鴉PieFedUsernames using randomized nonsense
submitted by
edited
BurstarI've been noticing an influx of users with anonomized usernames (ie: fjdasklfpudiosa722104891fdaf20j.srv.us).
As a moderator this concerns me because it immediately triggers a 'this is a bot or nefarious actor' instinct. Is there any reason not to be wary of these accounts?
sounds reasonable, because this definitely looks like low-effort bots
I've been using Fedi for a long time and from the very beginning I've been afraid of spam and bots ruining it, at least temporarily. Spam is still a problem with e-mail, and it's been around for 40 years and they've developed very sophisticated anti-spam mitigations for it.
If an instance has a lot of spam, admins tend to notice and block it. In the future it's likely admins will have more tools too, but for now the system works pretty well.
Technically it can be someone who just wants to be anonymous, but honestly they could at least use something readable
Using a barcode username is nice for being anonymous
Eg.
IlIIIllIIl
It's a combination of lower case L and upper case I
Flashbacks to Rainbow Six Siege cheaters 💀
That's incredible, I'll use this in the future
No pipes?
If they want to be anonymous, sure. But they should at minimum change their display name to "Anonymous"
Totally agreed
Also, some people will intentionally add numbers at the end of the alias to make it look like all the good names were already taken. Sort of like a joke or a reference to all the bigger social media platforms.
I don't really understand that one haha
It used to be common.
Checking the modlog i see one user - @[email protected], who [despite the weird name] seems like a legitimate account.
Which the reason afaik they have such a weird name is: https://lemmy.dbzer0.com/post/26773150/14235814
Are there any other users you've noticed with this type of username/instance name? This is the only one i saw.
Wierdly, when I click on the link I get a 'server cannot handle the request error'.
Regardless, I agree that it 'acts' like a legit account, but still think it's sus as hell. That entry in the modlog is from today, but I've definitely handled similar accounts in the past, and seen others do so elsewhere.
Sorry bout that. Instance was down for some time.
Anyways here's a mirror just in case
I didn't see any of that, but i'll take your word for it. Still, this is most likely, if not definitely a real account.
Ah, thanks for this.
No more wary than, say, CriticalBadger or SuccessfulCrab45. Some of the more obvious bots have very normal-looking names.
I picked an RNG name since my old common username (from reddit, etc) was not available when I started on kbin.social (RIP) and I couldn't think of anything else I wanted to be called. I deliberately kept it short though. Not sure what to make of other RNG names -- esp. long unintelligible ones -- but I've seen at least one account that I think is legit which has a long, bizarre RNG-looking username and a non-English display name, so 🤷️
Brother! 🍻
You're mostly right -- those names sound like overkill. However do note I have been using Bitwarden's Name Generator (random noun + number) and I've evolved the scheme a bit ( it is now always 'user' and I keep adding numbers until the generated username is available ).
You are THE user
My first guess with this would be: they were read-only, then they wanted to post something or write a reply to someone and at the time considered it to be a one-time thing and created sort of "throwaway account" for that specifically, but then they kept visiting the place and it kind of just stick with them. Yet again, my guess might be completely wrong. But at least this is one of the possible motivations behind such accounts.
Privacy.
You can be suspicious but shouldn't just outright start banning them.
I always use randomly-generated user names. I try to avoid strings of random numbers and letters, but coming up with reasonably nice-looking random names is time-consuming, and some people might not care that much.
Have you found a convenient way of generating those? And does it integrate with any password manager you might be using?
I use Apples “Hide my email” with the password manager so I always have a randomly generated email and randomly generated password and they’re managed together. However there’s not really support for a username distinct from but in addition to email, nor a way to generate those randomly
I use random websites that don't require Javascript, tbh, and manually paste the name into KeePassXC.
Bitwarden includes a username generator with a few different options for types.
If I wanted to create bot accounts I would generate believable names
There are people that have a name that looks random, but has a meaning
maybe we could create a suspicious account review channel and submit them there for folks to do some digg'ing.
not sure about comms with other Admins but it would be nice to harmonize efforts amongst them a bit more/better.
😆😂🤣 Uuuuhh... Aaaah... I normally generate a random password and use it as my username for most services. Like even my bank.
This is because I've realized the username is mostly useless and is just a handle for my account. It doesn't matter to me if my username is jsmith, meow123, or kekxbek. In fact, it's easier if I don't have to come up with something novel or cool. Either way it goes in my password manager, so it's not like I have to even remember it.
I'm a real boy. I promise. Not a malicious bot.
Although... If I were a malicious bot, that's exactly what I would say! 😲
It’s actually a good idea - I need to figure out how to do that.
For the last several years I’ve used randomly generated email addresses for every account. I can turn off forwarding when they’re inevitably leaked to spammers and there’s one less thing for demographers to aggregate data on me with. That works well when every service insists on a working email address.
But then I get lazy and use a more obvious username so I can remember it. I need to be able to auto-generate those as well