I mean, pretending to be someone in another instance, “stealing” the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?
I mean, pretending to be someone in another instance, “stealing” the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?
That’s why instance is part of the username. It’s no different than email addresses.
Confusing similar domain names are a common thing with email. Micr0soft.com vs Microsoft.com. Same idea could be done with instances.
Setting a display name hides the instance bit. You have to check the URL or profile to see which instance they’re on, which people definitely won’t do every time. Especially if an impersonator just joins inside a thread mid-conversation, it won’t be obvious at all that it’s suddenly a different person writing.
Just like emails, when people write something like
”Amazon Gift Cards” <yolo@yolo.com>
in theFrom
field.His concern is probably that in comments etc. only username is displayed. You have to go to person’s profile to discover their instance.
Instance is shown if it’s different to the one you’re on. I can see your instance is vlemmy.net
Not if they set a display name. Many of the mobile apps are also bad about it even without a display name.