New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bots can be created with the same full name as existing users #1107
Comments
It's most effective if you use the same username and the same avatar. You can click on the user's avatar or name to see the email address associated (and will see xxx-bot@yyy.zz), but it's fairly effective. The hard part in mitigating this would probably be edge cases of character like l and I (lower case 'el' and capital 'eye'), null characters, etc. Maybe just have a config option to require all bot display names to be prefixed with the user's name? |
I agree with @tdickers, because of Unicode characters that look identical to each other, it's difficult to prevent a human user from impersonating another by copying their name and avatar (potentially modulo using a very-similar-looking unicode character). There are a few things one can do to solve the human or bot impersonation problem:
I think (2) and (4) are probably the most promising technical things to do here, but I'm definitely interested in thoughts! |
NAME_CHANGES_DISABLED worked well for solving the "primary user account impersonating another" but doesn't cover the bot case. |
I think number 4 is the best option proposed. |
OK, edited the issue description (from Kevin's post) to note that proposal; hopefully someone will have a good idea for how to do this nicely from a design perspective. We could consider just doing an icon on one side of the user's name; we currently use FontAwesome (http://fontawesome.io/icons/) as our main source for icons. |
I will work on this. |
Wow, I'm way behind on this issue. I commented on #2909. A couple other options:
|
Just an update on this thread, we just merged #2909, which means we now have different styling for bot users from human users. |
...which allows the owner of the bot to impersonate them.
EDITED from discussion below. The current proposed approach to solving this problem is to modify the way bots are displayed in the frontend UI to make clear they are bots. Concrete ideas on the design wanted!
The text was updated successfully, but these errors were encountered: