Page MenuHomePhabricator
Create Task
Maniphest T10257

AntiSpoof blocks usernames too aggressively
Open, LowPublic
Actions

Description

Author: ayg

Description:
As discussed at URL, AntiSpoof is too aggressive because it's only a one-pass normalization. For instance, L = i because L = l = I = i. A number of users have complained because they couldn't sign up with their new name anymore, and doubtless many others have been distressed to find name after name "taken". The reasonable solution, again as discussed in the URL, would be using the
normalization as a first pass, and then doing a more intensive pairwise comparison to figure out whether the specific characters are similar non-transitively. L = l and maybe l = i, but L != i.

See also

Details

Reference
bz8257

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 9:30 PM
bzimport added a project: AntiSpoof.
bzimport set Reference to bz8257.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Dec 14 2006, 3:33 AM
bzimport added a comment.Jun 18 2009, 2:50 AM

mike.lifeguard+bugs wrote:

Is this still relevant? I haven't heard complaints about too-aggressive matching, only not-aggressive-enough matching (c.f. imposter series on checkuser-l etc).

bzimport added a comment.Jun 18 2009, 2:51 AM

mike.lifeguard+bugs wrote:

Also, the URL is dead.

bzimport added a comment.Jun 18 2009, 1:49 PM

ayg wrote:

Of course you haven't heard complaints about too-aggressive matching, because the affected users are unregistered. They either picked a different name and forgot about it, or gave up. Not-aggressive-enough matching will only hurt registered users, and in particular established users who trolls want to impersonate, so they'll be much more likely to make a fuss.

URL fixed.

bzimport added a comment.Dec 31 2009, 5:24 AM

mike.lifeguard+bugs wrote:

(In reply to comment #3)

URL fixed.

Thank you.

I tested this, with the same result as initially reported. I'm not sure the must-contain-letters rule makes a lot of sense. What was the original motivation?

bzimport added a comment.Dec 31 2009, 7:08 PM

ayg wrote:

I don't know. I assume someone was just throwing together some rules and picked whatever seemed to make sense at the time. There are a heck of a lot of Unicode code blocks. For a couple of years it was blocking all [[hangul]] names by mistake, IIRC.

He7d3r updated the task description. (Show Details)Nov 20 2016, 3:20 PM
He7d3r removed a subscriber: wikibugs-l-list.
Meno25 unsubscribed.Jan 17 2017, 4:21 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL