Hacker News new | past | comments | ask | show | jobs | submit login

I think that anyone developing a social media app for the 2020s will need to make a conscious decision to not let users pick their own unique identifiers. You can't expect users to protect themselves, because you don't know what dangers might exist in the future for them that do not exist today.

The other thing you can do is not allow your API to iterate over the set of all users by user-set identifier. It's an extreme flaw of the telephone numbering system. You would think by the 2020s we'd have learned to use a unique UUID designation for every user for any public facing APIs. If users want to link to it on their public pages, that would be on them.




I think that the idea of not allowing users to pick their own identifiers is not compatible with how a lot of people use social media.

It’s a heck of a lot easier for me to tell my GitHub username to someone, than it would be to tell them a random UUID like 3ffdf0d2-b9a5-4fff-9f38-75afae67dbea.

Even a shorter random-looking username like the one that you have chosen as your HN username, is difficult to relate to for me and I suspect for a lot of people.

And even if you made a human readable version that would hand out usernames like “magnificentwalrus”, it would be generating usernames that most users weren’t identifying with. As much as I like walruses I don’t have a personal connection to them, and any other random name is likely to fare the same. Sure you could let users generate names until they come across one that they do like, but mostly I think that would be a lot of hassle. And there is no guarantee for how long it takes before you find a good name that way. Perhaps even never, as adjective + noun or whatever else the site uses as rule for generating names might not be a rule that the user likes.

Names matter a lot to a lot of people.

Aside from this I think it’s also only a matter of time before similar services to the one in the OP show up but where instead of trying to cross-reference usernames it would work similar to Google Reverse Image Search, and would be able to link accounts across different social media platforms based on the facial features in the photos and/or videos that people post, even when the images and videos are not the same ones but are depicting the same person.


You’re assuming that 1) the value of a username or URL is higher than the value of privacy 2) people use those for discovery. I’m sure 99% of social media connections happen via recommendation algorithms, friends-of-friends or search by name (not username), never directly typing a username or profile url.


You're sure about that? I don't think so. There's tons of connections made from people transferring short, human-readable handles. Think business cards, word of mouth. e.g. I'm at (@) handle. That's much easier to lookup as opposed to searching for someone's name. It may even be a business that's not tied to the individual's name.


All photos of the same mobile phone certainly have a unique fingerprint. Not only the EXIF, also the dead pixels and the unique pattern of low intensity pixels.

If you want to protect user privacy, a unique identifier is not enough. If they posted a gay profile somewhere, a professional profile somewhere else, they will be forever linked.


> I think that anyone developing a social media app for the 2020s will need to make a conscious decision to not let users pick their own unique identifiers.

Completely agreed. If I were to ever set up a forum, I'd find whatever "adjective-adjective-noun" generator that Gfycat uses to generate their URLs and present new users with a list of 100 of these to choose from.


Userids are only one of thousands of signals that can identify accounts




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: