[openstreetmap/openstreetmap-website] prevent copycats during registration (#1419)

[Matt Amos]

There are a few possibilities which might work, but need further investigation to see if they are feasible, practical and effective. @pnorman and I were discussing a couple of ideas:

1. A [common defence](https://en.wikipedia.org/wiki/IDN_homograph_attack#Defending_against_the_attack) appears to be to only allow letters from a single language in the name. This doesn't prevent all homographs, but at least makes it much harder to find suitable glyphs. The first step here would be to implement something that checks to see how many existing display names would be affected by this, and whether there's any correlation with accounts used for impersonation.
2. A potentially very different approach would be to find the modal alphabet of all glyphs in the name and render any other alphabets differently. For example, in the name "zеrebubuth", one of the "e"s is a Cyrillic character, but the rest are Latin and so Latin is the "modal alphabet", and we might render the name as "z**е**rebubuth" or "z`е`rebubuth". This has the advantage of handling all existing display names, but the disadvantage that it would only be effective on the OSM website, where we can affect the rendering.

Of course, there are many other ideas as well, all vapourware at this point. The next step for any of them would be to make some concrete progress by showing proof of concept analysis, patches or other working code.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1419#issuecomment-276336701
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20170131/495b8a26/attachment.html>