this post was submitted on 14 Jul 2023
3 points (100.0% liked)
Mastodon
5239 readers
1 users here now
Decentralised and open source social network.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I.E.: if you could get the instance owner, it might be possible if they are willing to manually edit the database
That's pretty much it. I gather that there may be something to do with public/private key pairs tied to the identity so might not actually work even if you edit the DB though.
The display name is easy, but the actual user ID is not, with good reason. If you direct messaged someone or blocked them and the ID could change at will it would cause all kinds of issues.
The other side to keep in mind here, since there's no karma or anything the only thing you lose by just creating a new account is a comment/post history.
There is karma ... It just isn't displayed.... I.E.: Someone could make an addon/app that would display karma because we can see upvotes and downvotes
Also, I still think it would be possible to change a user ID for an admin that is determined enough
I'm curious on that. Programming isn't really my part of the game, but generally with something like this there would be some sort of signing keypair for any given identity to avoid even a server admin from creating posts purporting to originate from an alternate source. Async crypto has an identity encoded into the key pair for which it's valid (look at the cert for any https website, within that big string of gibberish there is a set of encoded info that lists the site name, issuer, dates, etc) and if you just brute force changed the user ID it would no longer match the keypair making it invalid.
I'm not even sure such exists here, but without it really we all would have about much credibility as anons on 4chan, and what good is any kind of vote/karma scoring then?