1. 37
  1.  

  2. 11

    Random historical factoid: when I joined Twitter there were no usernames. Identity was through your phone number. First names were used unless there was ambiguity and then it would fall back to full names. After a month or two they switched to usernames.

    1. 7

      I think this starts well and speaks to some real problems, but I’m less than convinced by the conclusion. Usernames that can be typed are useful, and in several ways. I’ve attempted to sort these examples in ascending order of elementarity.

      • They can be roundtripped through clipboards and email/notepad/etc apps
      • Legacy software understands them
      • They can be processed by generic tools
      • They’re compatible with assistive technology
      • They can be roundtripped through physical writing
      • Humans can remember and copy them

      I’m not sure where to put it, but a point that’s relevant to me is that it’s much faster for me to type things that don’t involve roundtrips. There are a few reasons for that, and some of them—like the fact that most interfaces are pretty laggy—are eminently fixable, but one feels fundamental: I’m usually typing a few words ahead of what I’m reading back, if I’m reading back at all. Using an interactive username selector, even a hypothetical perfect one, breaks the pipeline, so to speak.

      1. 7

        The way Discord (and Blizzard) address both use cases is mentioned offhand in the article. IMO it’s really nice. You pick a friendly username (e.g. “Richard”). This does not have to be unique. The system automatically generates a few decimal digits to make it unique (e.g. “Richard#123456”). The sequence of digits is usually 4 digits long, but can be longer if a given friendly username is common.

        In “local” contexts like a chat channel, the friendly username is almost always unique so you can identify me by just that.

        In “global” contexts like adding a friend, you’re asked for the full globally-unique handle with the digits too.

        1. 10

          The Blizzard system is also great because other users’ numbers are always hidden, and you can’t send someone a friend request without either playing a game with them or knowing their secret number. That makes it a really nice spam prevention tool as well – you have this secret part of your identity that is both a disambiguator for your username but also a small secret that lets you be selective about who gets to send you messages. I’m a huge fan of the system and miss it when I play other social games!

          1. 1

            I forgot that aspect. Yeah, that’s nice.

          2. 2

            It’s good that the globally-unique handles are human- and print-friendly, but a little disappointing to me that Discord’s UI for mentioning people is still roundtrippy.

            1. 2

              Oof yeah I got this part not right - Discord’s UI for mentions doesn’t actually work quite as nicely with local name uniqueness like I was thinking.

              I believe that in principle it could but it isn’t quite that nice.

        2. 4

          I feel compelled to put out that a lot of this isn’t new, but people like rediscovering why identity is hard (I guess). One of the first things I read about this is the tri-partite identity pattern which is itself based on older experiences.

          1. 3

            While I’m in favor of getting rid of unique, discriminable usernames… you still need unique identifiers of some kind which can be exposed. Numeric or UUID seems to be fine. Are there any downsides to those?

            I’m building a social media system that doesn’t have usernames per se; users have URLs (where their stuff lives) and cryptographic IDs (which identify them and allow portability), but they’ll be represented in the UI either by the names they choose for themselves or by “petnames” chosen by the viewer. Under the covers, an @-mention is the URL+pubkey pair, and it gets rendered differently for different viewers.

            1. 3

              URLs aren’t the only place GitHub usernames are used. Using the web interface, in some cases, will create commits with the email [email protected].

              UGH I hate Cloudflare so much. -.-

              1. 1

                I’m not sure why you’re seeing “email protected”—I don’t see that even with Tor. If you didn’t already find a way around the overeager protection, here’s the email address I see: myusername@users.noreply.github.com.

                1. 2

                  They obfuscate anything with an @ sign in it, email or not. You have to enable Javascript for them to decode it, which I don’t in general.

                  But a little bird has told me about a Firefox extension that decodes these, and Cloudflare’s “protection” turns out to be absurdly simple:

                  https://addons.mozilla.org/en-GB/firefox/addon/email-protected/

                  const [key, ...encoded] = data.match(/.{2}/g).map(e => parseInt(e, 16))
                  let bytes = encoded.map(e => String.fromCharCode(e ^ key)).join("")
                  

                  All this annoyance and it turns out to be the kind of “protection” algorithm I would have written in middle school.

              2. 2

                Long before QQ, ICQ also assigned numeric user IDs to people & we had to remember those to message people!

                1. 2

                  Very interesting. Yet another confirmation that Identity Is Hard.

                  I wonder if we could put together a standard protocol and accompanying open source implementation of the specialized tools created by Discord and Slack to address this problem. Specifically:

                  (1) Rich text editor widget that has “find reference for @ mention” as a core component

                  (2) Label <-> ID mapping service to translate between user-readable and machine-robust IDs

                  Fundamentally unambiguous entity references are hard. This whole article assumes you’re trying to reference a single data set. This gets much harder when you start looking at independent datasets for the same thing. e.g. CRM databases across sites / companies will refer to overlapping but non-identical sets of people. Place names have tons of apparent duplicates (e.g. Paris, TX) that need a lot of context to unravel.