We've discussed display name as a version of the username suitable for user interfaces. This would allow the browser to show an account name that the user might be more familiar with. The user might have the formal username liza_johnson887 but the desired display name Lizza JSON. Can we support that in a safe way?
We have to make sure it cannot be misused to fake trusted browser signals. Imagine display names such as "Secure," "Private," "Logged Out," or "Anonymous," and the browser showing them in various contexts. Add localization to that and you have a real challenge. Add multi script such as Latin+Cyrillic and I'm remembering the struggle to defend URLs as a trust signal.
melanierichards
commented
3 years ago
We've discussed display name as a version of the username suitable for user interfaces. This would allow the browser to show an account name that the user might be more familiar with. The user might have the formal username liza_johnson887 but the desired display name Lizza JSON. Can we support that in a safe way?
We have to make sure it cannot be misused to fake trusted browser signals. Imagine display names such as "Secure," "Private," "Logged Out," or "Anonymous," and the browser showing them in various contexts. Add localization to that and you have a real challenge. Add multi script such as Latin+Cyrillic and I'm remembering the struggle to defend URLs as a trust signal.