Considering the relatively short response times the original owners were given in some cases, and you do not gain anything from having all those usernames I think what you did was kind of a dick move.
And because of that you'll use it to acquire even more usernames.
You opened a dispute to take someone's chat/telegram name... Not cool. What if the person was active but just didn't want to reply to you? Why would they, you don't own the rights to that username. What if they were away for personal or health reasons temporarily?
You're not a brand. You're not a product. You're someone who has those letters in your name, just like I'm sure a lot of other people.
What gives you the right to claim those usernames more than anyone else? In some cases it seems what gives you the right is just the fact that you bothered support, or opened disputes, to give you a name on another service then used that fact to get more of them.
I read your comment before reading the article. I fully agreed with you, but then got surprised: It's not a fair comment at all. The author clearly states his discomfort with the short reaction times and he did nothing shady to get the username, he just followed the protocol defined by the services or politely asked. That's not as entitled or a dick move as you make it seem.
My initial reaction was the same as yours. The fact he wrote this up gives me hope he did this more to raise awareness to how much of a problem this is.
He was asking for something he was probably not entitled to, was open and honest about that fact and various services turned the usernames over to him.
Imagine what someone with ill intent and using fraudulent means could do.
Wow. You know it is inconsiderate of you to do that, but you are still sharing details on how you did it as if it's an achievement. Most people want the same username on all websites, but really, one month's of inactivity is a very short period of time to kidnap someone's username. There are companies that give six months (or more) of maternity/paternity leave alone.
> When YouTube first started giving out names, they used Google+.
When YouTube first started giving out names, Google+ didn't exist.
Then there was the merger of Google accounts with YouTube, then there was the merger of Google+ profiles and posts with YouTube profiles and comments to inflate G+'s stats and force people to use it. Despite all that churn, I don't think old YouTube usernames from 2006 ever stopped working.
They did not. You really had to jump through hoops to keep it - they really tried to force you to merge your accounts — but it was possible. Source: I never converted.
i'm sure the former owners of 'edent' are ecstatic about your hobby.
I imagine, somewhere, a family with a dead relative, 'Emily Dent' in my head-cannon, is trying to login to their edent to download the family album to no avail.
It's so true. If I register an username on a site that's not impersonating anyone or a brand, I should expect to keep it even if I'm not that active. If I'm gone for 5 years, sure, that's fair, but how would you feel if you went on a Hacker News break for 3 months and dang gave your username to someone else?
His account has a published package available that was pushed about 3 months ago - hardly dormant, and based in their disputes process [0] it seems unlikely anyway:
> To dispute a user name [...] After 4 weeks, if the owner has not responded, support will address your request. The ultimate outcome is at their discretion and judgement.
And this statement on squatting confirms that it would be 'extremely unlikely':
> We are extremely unlikely to transfer control of a user name, as it is totally valid to be an npm user and never publish any packages: for instance, you might be part of an organization or need read-only access to private packages. If a user has not logged into their account in a long time, we may consider transferring a name if it is requested by a new user.
Real name policies bother me a lot. They're just about the laziest and most personally-intrusive way to get the worst kind of legibility into your user base.
I don't often wish for legislative resolutions to social ills, but if anything needed a law, it's this. Maybe California or the EU will take up the torch. Ideally both, I don't want companies evading these kinds of things by bifurcating their userbases.
I rotate usernames on sites that I don't want to be tied to me professionally or that I don't intend to spend money with, like reddit. My fav. trick is to do some random password I'll never remember and whenever the site decides to log me out then so be it.
I use the same name everywhere possible (driverdan) for anything I want publically associated with my real identity. If I want something anonymous I use a different name. This lets me control my online identity.
We have long associated usernames with identities, and assigned trust and obligations to those.
One of the first places this was recognized is email addresses. Reassign the email address username, and the new person might receive sensitive email intended for another person, and also impersonate them for some purposes, accidentally or intentionally.
(Additionally, today, with all the creepy mass intimate profiling that's going on, both parties linked to the same address could have their profiles tainted in ways undesirable to them.)
A service transferring usernames to another party, simply because that party would like to have that particular username (not because of some separate transfer of some functional role), seems questionable security. I'm surprised the first example from the article, NPM (who should be security-paranoid right now), would permit something like that, as a matter of policy, even if it wasn't obviously a direct threat in this instance. And then the next example -- Telegram -- is also a concern.
I was on the same way - but stopped because of privacy concerns. Especially if the name is sufficiently different from others, it is becoming fairly simple to research people.
I stopped doing this recently because it makes password breaches devastating and online tracking easier. Now the only stable screen name I use is for my professional persona. Everything else I sign up with whatever random screen name is in my head at the time. Some of them I toss in the password manager, effectively making it also a username manager. Others, like HN, I don't store the username or password at all. Once the session dies for whatever reason I just make a new account. It's very freeing!
While I understand the privacy/tracking problems, why would password breach be a problem, if you are already using a password manager which would supposedly make it easy for you to use different passwords on different sites?
If you use the same password with every account, sure - it's devastating.
I use a unique email address and password for each account, and 2FA where possible. I don't think the public username being consistent is too much of a risk.
That said, I do also have random non-associated accounts, just like you.
While I don't necessarily agree with this author's motivation, I do wish that there were easier ways to claim names from Twitter/etc.
For example, someone camped on the twitter name for progscrape.com (twitter.com/progscrape) and then got it suspended. Twitter won't release a name like that unless you've specifically got a registered trademark. That's pretty expensive for a side-project.
There _should_ be a balance in releasing names in a global namespace, but it should err in the side of not taking names away from legitimate users.
A one-year waiting period is probably a decent balance.
This post reminds me of a podcast episode
of "Reply all". In episode "#130 The Snapchat Thief", less ethical ways of obtaining certain usernames become clear.
> Usernames are hard. Perhaps, in an ideal world, we'd all use Indie Auth and use our domain names as our usernames. I'd be twitter.com/shkspr.mobi, for example.
Can we use our domain name as our username on twitter? Is dot a restricted character?
I have a username I’ve been wanting to get for years on Twitter, the last tweet the account holder sent out was in 2014 and they’ve only posted like 20 tweets, so highly unlikely to be an active user.
Yet twitter never seems to release the inactive account, despite claiming they may permanently remove inactive accounts. I’ve reached out to the owner several times; no response. I’ve considered resorting to blackhat solutions and taking matters into my own hands.
I have recovered Twitter accounts before - and I don't advise going blackhat.
In my case, my employer wanted an account which was inactive. We reached out to our brand partner (I think) and discussed it with them. They didn't tell us what methods they used to verify the account was dormant, but they did ask us to prove our trademark etc.
A few weeks later we got the account.
Now, that's with a fairly standard trademark dispute - it will probably be harder if you don't have a tm.
[+] [-] a254613e|6 years ago|reply
And because of that you'll use it to acquire even more usernames.
You opened a dispute to take someone's chat/telegram name... Not cool. What if the person was active but just didn't want to reply to you? Why would they, you don't own the rights to that username. What if they were away for personal or health reasons temporarily?
You're not a brand. You're not a product. You're someone who has those letters in your name, just like I'm sure a lot of other people.
What gives you the right to claim those usernames more than anyone else? In some cases it seems what gives you the right is just the fact that you bothered support, or opened disputes, to give you a name on another service then used that fact to get more of them.
[+] [-] MagicAndi|6 years ago|reply
[+] [-] onli|6 years ago|reply
[+] [-] edent|6 years ago|reply
If you want to keep your username, the lesson here is to read the T&Cs and comply with them.
And, as I say several times in the blog post, I don't have the right to those combination of letters.
[+] [-] 300bps|6 years ago|reply
He was asking for something he was probably not entitled to, was open and honest about that fact and various services turned the usernames over to him.
Imagine what someone with ill intent and using fraudulent means could do.
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] piyush_soni|6 years ago|reply
[+] [-] edent|6 years ago|reply
What are you going to do to protect your accounts now you have that knowledge?
[+] [-] TazeTSchnitzel|6 years ago|reply
When YouTube first started giving out names, Google+ didn't exist.
Then there was the merger of Google accounts with YouTube, then there was the merger of Google+ profiles and posts with YouTube profiles and comments to inflate G+'s stats and force people to use it. Despite all that churn, I don't think old YouTube usernames from 2006 ever stopped working.
[+] [-] edent|6 years ago|reply
I'll correct the post. Thanks!
[+] [-] JOnAgain|6 years ago|reply
[+] [-] SoReadyToHelp|6 years ago|reply
[deleted]
[+] [-] serf|6 years ago|reply
I imagine, somewhere, a family with a dead relative, 'Emily Dent' in my head-cannon, is trying to login to their edent to download the family album to no avail.
[+] [-] dannyw|6 years ago|reply
[+] [-] edent|6 years ago|reply
But, more seriously, I've only claimed inactive accounts. If There was activity on them - or any content - I'd be less inclined to proceed.
[+] [-] anc84|6 years ago|reply
[+] [-] grkvlt|6 years ago|reply
> To dispute a user name [...] After 4 weeks, if the owner has not responded, support will address your request. The ultimate outcome is at their discretion and judgement.
And this statement on squatting confirms that it would be 'extremely unlikely':
> We are extremely unlikely to transfer control of a user name, as it is totally valid to be an npm user and never publish any packages: for instance, you might be part of an organization or need read-only access to private packages. If a user has not logged into their account in a long time, we may consider transferring a name if it is requested by a new user.
0. https://www.npmjs.com/policies/disputes
[+] [-] vinceguidry|6 years ago|reply
I don't often wish for legislative resolutions to social ills, but if anything needed a law, it's this. Maybe California or the EU will take up the torch. Ideally both, I don't want companies evading these kinds of things by bifurcating their userbases.
[+] [-] Tepix|6 years ago|reply
I recommend you do the same.
[+] [-] edent|6 years ago|reply
Having a unified identity is a risk - but having a unique identity is not risk-free.
[+] [-] rotated_name|6 years ago|reply
[+] [-] driverdan|6 years ago|reply
[+] [-] neilv|6 years ago|reply
One of the first places this was recognized is email addresses. Reassign the email address username, and the new person might receive sensitive email intended for another person, and also impersonate them for some purposes, accidentally or intentionally.
(Additionally, today, with all the creepy mass intimate profiling that's going on, both parties linked to the same address could have their profiles tainted in ways undesirable to them.)
A service transferring usernames to another party, simply because that party would like to have that particular username (not because of some separate transfer of some functional role), seems questionable security. I'm surprised the first example from the article, NPM (who should be security-paranoid right now), would permit something like that, as a matter of policy, even if it wasn't obviously a direct threat in this instance. And then the next example -- Telegram -- is also a concern.
[+] [-] cygned|6 years ago|reply
[+] [-] tablethnuser|6 years ago|reply
[+] [-] llamathrowaway|6 years ago|reply
[+] [-] edent|6 years ago|reply
I use a unique email address and password for each account, and 2FA where possible. I don't think the public username being consistent is too much of a risk.
That said, I do also have random non-associated accounts, just like you.
[+] [-] hannasanarion|6 years ago|reply
[+] [-] mmastrac|6 years ago|reply
For example, someone camped on the twitter name for progscrape.com (twitter.com/progscrape) and then got it suspended. Twitter won't release a name like that unless you've specifically got a registered trademark. That's pretty expensive for a side-project.
There _should_ be a balance in releasing names in a global namespace, but it should err in the side of not taking names away from legitimate users.
A one-year waiting period is probably a decent balance.
[+] [-] duub|6 years ago|reply
[+] [-] stunt|6 years ago|reply
[+] [-] beilabs|6 years ago|reply
Can we use our domain name as our username on twitter? Is dot a restricted character?
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] efdee|6 years ago|reply
[deleted]
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] MElokour|6 years ago|reply
[deleted]
[+] [-] xwdv|6 years ago|reply
Yet twitter never seems to release the inactive account, despite claiming they may permanently remove inactive accounts. I’ve reached out to the owner several times; no response. I’ve considered resorting to blackhat solutions and taking matters into my own hands.
[+] [-] edent|6 years ago|reply
In my case, my employer wanted an account which was inactive. We reached out to our brand partner (I think) and discussed it with them. They didn't tell us what methods they used to verify the account was dormant, but they did ask us to prove our trademark etc.
A few weeks later we got the account.
Now, that's with a fairly standard trademark dispute - it will probably be harder if you don't have a tm.
[+] [-] driverdan|6 years ago|reply
[+] [-] loriverkutya|6 years ago|reply