Identification

Privacy is relevant as the identification data may reveal additional information

• Impact: OSINT tracking, Doxing, ID Theft

Identifier reuse

• Tracking users across platforms

Badly constructed

• Reveal real name, location, age, profession

Non selective

• Presenting identification discloses too much information

OSINT

Identifier reuse

Track users across services

Some services allow further deanonimization

• Github: profession

• Social networks: age

• Chess: ?

Behavior reveal

• Data from League of Legends reveals links between real-world and online personality.

• Players with antisocial usernames behaved in an antisocial manner within the game.

• Ages estimated from usernames correlate strongly with ages entered at registration.

• Online interactions valence correlates positively age. Older players behave better.

• Gaming usernames provide a useful source of psychological information.

Best practices

Identifiers should:

• Be service specific

• Be unique within the limits of usability

  • Alternative: numbers or a digest of a public key

• Be kept private within the limits of service operation

• Not disclose further information

Good practices:

• Discord allows a different profile per user

• Reddit: allows random usernames

May require application to manage usernames

• Key vault