Brion Vibber wrote:
Gregory Maxwell wrote:
On 8/14/07, Brion Vibber wrote:
This minimizes the risk of someone else milling your accounts for information by making an account which would get merged in due to disuse or matching e-mail address.
Ah. I didn't realize that we'd join across accounts using non-confirmed email data.
I thought we did this.
You can reset the password if the email is set to your e-mail address. Thus any account that matches the email will be given to you if you are confirmed (by password) to own the master account.
Once merged, the first thing to do would be change the email on the account taken over :-)
This creates an obscure and hard to exploit but fun hole:
Step 1. Pick a prominent non-admin on enwiki who is also not an admin anywhere else.
Step 2. Email them something friendly in order to determine their email address.
Step 3. Create an account on an obsecure wikimedia wiki where obtaining adminship is trivial. Set your email address to theirs, don't confirm.
You don't have a choice about confirmation -- when you set the e-mail address it'll send a confirmation email automatically. Thus they're alerted, and the jig, as they say, is up. :)
Then what? It alerts of the action, but you can't stop it. The confirmation message says: Someone, probably you from IP address X.Y.Z, has registered an account "YourName" with this e-mail address on Wikipedia.
To confirm that this account really does belong to you and activate e-mail features on Wikipedia, open this link in your browser:
http://test.wikipedia.org/wiki/Special:Confirmemail/baddeefbaddeefbaddeefbad...
If this is *not* you, don't follow the link. This confirmation code will expire at XXX
So, there's no option to "refuse" the email connection. The receiver may think, "oh, somebody registered an account with my name at the wikipedia in strange language" but not matter more about it (note he's relating the warning to the username, not with their email). If he checks the contributions will see a user with good editions. If username clashes are as common as Anthony says, he won't think it again (until he loses his account). He would need to be a paranoic, knowing this vulnerability running to warn a steward or takeover it. And still he'll need to sleep.
I'd create the takover account and not set its password to the matching one before minutes of Merging them.