-chars and kill about 90% of the abuse. But, I'd be heart broken because I sometimes still use = as a login.
Well, ok, I haven't used it in 199 weeks at this point but still...
--
$you = new YOU;
honk() if $you->love(perl)
| [reply] [Watch: Dir/Any] |
Re: How to prevent impersonation of other users
by Anonymous Monk on Oct 29, 2004 at 23:42 UTC
|
I read PM often, but don't have an account. I would think the following Algorithm would work best:
for all accounts
get general similarity of new with that account
multiply by number of recent posts of that account
most accounts where the result is over a thereshold must approve
accounts that must approve can increment the thereshold
for all accounts that have a regex set
if regex matches account must approve
accounts that must approve here can decrement the thereshold
to set a regex the regex must match the own accountname and it must not match any other accountname or must be approved from this other matching account | [reply] [Watch: Dir/Any] |
Re: How to prevent impersonation of other users
by artist (Parson) on Oct 27, 2004 at 16:12 UTC
|
I continue to coordinate with system with updated knowledge. | [reply] [Watch: Dir/Any] |