...which allows the owner of the bot to impersonate them.
EDITED from discussion below. The current proposed approach to solving this problem is to modify the way bots are displayed in the frontend UI to make clear they are bots. Concrete ideas on the design wanted!
It's most effective if you use the same username and the same avatar. You can click on the user's avatar or name to see the email address associated (and will see email@example.com), but it's fairly effective.
The hard part in mitigating this would probably be edge cases of character like l and I (lower case 'el' and capital 'eye'), null characters, etc.
Maybe just have a config option to require all bot display names to be prefixed with the user's name?
I agree with @tdickers, because of Unicode characters that look identical to each other, it's difficult to prevent a human user from impersonating another by copying their name and avatar (potentially modulo using a very-similar-looking unicode character).
There are a few things one can do to solve the human or bot impersonation problem:
I think (2) and (4) are probably the most promising technical things to do here, but I'm definitely interested in thoughts!
NAME_CHANGES_DISABLED worked well for solving the "primary user account impersonating another" but doesn't cover the bot case.
@tdickers @kevinr what are your thoughts on approach (4) in my list?
I think number 4 is the best option proposed.
OK, edited the issue description (from Kevin's post) to note that proposal; hopefully someone will have a good idea for how to do this nicely from a design perspective.
We could consider just doing an icon on one side of the user's name; we currently use FontAwesome (http://fontawesome.io/icons/) as our main source for icons.
I will work on this.
Add styling to distinguish bots from human users.
Wrap bot's name inside a bootstrap label with a font-awesome
@kevinr you may want to take a quick look at the options being discussed in #2909.
Wow, I'm way behind on this issue. I commented on #2909.
A couple other options:
Hiya @Kevin Riggle!
Add styling to distinguish bots from human users in message view.
With work by Brock Whittaker and Tim Abbott on rebasing + changing
Just an update on this thread, we just merged #2909, which means we now have different styling for bot users from human users.