Chris Lüer wrote:
At 09:59 AM 6/19/2006, Guettarda wrote:
Don't forget the accounts which exist to prevent impersonation in one's main language - names with capital I's to mimic L's and Cyrillic characters. Deleting these would just open things up for abuse again.
Is there are a reason why user names with weird Unicode characters are even allowed? It would seem sensible to limit user names on each Wikipedia to the alphabet that is used in that language.
Chl
A suggestion, based on practices used for IDN registration:
Restrict new usernames on the en: Wikipedia to characters from the Latin alphabet and selected punctuation only (and possibly digits as well).
Before allowing a username to be registered, generate a canonical comparison form by Unicode normalization, lowercasing, punctuation and space suppression and accent-stripping, followed by homograph canonicalizations such as mapping both digit zero and letter O to the latter, digit 1 and letter L to the latter, eth to lowercase d, etc.
A new username should then only be allowed to be registered if the comparison form of the proposed new username is different from the comparison form of every existing username (which are stored in an indexed table, alongside the full, uncanonicalized name that actually gets registered).
Doing this will eliminate the vast majority of all simple username spoofing hacks.
Existing usernames get grandfathered in, of course.
-- Neil