Vanilla 1.1.9 is a product of Lussumo. More Information: Documentation, Community Support.
I may have jumped the gun here. See discussion at http://mathoverflow.net/questions/9004/just-a-try-to-do . (ED: the page has been deleted, so you won't be able to see anything here)
Discussion at where? (Page does not exist.) And some times you have to exploit a hole to be sure it exists.
Those are both unregistered users, and it looks to me like they really have the same name. My understanding is that it's possible to accidentally create a duplicate unregistered user if you lose the cookie the site gives you when you create the first one. In particular, if you are an unregistered user, you should not assume that others cannot impersonate you (you have staked no claim to your username).
For reference, here's a copy and paste of the deleted page:
just a try to do vote up -7 vote down star
try to get a fake account numerical-analysis mod|edit|close (1)|undelete
asked 2 hours ago Erwin 1
1 I flagged this as spam. I think if enough people do this it gets automatically deleted. – Jonas Meyer 2 hours ago [delete this comment] Oh, are you the same Erwin as mathoverflow.net/users/2605/erwin ? I had made a different assumption (see meta.mathoverflow.net/discussion/101/… ); I apologize. Merging registered and unregistered accounts seems to be tricky. For now, the best solution seems to be to e-mail Anton: geraschenko@mathoverflow.net – David Speyer 2 hours ago [delete this comment]
locked by Community♦ 2 hours ago
deleted by Community♦ 2 hours ago vote up 0 vote down
Sorry, yes it is a kind of spam. I just tried to catch the cookie from my earlier post. But I messed up the tags (I wanted to take an unknown one which would have prevented the posting.) mod|link|edit|undelete deleted 2 hours ago
answered 2 hours ago Erwin 1
Display names are not unique at all. You can make your display name anything you want, even if another user is already using it. People will have to just tell you apart by your user numbers or by your avatars. I can't think of a way to improve the situation (I actually think it's pretty close to optimal, given the identity spoofing is pretty much impossible to truly prevent).
The different Erwins are all the same person (at least they all came from the same IP and used the same email address). I've emailed the user, asking him to register an account, after which I'll merge them all into one.
Automatic retrieval of orphaned cookie-based accounts is planned for a future version of the SE software (hopefully it will be in the next beta), so people will be able to get back their unregistered accounts even if they lose the cookie.
"everyone would notice if 'Gregg Kuperberg' showed up with a reputation of 1 and no badges."
Well, I hardly think I'm that famous, but thank you anyway!
(Sorry, it had to be done. I'll go back to my regular account now.)
Theoretically, one can post their Meta account number on MO profile, making it possible to verify a Meta identity.
Of course, we'll need to establish first that there is a real problem with mimicking users before we start solving it :)
Moderators can see email addresses and you have to have a valid email address to get a login. There's an add-on that ensures that the same email address can't be used twice, which makes it slightly harder for someone to have two accounts here (one to be nice and one to be nasty!), though not much harder. (I don't know if that add-on is installed here or not.) I know that that's the opposite problem, but it's the same basic issue.
Given that MNMO (Meta's Not MO), I'm not bothered about having definite Overlords here who can do things that I can't (like seeing people's email addresses). So far they've shown themselves to be fair and I'm happy to let them get on with the job - I have enough to do with policing my own demesnes and have no wish to add to that.
What do you mean by "spoof an email address"? It was a long time ago that I registered for this site so I don't remember all the details, but I seem to recall that you have to have a valid email address to register since you get sent a link in an email to that address. Therefore you can't just put in any-old rubbish in the email field.
So I could attempt to create a fake user here that was pretty close to someone real, but I couldn't do it perfectly unless I had access to their email account and so there would be a trace for the moderators to find and see that I wasn't who I said I was. Now, obviously the danger is that the moderators might not look for fake accounts, but once there was cause to be suspicious then it shouldn't be hard to figure out that X was not Y.
However, if you are determined to find solutions to problems that don't exist, then there are several available. It's possible to add extra data to users' profiles, so you could add their userid on MO (which is unique, mine is 45 by the way) to their profile here. Similarly, on MO you could add their userid here (4, in case you're interested). Another way, which would also earn you universal acclaim in the vanilla community, would be to write a plugin for openid-enabled login here.
But whatever you favour, it's important to remember that there is never going to be a full solution to this problem so the issue is not solving it, but finding the balance that makes it more difficult to do here than the rewards would be whilst not putting up so many barriers that legitimate users get annoyed.
Okay, I misremembered about needing an email address. However, it can be made a requirement - we do that on the n-forum. Also, moderators can be informed when someone wants to create an account, and also it can be set up so that a moderator has to validate a request for membership.
I'm still not convinced that this is a problem likely to occur here. That it can happen is not sufficient to demonstrate that it will happen. That's my real point: why would anyone bother to create a fake user here? I can see why over on MO, but it just makes no sense here.
However, as I've said, there are things that can easily be done to make it more difficult. I've mentioned a few of them already. If you are really concerned then I suggest that you head over to the vanilla website and have a browse through the add-ons there to see how other people have solved this problem - it's a sure bet that you're not the only one to have thought of it and people with far bigger forums (fora?) will have come up with good solutions.
If the moderators want to know what we've done on the n-forum, or how to implement some of the other things I've mentioned; well, they've got my email address!
@Harrison,
I kind of wish meta had bounty; I'd pay up to see a post from, for instance, "Bon Wobster" that gave something that looked like a mit.edu email that actually worked. (Provided of course that it wasn't actually by Ben Webster.) As it is, I guess you'll have my respect?
Looks like I'm just in time for the discussion! I'm the real Bon from MIT. Check this by sending an email to unknot (full address not given to present spamming). Everyone else who may appear under the name Bon Wobster will be spoofing me!
(Seriously, though, this is Ilya Nikokoshev. Now I've been spoofed and I'm spoofing. I hope there are no badges for this.)
@ilyaraz: done. Let me know if you have any other problems.
Re Harry's joke: yes, I do check to make sure that two users are really the same before merging them. For example, if the two users have the same IP (which is tough to spoof) and submitted the same email address (again tough to spoof since you can't see what email anybody else used), I can be fairly sure they're the same person.
What's sad is that for about the first second and a half I was looking at "Bon Wobster"'s post, I was thinking "wait, I never commented on this thread."
Of course, Ilya made the mistake of putting too much effort into spoofing me; sticking with "bwobster" would have been more life-like.
1 to 26 of 26