Usernames in shared links break anonymity

How so?
How can you tell just by seeing codinghorror that codinghorror is Jeff Atwood unless you already know that?

You see “mittineague” here, do you know my name?

And if it bothers anyone, shared links work fine without the ?u=publicly_visible_membername

@Mittineague

Share something with me on Facebook, and I’ll tell you. I know your username here - now if it starts popping up connected to a real persona…

Online privacy is a pretty big deal nowadays, as related topics are being covered in the mainstream media.

1 Like

On some sites they can suppress full name, but he means sharing a link on Twitter lets people know maybe you are that username on the target site via the link text.

I do agree that this can be a breach of privacy: people are disclosing their forum usernames implicitly and not everyone is aware of that, nor are people aware that this part can easily be removed from the link.

Why not make this a site setting (default ON) ?

I am fine with that as a PR, but you would automatically lose all the sharing badges (first share, nice share, good share, great share) if you disabled usernames there.

2 Likes

Perhaps, but this is the first time I’ve ever heard the concern and it smells awfully hypothetical to me. If there were clearer real world examples from others where this was, y’know, an actual problem, I’d be more sympathetic.

3 Likes

Perhaps cloaking/encrypting the usename would be a better approach then? Or do the users have some other unique identifier, like a number, that could be used to collect the sharing stats?

@codinghorror You are a bit of an exceptional case, as you have branded Mr. Atwood as codinghorror. Vast majority of forum members use aliases/usernames to hide their identity. That is why most forums operate with usernames in the first place.

2 Likes

Yes, we could encrypt/hide it, but I am just not enthused to do any work here as this is the first complaint we have heard about this AND we have zero paying customers complaining about this.

If someone feels passionate about this they should submit a PR

3 Likes

I really think most people who really want to protect their privacy are either going to 1) use the URL in the address bar, or 2) delete the u=your_username_here from the URL before posting it.

I know I occasionally remove it, but not due to privacy concerns, more so because I don’t want it to look like I am benefiting from posting the link.

11 Likes

Citation needed?

Most people use the same username (or something similar) on every site.

My username on Steam, Gmail, Reddit, Github, Battle.Net, etc is very similar.

4 Likes

Yesterday I came across Hashids: http://hashids.org/ and I thought replacing ?u=username with the user_id hashid could be a rather simple solution to this problem, for both privacy and social (“I don’t want to benefit from posting this link”) reasons.

Except hashids wouldn’t do that. It is still unique to me, others who see the post with said hash would still see it looking like a referal link of some sort. The only way to achieve that social goal is to not put it in at all. Again, I remove it manually, but I rarely remove it. I only do it for very unique situations and I’m not finding it to be a chore for me.

2 Likes

Personally, I think in some cases I would prefer my member name to be exposed rather than my member id.

An id might not be as readily recognizable as a member name, but a member id is much more personal IMHO

1 Like

Control-L control-C will copy the URL of the current topic and the reply that you entered the page on and not require you to edit out the username. It’s actually easier than using the share link anyway.

Yeah, that’s the real problem: security and privacy are a chore.

5 Likes

There is a site setting now

This is not a pretty onebox

5 Likes

Indeed, and this is weird. Might be worth a ux topic…


There’s also now an official theme component that strips the username out from the share link.

The setting is remembered client-side by default as well. There are now two official ways to circumvent sharing the username additionally to manually removing the username, so I consider the issue addressed and close the topic :slight_smile:

4 Likes

Let’s pop a shot of the allow username in share links admin setting in for good measure: :slight_smile:

4 Likes