~whereswaldon/arbor-dev#32: 
Ensure duplicate usernames are visually disambiguated

Right now, two different identities with the same username appear the same. This poses both a UX and security issue. This situation should be resolved by visually marking the two users, though it's not completely clear how to do so.

Ideas include:

  • color them differently
  • expose part of their identity ID like a fingerprint/pin (think Discord's @name#1234 system)
  • add symbols to the beginning/end of their names
Status
REPORTED
Submitter
~whereswaldon
Assigned to
No-one
Submitted
10 months ago
Updated
4 months ago
Labels
feature release-blocker security wisteria

~whereswaldon closed duplicate ticket #30 10 months ago

~amolith 4 months ago

To throw this out there, you could also differentiate between duplicate usernames in the bottom bar where metadata goes. For each user, maybe display a shortened version of their signature ID or Name#8137 as you suggested above. Personally, I like that in combination with colouring their names differently inline. It would be a subtle visual hint right where you're looking but also displayed in a more obvious manner below. It can sometimes be hard to differentiate between two colours so an additional method would be beneficial to include.

~whereswaldon 4 months ago

~amolith Good thought. I worry about that bottom bar being too cramped on narrower terminals though. It can be pretty tight right now with just the reply node's ID. Maybe a keybinding to inspect the ID of the currently selected node's sender?

Regardless, I think that:

  • All usernames can be colorized to provide subtle warning of one user trying to pose as another.
  • We can display a short component of the node ID of a user after their username all the time. It would look something like whereswaldon#RyQy. This example is only using the first 4 base64url-encoded characters of my identity's node ID (so it doesn't actually capture which hash it is or the digest length), but I'm uncertain how important that is for this purpose...
  • We can detect duplicate usernames and be more aggressive about visualizing the differences between them. This will not detect subtle things like switching the character set of a single letter or including weird unicode whitespace, but it should help with the most blatant attempts to impersonate another user.
Register here or Log in to comment, or comment via email.