Here is something I wonder why it's not done by other services, that rely on usernames as idenitification (i.e. twitter, facebook and so on):
To prevent fake accounts, have a system inplace, which automatically registers not only the chosen username, but all names which look similar. For example, make capital "I" and small "l" the same, as well as "0" and "O". Do not allow spaces or underscores, all that stuff.
Additionally, it would be good to have a killswitch in place, to freeze/disable accounts in case of a hack.
Thank you for your input.
Initially, we will only allow aliases comprised of numbers and letters. Security is our priority, as a result mechanisms to prevent malicious behavior (including usage of ambiguous characters) will be set up.
Using other services for identification comes with some challenges to be considered:
- Since each alias is unique, what happens when 2 different users from 2 different services (i.e. Facebook and Twitter) try to register with the same username?
- What happens if somebody's facebook username is already taken before they get the chance to claim it? How do we prevent users from acquiring other people's usernames from facebook/twitter?
Considering the above, we decided to keep things simple in the start and to not use other services for identification.
However, this option is still on the table for the future. We may introduce prefixes, like "fb:" and "tw:", and only users who authenticate through those services will be able to claim those aliases.
There can be no name conflicts in this scenario, since ":" is a special character and won't be used in existing aliases.
A killswitch will undoubtedly be a useful feature. We are considering a mechanism that will allow to disable an account in a decentralized manner (by community consensus).
Thank you again for your input, we appreciate it a lot!
Please feel free to comment on the above and give any additional suggestions/feedback.