I mean, pretending to be someone in another instance, “stealing” the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?
I mean, pretending to be someone in another instance, “stealing” the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?
Yes, for sure. While the identity of a user can be checked, nobody is going to do this every time. IMO the simplest solution would be to just always show the instance even if a display name is set.
Yeah, I think how most Lemmy clients (including the default web UI) handle display name is a real mistake.