Multiple connections can use the same login

[theobat]

I'm not sure this is an actual issue @haadcode and if it's well known one or an expected behavior please close this. I have been able to connect with the same login on two different devices in the same LAN on the same channel. While I understand why this could be authorized and why it's not inherently a problem it essentially means you can't tell who is who...

[haadcode]

@theobat you're correct, this is possible atm. We don't have a great solution for "identity" yet and basically how it works is that while you see the same name, they actually use different keys to sign the messages. This is obviously not ideal, as there's no way to have unique names, we can only have unique keys.

If you click on the user name when you have a channel open, you see the "user profile" data and they should be different keys.

I would be very happy to hear suggestions how we could approach this, everything from solving this on lower level or on UX/UI level.

[haadcode]

Thanks for reporting this and opening the discussion @theobat!

[theobat]

Interesting @haadcode, thanks for your answer, a few considerations regarding this then :

• First of all, as a layperson interested in IPFS what struck me as a real success in terms of user experience in orbit was the simplicity. I think using a simple arbitrary login is a very valuable feature and not inherently a problem. The real issue here is when you cannot tell who is who. This is purely a UI/UX problem (logically there's nothing wrong here) and interestingly enough, this only becomes a hurdle once you connect to a channel... So I'm wondering if we know all the logins which ever connected to a given channel when a new person connects to a channel. If that's the case a simple policy asserting both back and front end that the given key corresponds to the given username could be implemented, and if two people ask for the same username in the same channel the prompt could ask for another one... (or just asking for a change ?) Some sort of channel based id-dictionary (just throwing an idea based on my experience of the product).
• Now this makes me think of IPNS and all the discussions about hosting dynamic content and getting user friendly names, there is -in the end- a mapping between http urls/uris and hashed contents thanks to ipns perhaps orbit could get some inspiration from this ? (just echoing the idea above)
• I do not think this is a tremendous problem atm and event though it might be a significant problem at one point -later- it is not preventing small teams from using it (which is I believe a very pragmatic and important goal for this piece of software)
• Another thing is getting inspiration from slack (because it's a very good product and orbit is not so far, plus this was already mentioned in another issue). They are using emails for identification, and the primary right filter is that an org can only have emails from a given domain. Is there any pros/cons already mentioned/imagined for emails as identifiers ? (like linking a given ipfs node to an email ?) (juste another idea it feels like this one has obvious security flaws but... just asking)

[haadcode]

what struck me as a real success in terms of user experience in orbit was the simplicity

Thanks! This has been the goal since day one and will continue to be the defining design factor for Orbit: simplicity. It does come with trade-offs, but it's something to aim for in everything we do in Orbit.

So I'm wondering if we know all the logins which ever connected to a given channel when a new person connects to a channel

Right now, we don't know who connects. And I'd be very hesitant to track that on a global level as it makes Orbit "less private" in a way. Does that make sense?

Now this makes me think of IPNS and all the discussions about hosting dynamic content and getting user friendly names

IPNS could be used for the user profile. At the end of the day, IPNS is a key which is what Orbit currently uses to identify users and distinct between them. What could be interesting is to use an IPNS key to pull the user profile from. Perhaps that can be mapped to a human-readable name somehow.

...using emails for identification, and the primary right filter is that an org can only have emails from a given domain. Is there any pros/cons already mentioned/imagined for emails as identifiers

I think it'd be better to turn it around and consider an email to be a "field" in your profile. That would allow the user to tie different emails to their identity, or not use one if they don't want to.

I really don't have a good solution for this yet and it's definitely not trivial. Thanks for the comments and proposals. Keep 'em coming! Hopefully others in the community will also pitch in and we can find something that solves this problem in a good way.

Let's keep the discussion going!

[victorb]

What could be interesting is to use an IPNS key to pull the user profile from. Perhaps that can be mapped to a human-readable name somehow.

What I've done in the past is to have the peer id resolve to a json file with the profile of the user. Username could be included there.

I think it'd be better to turn it around and consider an email to be a "field" in your profile. That would allow the user to tie different emails to their identity, or not use one if they don't want to.

:+1:

[haadcode]

have the peer id resolve to a json file with the profile of the user.

This would limit it to a specific IPFS node, right? So essentially, one user profile per one device? I don't we should limit that, but try to find something that works in a way that the user can use the same profile from any device.

[victorb]

This would limit it to a specific IPFS node, right? So essentially, one user profile per one device?

At the moment yes but in the future it's planned to be able to have many identities (based on one root one) in IPFS per node, not limited as it is right now.

[theobat]

Right now, we don't know who connects. And I'd be very hesitant to track that on a global level as it makes Orbit "less private" in a way. Does that make sense?

That makes perfect sense. But if I rephrased my initial question it would be: what is the purpose of the username in orbit ?

• Should it be linked to the identification process of a user (which seems to be the case right now, but not completely) ?
• Should it be a pure optional and free of constraints field defined in user profiles such as any other information a user wants to specify (like emails) (it's not required logically speaking right now since keys could be the default ugly usernames if you follow this idea) ?

What I've done in the past is to have the peer id resolve to a json file with the profile of the user. Username could be included there.

This tends to be rather like the 2nd option, but this :

user can use the same profile from any device.

Pushes me to unique usernames and passwords ... ? I mean, unless users specify which devices they can use for a given account (using pub/priv keys identification) I don't see other options...

Is there an established anti password-based authentications policy yet or is it just to be avoided as much as possible ? I don't see how (and if so why) the distributed nature of the app changes these questions...