Every time I see one of these roll out with dots allowed in the username [1], I wonder what they’re thinking. YouTube just made that (IMO) mistake with their new handles and now Discord is doing the same.
I think it’s a mistake because using validated domains as handles makes sense to me. Even if it’s not a requirement, giving businesses and large influencers the option of using a domain as a handle has benefits. Reducing impersonation is one of those benefits and, subjectively, Discord is frequently a component in impersonation scams.
Even if you don’t want domains as handles right now, why wouldn’t you keep the option available by forbidding dots in usernames, especially since Bluesky is getting a lot of hype and they’re using domains as handles? If Bluesky catches on, impersonation using handles that look like domains will become an issue for platforms like YouTube and Discord because they aren’t paying enough attention.
Or is in intentional? Domain validated handles are amazing for small businesses trying to create a consistent experience (across services) for their users, so maybe that’s the whole point. Allowing bad actors to impersonate domains reduces the value of domains which makes users more dependent on platform based verification solutions that don’t double as an advertisement for your website (that you control).
What are the upsides to allowing dots in a username or handle? I don’t see any that outweigh the downsides.
Because outside of HN users, people do not want domains as handles and the feature is actively dangerous. What happens when you forget to renew your domain? The bot that grabs it gets to take over your account or handle?
Its far too complex and expensive for normal users. And businesses don't communicate officially on discord outside of their own server where they are specially tagged.
> Because outside of HN users, people do not want domains as handles and the feature is actively dangerous.
HN is frequently ahead of the curve in terms of trends, so it’s not shocking if most people don’t understand the value until they see someone else getting that value out of a new strategy.
In terms of it being dangerous, I don’t agree. I think having everyone associate me, my brand, my business, etc. with my domain name reduces the risk of being de-platformed because anyone that wants to can easily find me via my universal handle (aka domain) regardless of the platform. I’ll gladly take on the risk of having to remember to renew my domain name as a trade off for the added protections I get via the dispute resolution processes for domains.
> What happens when you forget to renew your domain? The bot that grabs it gets to take over your account or handle?
No. Expired domains have a well defined post-expiration lifecycle that makes it difficult to lose a domain unintentionally . If you don’t notice everything you use being broken for a month, it can’t be that important, right? Yeah, you’d lose the handle, but the account ID is typically immutable and used as a source of truth, so it wouldn’t give a new domain owner the ability to hijack your account.
Any minute now the average user is going to realise that Dropbox is useless, you can just use ftp, and that the MacBook sucks and we should all switch to corebooted thinkpads.
> Any minute now the average user is going to realise that Dropbox is useless, you can just use ftp
I really don’t understand the harm in having more options. Would you say we should never consider anything but Dropbox because it works fine for the average user? What about someone with >250k files which tends to be what all of those sync platforms recommend as the max number of files you should try to keep in sync?
I don't think that was the point.
The point was that the majority of people like convenient things, but a small subset of users on here like complicated, old and hacky things.
Personally I would like to separate business and private me. It is inexplicable to me to not prefer the freedom of anonymity for anything private.
Sure, for business needs that might be adequate, but I don't use Discord for anything professional. Naturally I wouldn't want either my domain or that of my business associated with my Discord account. On the contrary, if there was an association, it would induce a moderate to heavy panic. I don't even do that for private development that I publish.
An ephemeral ID also provides many advantages, especially in these time where everyone and their dog wants to erect walls on the net. I don't want a safe net®. A safe net is for people that are scared. People that are scared are scary. Far more than the average scammer and an associated ID would even expose you to more dangerous ID theft just because you know are a more interesting target.
I think it’s more that no “good” domain names are left. I grabbed my domain name 20+ years ago and still had to choose the like 20th choice.
Trying to make regular people find a free domain and pay $10-35 per year forever is a tough sell. Especially since when I die, my descendants will likely not renew my domain name so someone else could start using.
I like that some sites support domain names as ids but think it can only be optional.
I’d rather just have governments issue a unique id that serves as a public key, non-sensitive id that proves I’m me and I can link to lots of other services. To show that “heiwudhdbsbwjeh” is prepend on HN and whatever on twitter and anything I want to link there.
So rather than harmonizing names everywhere just make linking ids any time I want people to link really easy.
And maybe offer “vanity plates” where I could pay extra to claim, temporarily, prepend.usid or whatever to use instead of heiwudhdbsbwjeh.usid (and prepend.usid will just CNAME to this).
Now a bunch of OGUsers kids can hijack Discord handles and make a bunch of money in the process. Why would any company willingly adopt the scarcity model of usernames today knowing all the problems it invites?
Agree, however Twitter, Instagram and Tiktok somehow made it through. If I'm not mistaken each of these platforms also force-stripped select users of their usernames and reattributed them to "the real" user. So, it'll be mildly interesting to see how Discord manages this. For instance, are certain usernames "off-limits"/"restricted" status, as a preventative mechanism, or is it totally open for the taking? If it's the latter, I'm inclined to create a few more accounts.
It's also the case that Discord users can change their username and display name at any time. It isn't clear to me if this functionality will change in the near future. How much "tech debt" is it really, and why?
For celebrities maybe. For instance for nongeneric usernames on Instagram there are "claiming services" that involve some combination of paid off customer support and Media Partner Panel's that allow them to steal usernames. There's also the classics: SIM swapping/email compromise followed by password resets, extortion, etc. See how @N had his username taken and only got it back a month later after complaining publicly. People have also observed people who work at social media companies taking desirable usernames for themselves.
I had a think about it, and I could tell you my exact username for every platform except discord. I don't put numbers in my username and my main username (not this one) is never taken.
This seems like the problem Discord is facing, their system enforces the worst case scenario for all users rather than just the ones with common usernames.
I assumed they were trying to be nice to users who hate having “supergamer” already taken so they just let everyone who wants “supergamer” use it and tack on some numbers.
Seems like a short term solution to seemingly make users happy but really leads to pain in the long run.
I think this helps initially with 3rd gen services like discord where they don’t want to turn off users who can’t get a “good handle.”
That and lots of discord users were just using it for small gaming groups so why should I need a globally unique id if I just want to talk to 8 friends playing counter strike?
Of course, this sucks in the long run due to confusion around who is doing what when discord wants you to use it as a twitter competitor. And they are more established to inconvenience users to change their handles to unique.
Ancdata, but my mental health is doing great from all these social network changes! First leaving Snapchat for AI nonsense, yesterday I left discord over this hullabaloo. The largest change in my social network inputs is actually cost; I decided to pay for twitter b/c it would piss a ton of people off, and a youtuber got me hooked on Ground news which is essentially an article-shotgun utility. I figure I'm just trading the zero-money-cost but high-bad-actor-cost of one type of company for the several-dollars-cost and reasonably-balanced-actor type of company. Net positive in my book because advertisers lose.
According to the announcement, the rollout of this feature is happening gradually and is based on the account age.
The newly created bots will only be able to register handles after all the current users get access to this feature, so the impact of bots would imo be extremely limited.
I think it’s a mistake because using validated domains as handles makes sense to me. Even if it’s not a requirement, giving businesses and large influencers the option of using a domain as a handle has benefits. Reducing impersonation is one of those benefits and, subjectively, Discord is frequently a component in impersonation scams.
Even if you don’t want domains as handles right now, why wouldn’t you keep the option available by forbidding dots in usernames, especially since Bluesky is getting a lot of hype and they’re using domains as handles? If Bluesky catches on, impersonation using handles that look like domains will become an issue for platforms like YouTube and Discord because they aren’t paying enough attention.
Or is in intentional? Domain validated handles are amazing for small businesses trying to create a consistent experience (across services) for their users, so maybe that’s the whole point. Allowing bad actors to impersonate domains reduces the value of domains which makes users more dependent on platform based verification solutions that don’t double as an advertisement for your website (that you control).
What are the upsides to allowing dots in a username or handle? I don’t see any that outweigh the downsides.
1. https://support.discord.com/hc/en-us/articles/12620128861463...
Its far too complex and expensive for normal users. And businesses don't communicate officially on discord outside of their own server where they are specially tagged.
HN is frequently ahead of the curve in terms of trends, so it’s not shocking if most people don’t understand the value until they see someone else getting that value out of a new strategy.
In terms of it being dangerous, I don’t agree. I think having everyone associate me, my brand, my business, etc. with my domain name reduces the risk of being de-platformed because anyone that wants to can easily find me via my universal handle (aka domain) regardless of the platform. I’ll gladly take on the risk of having to remember to renew my domain name as a trade off for the added protections I get via the dispute resolution processes for domains.
> What happens when you forget to renew your domain? The bot that grabs it gets to take over your account or handle?
No. Expired domains have a well defined post-expiration lifecycle that makes it difficult to lose a domain unintentionally . If you don’t notice everything you use being broken for a month, it can’t be that important, right? Yeah, you’d lose the handle, but the account ID is typically immutable and used as a source of truth, so it wouldn’t give a new domain owner the ability to hijack your account.
I really don’t understand the harm in having more options. Would you say we should never consider anything but Dropbox because it works fine for the average user? What about someone with >250k files which tends to be what all of those sync platforms recommend as the max number of files you should try to keep in sync?
Sure, for business needs that might be adequate, but I don't use Discord for anything professional. Naturally I wouldn't want either my domain or that of my business associated with my Discord account. On the contrary, if there was an association, it would induce a moderate to heavy panic. I don't even do that for private development that I publish.
An ephemeral ID also provides many advantages, especially in these time where everyone and their dog wants to erect walls on the net. I don't want a safe net®. A safe net is for people that are scared. People that are scared are scary. Far more than the average scammer and an associated ID would even expose you to more dangerous ID theft just because you know are a more interesting target.
When’s that? Last time I checked the average HN user still thought TikTok was about dancing teens
Trying to make regular people find a free domain and pay $10-35 per year forever is a tough sell. Especially since when I die, my descendants will likely not renew my domain name so someone else could start using.
I like that some sites support domain names as ids but think it can only be optional.
I’d rather just have governments issue a unique id that serves as a public key, non-sensitive id that proves I’m me and I can link to lots of other services. To show that “heiwudhdbsbwjeh” is prepend on HN and whatever on twitter and anything I want to link there.
So rather than harmonizing names everywhere just make linking ids any time I want people to link really easy.
And maybe offer “vanity plates” where I could pay extra to claim, temporarily, prepend.usid or whatever to use instead of heiwudhdbsbwjeh.usid (and prepend.usid will just CNAME to this).
It's also the case that Discord users can change their username and display name at any time. It isn't clear to me if this functionality will change in the near future. How much "tech debt" is it really, and why?
This seems like the problem Discord is facing, their system enforces the worst case scenario for all users rather than just the ones with common usernames.
Seems like a short term solution to seemingly make users happy but really leads to pain in the long run.
I think this helps initially with 3rd gen services like discord where they don’t want to turn off users who can’t get a “good handle.”
That and lots of discord users were just using it for small gaming groups so why should I need a globally unique id if I just want to talk to 8 friends playing counter strike?
Of course, this sucks in the long run due to confusion around who is doing what when discord wants you to use it as a twitter competitor. And they are more established to inconvenience users to change their handles to unique.
Finally a breath of fresh air for spammers. Beside "your password has expired" mails i will get now "your username has expired". /s
The newly created bots will only be able to register handles after all the current users get access to this feature, so the impact of bots would imo be extremely limited.