Identification
Last updated
Last updated
Privacy is relevant as the identification data may reveal additional information
Impact: OSINT tracking, Doxing, ID Theft
Identifier reuse
Tracking users across platforms
Badly constructed
Reveal real name, location, age, profession
Non selective
Presenting identification discloses too much information
Identifier reuse
Track users across services
Some services allow further deanonimization
Github: profession
Social networks: age
Chess: ?
Data from League of Legends reveals links between real-world and online personality.
Players with antisocial usernames behaved in an antisocial manner within the game.
Ages estimated from usernames correlate strongly with ages entered at registration.
Online interactions valence correlates positively age. Older players behave better.
Gaming usernames provide a useful source of psychological information.
Identifiers should:
Be service specific
Be unique within the limits of usability
Alternative: numbers or a digest of a public key
Be kept private within the limits of service operation
Not disclose further information
Good practices:
Discord allows a different profile per user
Reddit: allows random usernames
May require application to manage usernames
Key vault