Usernames using randomized nonsense
from Burstar@sopuli.xyz to fediverse@lemmy.world on 09 May 15:46
https://sopuli.xyz/post/26769341
from Burstar@sopuli.xyz to fediverse@lemmy.world on 09 May 15:46
https://sopuli.xyz/post/26769341
I’ve been noticing an influx of users with anonomized usernames (ie: fjdasklfpudiosa722104891fdaf20j.srv.us).
As a moderator this concerns me because it immediately triggers a ‘this is a bot or nefarious actor’ instinct. Is there any reason not to be wary of these accounts?
threaded - newest
sounds reasonable, because this definitely looks like low-effort bots
I’ve been using Fedi for a long time and from the very beginning I’ve been afraid of spam and bots ruining it, at least temporarily. Spam is still a problem with e-mail, and it’s been around for 40 years and they’ve developed very sophisticated anti-spam mitigations for it.
The problem is that most of the ‘spam’ comes from official things like websites that you’ve signed up to and didn’t realise would also include dumb fkn emails periodically. And they don’t always do it right away either. I’ve had emails suddenly start arriving from somewhere that I signed up to like a year before.
Personally, my spam mitigation is to have one email address for signing up to shit with. Then these assholes can email me until they’re blue in the face and I don’t care because the only time I ever visit that inbox is for verification. And then I have another email address for personal use that never gets used because who uses email for personal use these days?
In conclusion. Email is for signing up to things and collecting trash that I’ll never look at.
I, for the life of me, couldn’t stop nextdoor from emailing me. I could unsubscribe myself from one category of email and they’ll start popping up again. Just had to block it on my end.
IMHO messages from things you’ve signed up to are unlikely to be “spam”. I’ve always understood that word to mainly mean completely unsolicited messages from people you have no previous relationship with at all; though if it’s clearly unwanted it might include some of the former too.
A ton of things I have signed up for spam me with trash emails that they don’t put in the ‘sales’ or ‘offers’ categories I unchecked. Just because I was forced to create an account to buy one thing doesn’t mean I have a ‘business relatiotionship’ that justifies multiple daily reminders of what they have in stock.
That’s probably just mail that lands in your spam folder without being entirely blocked. According to Microsoft and Google approximately 99% of incoming spam (of the ~160 billion spam emails sent per day) never even reaches their users mailboxes. I assume that’s roughly standard across email providers. I am concerned comparably sophisticated filtering may become necessary on the Fediverse eventually.
I get the concern but I don’t think you need to be as concerned as with email. Email is a lot simpler without a lot of validation. On the fediverse, HTTP Signatures are used to verify requests, so you can’t spoof stuff as easily.
That said, spam mitigation will probably still be an issue that continuously needs to be dealt with.
My Google and Microsoft accounts are the only ones I ever get random spam on, tbh. I’ve never had any amount of unasked for mail with a paid provider or ISP’s email.
If an instance has a lot of spam, admins tend to notice and block it. In the future it’s likely admins will have more tools too, but for now the system works pretty well.
Checking the modlog i see one user - @abff08f4813c@j4vcdedmiokf56h3ho4t62mlku.srv.us, who [despite the weird name] seems like a legitimate account.
Which the reason afaik they have such a weird name is: lemmy.dbzer0.com/post/26773150/14235814
Are there any other users you’ve noticed with this type of username/instance name? This is the only one i saw.
Wierdly, when I click on the link I get a ‘server cannot handle the request error’.
Regardless, I agree that it ‘acts’ like a legit account, but still think it’s sus as hell. That entry in the modlog is from today, but I’ve definitely handled similar accounts in the past, and seen others do so elsewhere.
Sorry bout that. Instance was down for some time.
Anyways here’s a mirror just in case
<img alt="" src="https://lemmy.dbzer0.com/pictrs/image/33a9a081-f214-492f-946f-7c996567ab34.webp">
I didn’t see any of that, but i’ll take your word for it. Still, this is most likely, if not definitely a real account.
Ah, thanks for this.
Technically it can be someone who just wants to be anonymous, but honestly they could at least use something readable
If they want to be anonymous, sure. But they should at minimum change their display name to “Anonymous”
Totally agreed
Also, some people will intentionally add numbers at the end of the alias to make it look like all the good names were already taken. Sort of like a joke or a reference to all the bigger social media platforms.
I don’t really understand that one haha
It used to be common.
Using a barcode username is nice for being anonymous
Eg.
IlIIIllIIl
It’s a combination of lower case L and upper case I
Flashbacks to Rainbow Six Siege cheaters 💀
That’s incredible, I’ll use this in the future
No pipes?
maybe we could create a suspicious account review channel and submit them there for folks to do some digg’ing.
not sure about comms with other Admins but it would be nice to harmonize efforts amongst them a bit more/better.
My first guess with this would be: they were read-only, then they wanted to post something or write a reply to someone and at the time considered it to be a one-time thing and created sort of “throwaway account” for that specifically, but then they kept visiting the place and it kind of just stick with them. Yet again, my guess might be completely wrong. But at least this is one of the possible motivations behind such accounts.
I picked an RNG name since my old common username (from reddit, etc) was not available when I started on kbin.social (RIP) and I couldn’t think of anything else I wanted to be called. I deliberately kept it short though. Not sure what to make of other RNG names – esp. long unintelligible ones – but I’ve seen at least one account that I think is legit which has a long, bizarre RNG-looking username and a non-English display name, so 🤷️
Brother! 🍻
You’re mostly right – those names sound like overkill. However do note I have been using Bitwarden’s Name Generator (random noun + number) and I’ve evolved the scheme a bit ( it is now always ‘user’ and I keep adding numbers until the generated username is available ).
You are THE user
john user himself
No more wary than, say, CriticalBadger or SuccessfulCrab45. Some of the more obvious bots have very normal-looking names.
There are people that have a name that looks random, but has a meaning
some people don’t like personalizations. this is the first account in at least 10 yrs i picked a username for. normally it’s just the string a password generator spit out. this time, i guess i figured after surving 18 months on world before deleting the account and moving. i could put 5 seconds into picking a name, since i’ll likely be on lemmy until it dies. at some point in the next year i may add the word ‘no’ to my bio but thats an excessive amount of personalization for me.
If I wanted to create bot accounts I would generate believable names
I always use randomly-generated user names. I try to avoid strings of random numbers and letters, but coming up with reasonably nice-looking random names is time-consuming, and some people might not care that much.
Have you found a convenient way of generating those? And does it integrate with any password manager you might be using?
I use Apples “Hide my email” with the password manager so I always have a randomly generated email and randomly generated password and they’re managed together. However there’s not really support for a username distinct from but in addition to email, nor a way to generate those randomly
Bitwarden includes a username generator with a few different options for types.
Bitwarden does it nicely, you can click the random button on the username field when adding a new entry.
I use random websites that don’t require Javascript, tbh, and manually paste the name into KeePassXC.
It’s actually a good idea - I need to figure out how to do that.
For the last several years I’ve used randomly generated email addresses for every account. I can turn off forwarding when they’re inevitably leaked to spammers and there’s one less thing for demographers to aggregate data on me with. That works well when every service insists on a working email address.
But then I get lazy and use a more obvious username so I can remember it. I need to be able to auto-generate those as well
Privacy.
You can be suspicious but shouldn’t just outright start banning them.
😆😂🤣 Uuuuhh… Aaaah… I normally generate a random password and use it as my username for most services. Like even my bank.
This is because I’ve realized the username is mostly useless and is just a handle for my account. It doesn’t matter to me if my username is jsmith, meow123, or kekxbek. In fact, it’s easier if I don’t have to come up with something novel or cool. Either way it goes in my password manager, so it’s not like I have to even remember it.
I’m a real boy. I promise. Not a malicious bot.
Although… If I were a malicious bot, that’s exactly what I would say! 😲