Well it must be obvious for any user that anyone they see or hear or receive an IM from is using either a user name or a display name. And by obvious I mean "validated by the server during the transaction", not "forged by another viewer which can pretend to use any user name". In other words, any token of information (visual or textual) is signed with the user name of the agent, and that signature is generated server side. Security must always be server side anyway. The way the receiving viewer interprets those signatures is not important. It could simply enclose a display name into brackets, for instance, or display it in green, or add "this is a display name" after it, or whatever. But the viewer must have a way to clearly distinguish the two names, and to clearly relay the information to the user.
On 19 August 2010 21:55, Michael Schlenker <schl...@uni-oldenburg.de> wrote: > > Am 19.08.2010 um 21:30 schrieb Daniel Smith: > > > On Thu, Aug 19, 2010 at 12:09 PM, Michael Schlenker > > <schl...@uni-oldenburg.de> wrote: > >> > >> > >> How about a display option in the viewer that can 'highlight' the fact > that your display name is the same as your username > >> (different colour, font or an other UI hint). > >> That would prevent many of the imposter issues, as it would be pretty > obvious. > >> > >> Maybe an opt-out to deny the use of current usernames as display names > would be appropriate, but a general ban to reuse a current username > >> as a display name sounds a bit excessive. > >> > > > > > The default situation should be "I have taken a moment to think about > > the implications > > of others using my username, and I trust them, and I am fine with > > that, so I will > > make the decision to turn it on". > > > > I still have not heard a definitive answer as to what gets logged in > > IM and Chat. > > Forget the "display" for a moment. What do you want to have logged as > > "Michael Schlenker" > > that you did not write? > > Well 'Michael Schlenker' is common enough that i regularly have issues with > the name (and even more so initials) being taken > already and even getting emails and stuff because of that. So i do not > worry about things getting logged with my name, > as i know it happens, and does not create huge troubles, unless some > malicious person actively exploits it (or some agency > is incompetent like the social registry in germany which messed up my > records with the ones of my twin for years). > > But you look from the wrong direction and construct unrealistic scenarios. > 1. If you log things, use the UUID internally, store the display name with > it (as it can change) and make it just a display option what is shown, ever > other way to implement > logging is simply wrong > 2. For the UI either make an option so display names that match the legacy > username of the AV are highlighted or the opposite, > to provide an easy non script based option to verify a legacy username > users identity via name alone. > 3. Provide an explicit opt-out for those that are seriously worried > (typically shop owners, or other 'public figures'). > > That would pretty much match the typical regulations in RL, at least in > germany (don't know enough about US or other law). > > The fact that your current username is unique is just a coincidence of the > LL decision to use that username as a key in their database. Its not a > natural law to have a unique name. > > Michael > > > > > _______________________________________________ > Policies and (un)subscribe information available here: > http://wiki.secondlife.com/wiki/OpenSource-Dev > Please read the policies before posting to keep unmoderated posting > privileges >
_______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
