Author: usenet
Description:
A more and more common form of abuse consists of vandals and trolls registering
new accounts that "look like" other users' accounts, by using characters that
look like other characters. For example, "l" may be used instead of "I", or an
acute-accented 'i' used instead of an ordinary one. These accounts can cause no
end of trouble by being used to conceal other kinds of mischief, or to get the
impersonated user into trouble. It is very difficult to tell these apart without
detailed inspection, and the software at present has no idea of visual
similarity between usernames.
Proposed solution:
Keep a homograph character table, and for each new username, canonicalize it by
applying the homograph table to it. Then compare this canonicalized version of
the name with a pre-existing list of canonicalized usernames, and block it if it
occurs in that list. In this way, registering a username will block the
registration of other "confusingly similar" usernames.
The good news is that that the heavy lifting for this work has already been
performed as part of trying to close the same spoofing hole for
internationalized domain names, and homograph lists have already been compiled
as part of this work. E-mail me if you want me to dig out the lists; I don't
have links to them to hand on this machine.
Version: unspecified
Severity: enhancement