To the upcoming registration of user-friendly names VKontakte
I do not worship Habrasuicid, but because VKontakte is only a catalyst for this thought, and the described methods can be applied completely to any social network, forum and other places where the user is registered anyway. It will deal specifically with the nickname distribution system, and the related problem "who first got up - that and sneakers".
In principle, problems can be avoided. Not always and not everywhere, but possible. It is about the method of avoiding "social cybersquatting" for developers of social networks, and I want to tell.
There have been jokes on the Internet for a long time that our generation has registered all beautiful nicknames, and our children will have to be content with something like megadestroyer66613wow. And if within the framework of the e-mail system, the urgency of the problem remains (which, however, is compensated by the opportunity to create your own domain on which to start mail with any nickname), since the postal address is the primary user identifier, then in social networks this is not the case.
Developers have long known that most of the sites and forums after registration communicate with the user through his user ID. Most often it is a number that is the primary key in the database table. Often this key is an auto-increment field, which eliminates the problem of generating identifiers for new users.
')
Thus, in 99% of cases, the user is technically determined not by his credentials, but by some unique identifier generated by the system during registration.
What follows from this? From this follows the simple fact that, technically, the username does not have to be unique. And even on some forum where users know each other only by nicknames, it is technically quite acceptable for several users to use the same nickname.
However, on many sites, the nickname, besides performing the main function, is also used during authorization. And then there are problems - if you allow several users to use the same nickname, and they accidentally choose the same password - to whom to log in?
Vkontakte (and many others, I must say, for example, Google), due to the lack of obligatory nicknames, bypasses this problem by using email as one of the elements of the authorization pair. It is known that the e-mail address is unique, while its uniqueness is supported by external (external) mechanisms, which eliminates the problems with the identification of the user. Other sites may use a pair of "login - display name", to require the uniqueness of the first in the absence of the uniqueness of the second.
However, it was all an addition. We now turn to our root problem.
So, let's say we are Pavel Durov and decided to allow users not to pay us a stop SMS message for subdomains and a symbolic name. What are our actions?
1. The obvious way is “be like everyone else.” We advertise that “boys, fly around, register the name, the name is unique, who first got up - that and sneakers” and allow this action for a limited circle of privileged users. Privileged users grab the original names, which in the process can be profitable to someone to sell. A paradise for cybersquatters.
2. Another (another) way - "be like Wikipedia." We advertise that “boys, learn, register the name, the name does not require uniqueness,” and then we begin to solve the ambiguous name problems.
How is this problem resolved? We remember that our names are not user identifiers, and if there are several users claiming one subdomain, instead of a direct redirect, we simply show a list of all users who have been registered under this nickname, along with information about the user, so that was to find "his". Thus, the mass of users will accumulate on popular nicknames, rendering them useless for identification, and users themselves will resolve to others who meet their requirements.
To solve the problem of users-flood (when a lot of users are purposefully registered under one nickname, in order to “beat” it and make it unfit for consumption), you can use the SMS-confirmation mechanism. In this case, this action will be much more problematic. Or, alternatively, to return the possibility of a full "redemption" of the domain for the most afflicted, who may be tied to this business (are there any?)
But - all is fair, and no fights.
In principle, problems can be avoided. Not always and not everywhere, but possible. It is about the method of avoiding "social cybersquatting" for developers of social networks, and I want to tell.
There have been jokes on the Internet for a long time that our generation has registered all beautiful nicknames, and our children will have to be content with something like megadestroyer66613wow. And if within the framework of the e-mail system, the urgency of the problem remains (which, however, is compensated by the opportunity to create your own domain on which to start mail with any nickname), since the postal address is the primary user identifier, then in social networks this is not the case.
Developers have long known that most of the sites and forums after registration communicate with the user through his user ID. Most often it is a number that is the primary key in the database table. Often this key is an auto-increment field, which eliminates the problem of generating identifiers for new users.
')
Thus, in 99% of cases, the user is technically determined not by his credentials, but by some unique identifier generated by the system during registration.
What follows from this? From this follows the simple fact that, technically, the username does not have to be unique. And even on some forum where users know each other only by nicknames, it is technically quite acceptable for several users to use the same nickname.
However, on many sites, the nickname, besides performing the main function, is also used during authorization. And then there are problems - if you allow several users to use the same nickname, and they accidentally choose the same password - to whom to log in?
Vkontakte (and many others, I must say, for example, Google), due to the lack of obligatory nicknames, bypasses this problem by using email as one of the elements of the authorization pair. It is known that the e-mail address is unique, while its uniqueness is supported by external (external) mechanisms, which eliminates the problems with the identification of the user. Other sites may use a pair of "login - display name", to require the uniqueness of the first in the absence of the uniqueness of the second.
However, it was all an addition. We now turn to our root problem.
So, let's say we are Pavel Durov and decided to allow users not to pay us a stop SMS message for subdomains and a symbolic name. What are our actions?
1. The obvious way is “be like everyone else.” We advertise that “boys, fly around, register the name, the name is unique, who first got up - that and sneakers” and allow this action for a limited circle of privileged users. Privileged users grab the original names, which in the process can be profitable to someone to sell. A paradise for cybersquatters.
2. Another (another) way - "be like Wikipedia." We advertise that “boys, learn, register the name, the name does not require uniqueness,” and then we begin to solve the ambiguous name problems.
How is this problem resolved? We remember that our names are not user identifiers, and if there are several users claiming one subdomain, instead of a direct redirect, we simply show a list of all users who have been registered under this nickname, along with information about the user, so that was to find "his". Thus, the mass of users will accumulate on popular nicknames, rendering them useless for identification, and users themselves will resolve to others who meet their requirements.
To solve the problem of users-flood (when a lot of users are purposefully registered under one nickname, in order to “beat” it and make it unfit for consumption), you can use the SMS-confirmation mechanism. In this case, this action will be much more problematic. Or, alternatively, to return the possibility of a full "redemption" of the domain for the most afflicted, who may be tied to this business (are there any?)
But - all is fair, and no fights.
Source: https://habr.com/ru/post/92129/
All Articles