search

manu-chroma / username-availability-checker

Live at : https://username-check.herokuapp.com/
95 stars 37 forks source link

Instagram check produces a false positive if the user has disabled their profile (but kept the username) #94

Open phunkfoo opened 6 years ago

phunkfoo commented 6 years ago

Hi,

Instagram users can disable (but not delete) their accounts, while still retaining the username. In essence, if an account with the username "xyz" is created and then disabled (but not deleted), the check will show the username "xyz" as available, but the registration process will fail due to it already being in use.

Regards, M

phunkfoo commented 6 years ago

Not entirely sure what the fix for this would be, as a disabled account and non existent account produce the same "error" (html response). The username check could attempt to populate the registration form, which does an async check for username availability (it would have to pickup on the "x" css element).

Regards, M

seeeturtle commented 6 years ago

@phunkfoo, is the problem only occurs from Instagram?

btw, it's quite weird that they don't remove the account actually...

phunkfoo commented 6 years ago

@seeeturtle yes, only for instagram, as far as I can tell. I only noticed the behaviour described after I searched for a username I have - but have deactivated.

Regards, M

seeeturtle commented 6 years ago

@phunkfoo , can you tell me a username that has the problem?

phunkfoo commented 6 years ago

@seeeturtle search for "phunkfoo" on the app. The IG bit says it's available. Then try to register it under a new account and IG will tell you the username is taken). Issue here happens because:

https://www.instagram.com/phunkfoo/ (user is attached to a registered account that's been deactivated); and https://www.instagram.com/thisisnotarealusernameaslkdjasldjalksdjlaksjd/ (random user that does not exist) both produce the same http response from IG.

Regards, M

seeeturtle commented 6 years ago

I can't find the difference between the response of not existing usernames and removed usernames.

Anyway, I found that the instagram check the username by using the graph api. I think it's hard to use input form only using requests and bs4. (selenium is a another choice)

Maybe we can just tell the users to notice that it may be wrong.

@jayvdb, @manu-chroma , how do you think?