search

decidim / decidim

The participatory democracy framework. A generator and multiple gems made with Ruby on Rails
https://decidim.org/
GNU Affero General Public License v3.0
1.48k stars 405 forks source link

User name uniqueness #1354

Closed josepjaume closed 6 years ago

josepjaume commented 7 years ago

This is a Discussion

:tophat: Description

User names are not unique right now, but maybe they should be. Otherwise, users can easily impersonate someone else by simply using their name. The issue here is: How do we protect users that at the time of registering, were already being impersonated - so they can't user their real name?

Using Authorizations don't seem to help as authorization data don't include the user's real name. Side feature: Maybe we should put badges in authorized users, as a means to give them higher "karma"?

Thoughts @decidim/developers @decidim/product ?

deivid-rodriguez commented 7 years ago

@josepjaume I think I might be missing something here but real names of people are not unique... Right? I'm sure there's someone else out there called Josep Jaume Rey...

andreslucena commented 7 years ago

@deivid-rodriguez real names != user names. Although a real name could be duplicate (for instance, "Death Note" rules), on the Internet a user name usually is unique. This is useful for a couple of reasons, like mentioning or using that username on the URL.

oriolgual commented 7 years ago

But we don't have usernames per se, what about adding a tick or something (like Twitter) to add to verified accounts? (We would need to argue about what is a verified account though)

andreslucena commented 7 years ago

@oriolgual I think that we have usernames, for public authorship on proposals/comments/etc

imatge

Regarding the tick, I think it'd be a nice feature but for other use case, ie for verified UserGroups (associations, foundations, etc)

deivid-rodriguez commented 7 years ago

Yes, that's my confusion, since @josepjaume was talking about real names, I think. For nicknames a common approach is to make them unique and not changeable (or changeable only a limited number of times).

Then there's the whole user verification topic, which is indeed related to real names and impersonation, but not necessarily to username uniqueness...

xabier commented 7 years ago

Can we agree on:

  1. User-name (meaning name of the user inside de platform as displayed on login and when making comments and proposals) should be unique.
  2. User-names can be "officialized", meaning that I can take a user-name AND I want to make it official, I am asked some additional questions (to be defined) AND if answers are correct (to be defined) I get an official tick that shows that my user-name is my real-person-name.

Point 2 is important if I am a public figure, for example, and I don't want another user having my real-person-name as a username and making comments or proposals that go against my interests. This is what I call "impersonation". I think we should avoid this. Cases of two people having the same real-person-name fighting for the same user-name will be very rare. Yet there are solutions to this problem, since real-person-name can translate differently into user-names (e.g. Noam Chomsky --> chomsky, n_chomsky, n-chomsky, noamchomsky, etc.). Additionally, the user-name could point to the user-profile page and more additional "official" information could be added there to avoid confusion.

@oriolgual @josepjaume @deivid-rodriguez @andreslucena Am I missing something?

deivid-rodriguez commented 7 years ago

@xabier Everything you said makes sense to me! Some comments:

xabier commented 7 years ago

hi @deivid-rodriguez I will reply inline below:

We could just enable an "official/verified badge" in the UI and make it toggable from the admin in a first iteration, and leave verification itself outside of decidim until we get a better understanding of what's involved.

This is a perfect MVP!

Do you think there should be two different processes, one for the general public, and one for public figures? Or just one? Should this be a "per request" thing just for some potentially impersonatable users, or a feature available to everyone?

In general there are three main types of roles in democracy that might need specific officiality:

  1. Representatives: those that act as representing other's will: elected charges, both from political parties or citizens that might be selected for specific representative roles and can decide for others. These roles need to be public, what they vote for (as representatives) needs to be linked to their real-name because they need to accountable for their decisions.
  2. Executives: they execute the will of the people, as expressed either directly or through representatives. They usually sign administrative procedures. Not sure how official they should be.
  3. Guarantors: they provide the guarantees that a process is democratic. At times they are randomly chosen, like juries, at times they are professional public-servants (like judges). In occasions these might have to be "officialized" as well.

Finally, community leaders or citizens of different kinds might want to be officially recognized with their real name on the platform, to avoid impersonation or to protect and display their reputation.

How do you verify a person? For voting purposes, we implemented a verification process via document upload (passport, driver's license, bills) and admin moderation for Un País En Comú, I think it worked reasonably well. Another (complementary) idea could be to defer to Twitter or Facebook, that have probably already solved the problem better than us... :)

Never :) a city council has access to the census. This is what makes our identification system strong. For other organizations there are affiliate databases or public meetings where identities can be verified.

There are two easy ways of officializing: one is manually and the other is by checking on the census database, this is what decidim uses for verification. Users could be asked if they want to be officialized (meaning that their user-name bear a tick of some kind) when signing-up. Or at any time.

I would definitely go for manual "officialization" first.

Hilfe commented 7 years ago

Interesting discussion. Also there is a possibility to create a new user with name of an organization. In this case, impersonation, is not just one user/citizen but a group of people.

deivid-rodriguez commented 7 years ago

@xabier There's something I don't quite understand yet. How do you work with census data? I expected that it could be useful to verify things like "I only want people from Barcelona to vote in this participatory process but this person is not registered in Barcelona's census". But I'm not sure it helps with stuff like "I want to make sure "Noam Chomsky" is the real person making clicks on behalf of the user called 'chomsky'". Can you elaborate?

xabier commented 6 years ago

But I'm not sure it helps with stuff like "I want to make sure "Noam Chomsky" is the real person making clicks on behalf of the user called 'chomsky'". Can you elaborate?

Hi @deivid-rodriguez we will never know if the real Noam Chomsky is using NoamChomsky officialized user name, maybe he has an assistant using it or his son has taken control of his computer temporarily. But what we are aiming here is pretty much what Twitter does with what they call "verified accounts" https://help.twitter.com/en/managing-your-account/about-twitter-verified-accounts

A participant in Decidim should be able to be:

Officialized usenames are those that on top of verification, on demand, through an Admin, get a check of whether their usarname corresponds with their person-name, or, alternatively their username corresponds with their institutional role (e.g. president). The means to do this can be:

xabier commented 6 years ago

This issue deals with two separate topics that have been converted into separate issues capturing the content of this issue's discussion: