Can anyone change their name in NGC, even to other peoples names?

[emdee-is]

Can anyone change their nick name in NGC, even to other peoples names?

If anyone can change to any nick, including existing group members (so that there is 2 or more with the name nick), the what is the mean of the target to a /whisper?

If A wants to /whisper to B to avoid C from hearing, what if C changes his nick to B?

I think NGC clients should prevent 2 people with the same nick.

(Trying to attach a screenshot where Cymera is just playing and is he allowed to change his name to Terry Davis, but it wont let me.)

[JFreegman]

This is a known issue that's a bit complicated to fix and I haven't had the time lately. Fairly recently you weren't allowed to have duplicate nicks in a group so this wasn't a problem. Now you'll need to /whisper the specific public key rather than the nick if more than one exists.

[emdee-is]

So just to clarify, I can wait for you to log out of the group for the night and log out and then change my name to JF, and people will treat me with respect, and send me all of their /whispers? Doesn't seem right to me.

I don't have any suggestions on what I would think is right either. PK is too big.

[emdee-is]

Thinking outloud here, I think I would want at least for the clients to ask me if I want to accept a namechange or not. If ToxProxy wanted to change their name to JF, I'd like in my client to be able say no. Same with too long names with wierd unicode that just turned my NGC group into a write-only experience for me - I can type but it doesn't show up in the window, even though others can see what I wrote! (Fixed by a /clear - but even then,the /list command gave me "Failed to parse message" for some wierd names - I think and embedded linefeed in the name.)

The table of nicks is the table that I in the client agree on, and is just an association table to a PK. Maybe in the client I should be able to control it. At the very least, it should be cleaned of non-printing chars - ...

I'm almost feeling I want to treat this table like I would a keyring with a trust model. I want to keep that table of association of nicks with PKs under my strict control, maybe not even saved in the profile, but say in a json file that the client makes it easy to swap out for a keyring manager.

If so, then this step of the client managing securely the table of Nick->PK is at the same time the first step of the client securely managing Persona->PK(ToxID) in the idea I elaborated for MultiDevice.

[JFreegman]

This is far too complicated of a feature. For now, you're just going to have to be vigilant of impersonators and try to write down or remember the public key of friends who you might be having private conversations with.

[emdee-is]

It's a client-side issue the clients have to address. I don't think it's that complicated: https://git.macaw.me/emdee/tox_profile/wiki/MultiDeviceAnnouncementsPOC

Until then I'll warn users to avoid Tox NGC until this is dealt with as there's no straight-forward way in the clients to know if someone is impersonating.

[JFreegman]

Again, the straight-forward way is to verify their public key. That's what the /whois and /list commands are for. You also have various out-of-band options.

"If you don't implement X feature for me I'm going to tell everyone to avoid your software" is counter-productive and rather childish. If you want this feature so badly, you can either pay someone to do it, or implement it yourself either as a fork, or a pull-request. Alternately, you are free to use different software that suits your use cases.

You have a history of making toxic and disrespectful comments both here and in the TokTok repo. I shouldn't need to remind you that we are unpaid volunteers. You aren't entitled to anyone's work, nor are you entitled to have every feature you want implemented.

[emdee-is]

It's not at all childish when it's a security issue not made apparent to the users.

I had the option of implementing it on toxygen, which would be the easiest client to do it on because it already supports a plugin system, but it would require a consensus between client software writers that I judge unlikely to come about: your closing the issue is an example. You would need to have an accepted proposal and spec, and I am disrespectful of the likelihood of that happening given how long it's been since there was any work done on it or the "official" proposal, or the likelihood of any project planning in general TokTok/c-toxcore#2584 (comment),

Alternately, I am free to advise others to use different software that suits their use cases as I can't recommend Tox NGC until this is solved, as I have written publically for over a year.