I hope this message finds you well! I have been exploring ways to enhance user privacy on our Discourse forum, and I came across the idea of hashing usernames in profile URLs.
Currently, profile links are structured like this: https://meta.discourse.org/u/user, which exposes the username directly. I was looking at other forums online and it appears it hashes the profile URL. Not sure how since these forums were unrelated to nor used Discourse so the code is beyond me.
I was wondering if there is a way to hash the username so that the profile URL could be transformed into something more privacy-conscious, such as a Unix timestamp representing when the user joined. For example, instead of the standard URL, it could look something like https://meta.discourse.org/u/1735526984061 (where 1735526984061 is the Unix timestamp in miliseconds).
If hashing usernames in this manner is not currently possible, I would like to encourage someone from the community to consider creating a merge request to implement this feature. It would be a great addition to enhance user privacy and security. I Was unsure as to post this in support or feature as it could go either way.
It can be, but its like every other platform uses the similar kind of URL, can you elaborate what privacy and security means here it’s just to hide the users name or is it something you want to protect them from getting reversed engineer?
What advantages do you foresee in concealing usernames in URLs, given that usernames are ubiquitous throughout Discourse for attributing authorship and facilitating connections with users?
You have the option to choose a username, which does not reveal anything about you.
Well, for starters there are many tools to lookup if a username exists on websites and this would limit that endpoint of https://$DISCOURSE_FORUM/u/$USERNAME/. Since Discourse the default setup doesn’t limit viewing a users profile to only signed in users, this is kinda where I’m getting at.
Well I’m only talking the user profile like e.g. u/exampleuser not the username on forum posts. By not displaying usernames in user profile URLs, it becomes more difficult for malicious actors to target specific users for harassment or phishing attempts. This can create a safer online environment.
There are other forums that the username is still in their in posts but not when you click on the posters profile the user URL is hashed using some method.
You have the option to choose a username, which does not reveal anything about you.