[wp-trac] [WordPress Trac] #53402: Uniform Hashed User Naming Schema for Cross-Domain Interoperability and Transparency in Aggregate Data
WordPress Trac
noreply at wordpress.org
Tue Jun 22 07:07:29 UTC 2021
#53402: Uniform Hashed User Naming Schema for Cross-Domain Interoperability and
Transparency in Aggregate Data
-------------------------------------------------+-----------------------
Reporter: 411c3 | Owner: (none)
Type: feature request | Status: reopened
Priority: normal | Milestone:
Component: Privacy | Version: trunk
Severity: normal | Resolution:
Keywords: needs-design-feedback needs-testing | Focuses: privacy
-------------------------------------------------+-----------------------
Changes (by 411c3):
* status: closed => reopened
* resolution: maybelater =>
Comment:
Replying to [comment:3 johnbillion]:
> @411c3 It's not clear what is being proposed here or what problem it
solves. This sounds like something at the initial idea stage which needs a
lot more work before it can be considered for inclusion in other software.
As an example, what happens when the user forgets or changes their pass
phrase?
>
> It would be a good idea to release this as a plugin first to gauge
interest.
Hi John, this solves both identity theft AND more immediately, cyber
centralization — which WordPress, by design, is a natural response to.
WordPress gets the job done, except for the inability to seamlessly and
safely pollinate user identity crossdomain (ie, identifying users from one
site to another). Gravatar functioned towards solving this issue, but
poses serious security risks by revealing PII, which have been well-
documented (and yet it's shockingly still used at every level of business
and government). The method proposed here is already wrapped into a plugin
but can be added as an option into core, similar to Gravatar, only much
safer than Gravatar. The question of forgetting the passphrase evinces a
misunderstanding of the function of the hashed passphrase, which is
already widely used in a naming schema in other open source software used
to sign posts. As incorporated here, into Wordpress, it functions as a
username or email. If you forget your username and email, then what? And,
as it stands, usernames already can not be changed. Please reconsider
opening. It appears this ticket was given a cursory glance without any
serious consideration. Thanks.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53402#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list