A friend of mine has a relatively common first name and last name, and she regularly gets mail that is clearly not meant for her. She started a Facebook group for homonyms to help her route mail, and it now have a hundred members and have helped people get important documents.

At some point, they even organized an impersonation because someone needed to retrieve an official document and couldn’t be there in person. Another member nearby offered to go and get it. “Won’t you need my ID for that? — Oh, I have one with just the right name…”

My name isn’t super known, but it happened to be the same as that of a very big fish in the financial institution I worked for.

Thankfully these people were working mostly through physical meetings and calls, so no sensitive info was leaked, but I did get calendar invites to discuss the future of entire countries as an engineering intern.

I used the name a couple times to set up our internal meetings in the fancier upper floors, so we could have whiteboard discussions over a fancy hardwoods table. No one questioned the name appearing in the entrance display as the current user.

Not identical, but I once shared most of the first name as well as my last name with a VP of research at the company I worked for, and we were in the same technical field. My (much less impressive) publication record got confused with his frequently and I always wondered if it gave me a career boost.

We had a board member who frequently emailed confidential documents to a security guard with the same name as another director.

It was his iPad's fault, apparently.

How did that play out?

It basically defines the organization.

>> My name isn’t super known, but it happened to be the same as that of a very big fish in the financial institution I worked for.

Same thing happened to me. My name in outlook was the right under a high up VP. Outlook auto correct would bring my name up at the top of the list so people would just hit enter and write their email.

Same thing, I was getting some emails I clearly should not have been viewing, with budgetary spreadsheets and names of people who were being considered for layoffs.

One of them I sent back to the VP and diplomatically explained the mixup. I didn't get any emails for a few months and wondered how they fixed the situation. I guess they gave the VP and underscore in his name instead of the normal firstname.lastname@company.com so now when I typed in my name, his came up first.

Plot twist: you were the real VP all along.

Try it sometime... My name is somewhat common, but not even close to "John Smith" common... but even at about 1:20,000 or so I've seen a few conflicts just from my name. Another me was born the same day in the state I reside in... I've had a few things on my credit history get tangled up over it.

I've also met two others with the same name, purely coincidentally, not related. I worked on an access/security software team at a major bank (about 350k employees internationally at the time), I found 3 bugs just by being me. Since even SSN/Tax-Id varied, there were several ways to match identity and I had conflicts in a couple of them with other employees. Last Name + last-4 of tax/ssn/national-id (for whatever country the employee was in) was one of them. I don't recall the other two right now, been about 15 years.

An ex-gf of mine’s dad had the same name and birthday as a convict. Caused him plenty of trouble when crossing the border apparently. Hopefully that’s not the case for GP

Used to work as a manager at a pizza place and we had a guy apply to deliver who had the same name as... their son.

Allegedly Jr. had a lengthy record including some drug offenses and something like a DUI / DWI. Naturally Sr. And Jr's records got crossed since they have the same First, Last, and Address, which caused Sr. many headaches including that we required a driving record check that would fail on a DUI / DWI.

>I just don't understand how someone born on the same day as you having the same name was "irritating".

Because, lacking a national identity number, the natural way to distinguish to people in a system when the name wouldn’t do is going to be age/birthdate or location.

Birthdate and place of birth are used as identifiers (I have been asked what hospital/city I was born in before on paperwork).

Nice to meet you, Jeff Lebowski.

Now stay out of Malibu

I have a relatively rare name — I’ve actually never met anyone with my last name, never mind someone with my full name — and this happens to me regularly. Last week I got a job rejection from New Zealand post, for a while I was getting someone’s pay stub notifications from the US, etc.

I suspect it’s because I was the first to register the first.last@gmail.com address for my name. I guess it’s a bit like owning a simple noun .com domain.

I use my lastname [at] gmail (same as my HN username). Over the years, I’ve received all sorts of misdirected messages: medical, financial, support, even real estate documents. When it seems important, I do my best to contact the sender and let them know.

What I’ve learned is that “no-reply” email addresses can cause real harm in situations where it’s critical to reach an actual person.

One of my gmail doppelgängers has started trading crypto and I am deeply concerned for them.

I think mine is worse off. He keeps being signed up for Facebook notifications on whatever activity he's doing.

Absolutely... I've had the same issue (nickname is gmail name), and constantly amazed how many people don't "get" that you can't just claim any gmail address you like and start using it on websites anyway.

I've gotten student financial aid docs, various product mailing lists, order receipts etc... it's amazing how many places take an email address and just start spamming without any validation at all.

My dad's first name is my last name so my last name @gmail is taken by him :)

But I have a relatively rare first name and even rarer last name due to my dad having a very rare first name, so I easily snagged first.last. Pretty sure to this day I've never even seen anyone with my dad's first name (or my last name).

Meanwhile, my coworkers name is literally Adam Smith and his usernames tend to be adamsmith2 or 3 or 4.

I once worked at a place that has two Brian Smiths who worked at desks across from each other. That was quite bizarre.

I've worked in a few groups over the years with several other "Michael"... It's not fun when you get 4 in a group (dev/mgt teams) of like 15.

One place I worked, we had one guy with the same personal and family names of the (then) Director General of the BBC… working on a project with another guy who also shared both.

I am not the horror film director I share a name with.

> Over the years, I’ve received all sorts of misdirected messages […]

Looking at my text messages, surely these are a mix of serious business and the starts of scams. How unsavory to think that helping someone could be a bad thing.

Same boat. Obscure last name humans unite!

I get a ton of email to my gmail address for other people with similar names.

One of them was a director at Google, but I think she retired. Always assumed that meant I'd get a lame work email if I applied there.

I have lastname.firstname@gmail.com because first.last was already taken.

Just curious, do gmail accounts ever expire? Will I ever get the chance to snag the other one? Or does it forever belong to my nemesis and life-long enemy?

Even if your google account is deleted, the email address is NOT recycled because it can be used to impersonate people - maybe the previous owner still has physical/digital accounts linked to that old email. As far as I know most services do this - an email address once registered is never released again.

This answer is not actually correct. I have an account I deleted 18 years ago, still can’t make it again.

Could in theory be because someone else grabbed the account 16 years ago tho, unless I'm missing something?

No Google does not allow creating a new account with a previously-used Gmail address. Each Gmail address can be used at most once.

I emailed the address to make sure: It bounce due to not existing.

You can never make another account with that address because Google does not delete things.

Unused they have a half-life. Google Voice numbers much more aggressively so.

It's somewhere in the document.

Yea I own first.last@gmail.com for my name too and I get emails for who I think is the same person fairly often. Like job stuff, professional education emails, etc. I used to reply to them saying wrong person but have given up...the guy must not care about not getting these emails...

My first name is very uncommon and my last name is very common.

I am on the other side of this problem and was surprised because it is very easy to contact me. When the other person with my name forwarded the emails, it was all careless and unwanted recruiter mail. Someone goes into work, types first.last@gmail, and hits send without doing one Google search. Incredible.

I'm in the same boat, except my first and last name are fairly common. My gmail account is not my primary email address, and to be honest I don't know if I could manage making it my primary because of the amount of rubbish I get.

Same, albeit it seems like multiple people. Or at least someone who moves states.

It's bizarre though... who puts down an email address they don't own on a job application?!

I recently wanted to introduce someone to our internal recruiters to a person with a long, uniqueish name. The recruiter was like: they did respond with „I’m not interested“. But the person was like: I’ve never got a mail.

Turned out the whatever tool our recruiter used spit out „first.lastname@gmail.com“ even though the person in question doesn’t own that email.

Interesting!

I've gotten a wide enough variety of stuff (mortgage paperwork, homeowners insurance, game service accounts) that some of it has to be organically entered, but that is a good note. Crazy that any system would be set up that way, but HR tech is a clusterfuck.

I am lastname.firstname@gmail.com, but I wouldn't be surprised if something similar is happening in some instances.

I own tsrif.last@gmail.com and luckily I don't get any misdirected mail there.

I have met someone with my last name, if its not hyphenated, which mine is. My name is as unique as it gets with hyphenating. I never use my hyphenated name anywhere other than 100% legal stuff.

My address is the same. Someone with my name thinks their email address is firstlast@gmail.com

Its annoying especially since we have the same bank and they are not very good at paying their credit card on time. I therefore get their bank emails. Initially It will always have me confused as weight wait. I don't have any balance on my credit card. Was this fraud?

I'm in exactly the same situation - very rare last name, first.last@gmail.com address, wrong mail from all over including NZ.

I have pretty rare first and last name, but somehow have gotten random person's car service receipts (and reminders) from a service place in the US (I live in NZ).

There car has a lot of problems.

I got on twitter pretty early too, and just have a short first time as my @, and occasionally get DMs about getting my @, but no one wants to hand out cash for it. The most I've been offered is $50. But most just expect me to give it for free.

I had an Australian criminal defense attorney with my name, register the .au version of my personal domain.

I used to get very sensitive documents sent to me. A lot of juvenile cases. I suspect people could have gone to jail for sharing it.

It's really on the sender, to make sure, but it's still a nasty situation.

It eventually stopped. I think they ended up registering a different domain name. I used to diligently respond, when sent erroneous documents, but never got a reply. I destroyed them, but there's no telling where other copies might have gone.

I have a relatively uncommon first name (for my age group) but a very common surname. The first person I met with the same first name as me was when I was about 13 — they also had the same surname.

> At some point, they even organized an impersonation because someone needed to retrieve an official document and couldn’t be there in person. Another member nearby offered to go and get it. “Won’t you need my ID for that? — Oh, I have one with just the right name…”

That's a felony in many places.

If it hypothetically was a crime, I wonder how often it would actually get prosecuted given someone used their real ID, showing the office failed to check anything other than a name known to have dupes, and/or given they had no intent to steal something and acted with knowledge and permission of the intended recipient, showing no malicious intent. I can imagine reasons those wouldn’t be considered a valid defense, but I guess it probably depends on what office & document & law we’re talking about.

My name is X and another person also named X tells me to gather their documents from the office. Other X also signs a paper for me that says I'm allowed to do this.

I ask the office clerk: "Hi, I'm here to retreive the documents for X". He checks my ID and gives me the documents without asking for written permission from the other X.

It's deception by omission, but there is no fraud. I was legally allowed to do this. It's also a win for everyone because it avoids complications.

The key term in most statutes is dishonesty.

Impersonating someone at their behest as a favour is unlikely to be dishonest.

That's debatable. If I let my friends impersonate me to use my zoo membership for free entrance, then were clearly defrauding the zoo (obviously that's not high stakes, but I dare someone to argue it's not). If one of a set of identical twins is better at math and takes all the math tests for their sibling, that's pretty clearly academic fraud, again pretty low stakes but fraud is still fraud

Key note because in case someone decides to go bad faith here, I think the gp comments use case of fraud is a positive thing (if a bit dangerous). Redefining a term just because you don't like the pejorative implications is not a positive thing, though.

There are so many things wrong with this thread. At least you make an effort, but the categorical dismissals are interesting as well and probably explain to some extent why so many hackers end up in trouble with the law.

It's pretty simple: they are deceiving the other party that the document was handed to the right person, the consequences of which range from 'meh' to spending 6 years behind bars.

Let's say this was a summons for a court case. Then the judge would believe the papers were served properly, when in fact they were never served. Permission doesn't enter into it here, it is wilful deception by two parties of a third. The same name should not normally be enough to get away with this but assuming the story is real (there are many reasons to doubt this, such as the ID matching the name, but nothing else) it all depends on who does the checking. In some cases you might not even go home without a small detour in case you are found out (for instance, because the person handing the document over is familiar with the real recipient).

So, jurisdiction matters, what that document was matters, whether the permission was granted in writing (procuration), who the counterparty was, what the value of the document was, whether the parties lived in the same state/province or country and whether or not the permission was communicated to the person passing the document to the wrong recipient (probably not) and lots of other factors besides, such as the person giving permission still evading some legal obligation, which - conveniently - the story doesn't relate (and which hinges on what that document was).

And that's before we get into the wilder options of the second person being social engineered because after all, the only way they could be sure that they were acting on behalf of the real recipient would be to check their identity, in person, and with someone who is able to do that in a way that is legally binding.

No it isn’t.

They didn't obtain anything, though.

I understood that they obtained legal documents

They retrieved those documents and gave them to the intended recipient. “Obtain” suggests something longer term.

So the story says. But what if they didn't? What if it turned out the person receiving the document from the person picking it up also wasn't the intended recipient. How would they know? And if so they'd be holding a document that they shouldn't have in the first place.

You could easily be a paw in an identity theft play like that.

No, "obtain" suggests "obtain".

There's no sense in quibbling over a vague and imprecise summary of the concept. Legally, fraud requires an injured party. In our scenario here, nobody was injured, so no fraud. Whether temporarily possessing a document to hand it to its intended recipient counts as "obtaining" is not really the pertinent question.

I suspect it may fall afoul of a law about making false statements to the government, but that's distinct from fraud.

"with the approval of the intended recipient" makes it like breaking into someone's home with their consent

Is it? An authorized agent picked up the document. Someone with matching ID picked up the document.

Where's the crime?

Shhh, snitch

I used to have a very common name (before getting married and took my wife's last name). Imagine that I have firstname.lastname@gmail and somebody was genius to take firstname.lastnam@gmail.

I felt this was so stupid, that i quickly lost any willingness to try to relay the emails to their original owner, as the other person had zero interest to change their address to be harder to mistype.

I'm Irish and have a common firstname.lastname@gmail.com At some point the head of a national hospital thought he had that address and wasn't using his official email for everything, I got several emails that should not have been for me and some were quiet sensitive, I always emailed back the sender to let them know and eventually I emailed his secretary as it kept happening. I've also received purchase order confirmations from Australia, building contracts from Canada, HR emails from a university to which I had to confirm I had deleted the mail as letting them know led to GDPR investigation

I’m in the midst of a similar situation. My firstinitial.lastname email keeps getting very sensitive legal documents from law firms handling the case of someone who does not seem to know what their actual email address is. I called the firm and told them they needed to have an in-person meeting with their client and get a correct email address from them. That seemed to help for a few months. But now I’m getting emails again from a different law firm.

And I worked IT for legal firm, if we were not sending documents over email, we would get replaced by the client.

I spent 3 months on secure document transfer portal system, got scrapped after 4 months because clients wanted their forms as Word/PDF and they wanted them without hopping through any hoops.

I believe you - convenience gets picked over security all the time

If you reread again it sounds as if the secretary was hanging out the wrong email.

Yes I know this was about wrong delivery address (person with same name, wrong account); the point is that email is not completely secure - certainly not for very sensitive (legal) content

What are you talking about? If you send emails from eg GMail to Gmail, it's fairly secure.

Gmail can be fetched via IMAP and leave Gmail's infra entirely. And I don't think Google guarantees that their implementation stays fully on their own owned infra. It's a reasonable assumption but I'd never trust that for a security guarantee.

Email is not an end-to-end secure data protocol without the use of client side encryption/decryption like PGP/GPG, but even then, sender/receiver and time are all in the envelop metadata.

Yeah, that exactly my point - no idea why I’m being downvoted on this

Probably because Law Firms arent necessarily computer security firms. Lots of people have terrible op sec. Additionally if you the recipient are on gmail it stops mattering, now Google knows your legal woes.

Exactly, I’d never use Gmail for anything sensitive. Even for just personal emails I use my own mailserver. (And again, for truly sensitive stuff I don’t use email at all)

If the sender is using GMail, then using your own mail server is less secure than using GMail as the receiver.

Sure even though, as most others, my server supports TLS, having your email not leave gmail at all may be slightly more secure. Part of the point however was that when either server or receiver is using Gmail, your possibly confidential email content is still in Google’s hands. Using a personal server reduces that part of the attack surface. Still this does not mean I vacate my overall point that email in general is suboptimal from a secop standpoint.

Why’s that even relevant if the recipient is the wrong address? Email isn’t particularly secure anywhere, and gmail has forwarding and IMAP and aliases and other services that send emails outside of gmail. But sending sensitive documents to the wrong recipient, which was the topic that started this sub-thread, is a case where it does not matter how secure your servers are.

> [...] and gmail has forwarding and IMAP and aliases and other services that send emails outside of gmail.

No matter what format you hand a recipient a document in, they can always make a photocopy and pass it on.

Sure. How’s that relevant?

That someone might use IMAP is no worse than someone using a photocopier.

Sure it is, and your own comment above about gmail to gmail being fairly secure demonstrated that. Using a photocopier is intentional, and everyone knows what a photocopier is. Most people don’t know what IMAP is, and an email sender does not know if the recipient uses IMAP.

And this is still irrelevant to sending email to the wrong recipient, so I don’t know why you’re stuck on infra security.

Even if the law firm uses a Gmail account - which most of course don’t - Google still has access to your sensitive legal email content. (And that’s apart from the meta data leaking)

There are several people with my name at the company I work for. I frequently get email meant for someone else.

Worst was at another company where a person with the same name has just left, so they gave me that email address. Turned out he was subscribed to several Confluence pages for which I now received updates. But I didn't get his Confluence account, so I couldn't unsubscribe from those updates.

Couldn't you reset the password since you have access to the email address?

Might have been using company SSO.

SSO indeed. I forgot if it was ever solved before I left.

I have a canonical gmail address for what I thought was not such a common name pair. I get so much sensitive stuff. I used to email the sender but I have given up. One of them runs a business and the businesses that interact with his business just keep emailing me. Or stop for a couple of years, change personnel and start right back up.

Same here. My Google Account is something along the lines of jose86@gmail.com (a common hispanic first name + birth year; I'm German).

It's unusable. I have received full blown mortgage applications from couples in Mexico (including paystubs, tax forms, credit ratings, phone bills, passports). Mostly, these days, it's transaction notifications for a guy in Nigeria and phone bills for people in South America.

My spouse suffers from this as well. It's bananas to me how many people use that email address clearly thinking it's theirs.

I have myname.wifename@gmail.com (we use it for bills, children activities, and other family stuff where you can't register more than one email address).

Neither of our names can be confused with a last name and yet I had multiple people writing to it incorrectly, including: as the email attached to a Diners credit card (I called Diners and they asked me what's the right one and "if I don't know the right one how do I know that it's wrong"), as the email for a school 400 km from home (another family must have had the same idea), once for some lawyer stuff (I then learnt that about 100 people in Italy do have my wife's name as a very uncommon last name), and lately as the recovery email for another Google account.

What a weird world. :)

Edit: side note, your username is also the name of my favorite fusball table maker.

YES! I have no idea if we're related, but imagine the surprise when you "first get internet at home", and my father and I decided to search our surname on Altavista, and we found foosball tables and tournaments!

Damn it I was hoping you were going to reply "that's my family!" :D

Your use case is why I bought my own domain name. My wife and I create shared aliases we can both send from. It’s made spousal ensuing with schools so much easier, etc.

I used to get email for an org that had a similar domain as me (they had an extra letter in the middle). Thankfully, not a very big org, I would just bounce addresses that got a lot of misdirected email and I think they shut down and that really solved the problem.

Still annoying, but not as bad as gmail. I just got an email, in Italian, about someone adding a passkey to their ebay account. No way to tell ebay it's not their address / it's not my account.

I've noticed a lot of sites and orgs wont accept email domains that aren't gmail, hotmail, outlook, icloud, or yahoo.

Interesting. I've used my personal domain name for email for almost 30 years and I've never had that problem.

Similar boat (~25 years) and, while I've run into some sites/services that rejected my domain, I'm pretty sure it's happened fewer than 5 times, total.

It's a tactic to prevent burner/spam accounts created using temporary emails

That is that we do as well, but she still has her own email account that I presume she'll keep as long as Gmail exists.

Recently learned, to my surprise, that other major providers have not followed Google’s lead on this, so there are plenty of places dont.scam..me@ is a valid email (social engineering or typosquatting).

I did a similar thing during lockdown Covid era. Got online and rounded up everyone with the same name as me as we all decided not to tarnish the name, to build respect on the name, and each of us to excel in our fields. It was powerful. One’s a musician/DJ in buenos aries, the other a mechanical engineer for SpaceX, me - a software leader, another is a luthier making traditional folk instruments, and one is a writer across the pond in the EU.

A few years later Tina Fey did those commercials where she pulled in other Tina Feys and we all messaged the group like “Hey! They did it too!”. I’m sure many others did it. The world is so connected now that you should reach out and learn about your “alter-egos”.

Anyways, this reminded me of that and it’s nice to see other people have similar experiences being weird with, I guess themselves.

That is so incredibly smart. I have a very common gmail address (initial + last name) and literally hundreds of people use this mail address and I would love to resolve the countless issues I can witness from getting the mails alone, but I essentially have no chance at all.

It's ridiculous that the US still runs on name matching when you could just have a public Id number (unlike the SSN that everyone needs to pretend it's secret).

We still have to pretend SSNs are private until both law and common practice change. I expect that to be “functionally never”. Maybe within our lifetimes. Maybe.

My SSN is out there several times over at this point, thanks to breaches at phone companies, insurance companies, CRAs, ISPs, and the rest. I stopped tracking breaches that included the kind of info you’d need to impersonate me, about six years ago. The list was long and it seemed to be a pointless exercise by then.

I also have a mixed credit file with all major CRAs because of more than one person with the same name I have, one of whom lived in the same area.

Even if I didn’t have freezes everywhere, over the phone KBAs stopped working years ago even with my SSN.

The most American approach would be for SSNs to become a de facto universal ID number that you have to give everywhere, while still continuing to function as an unchangeable password to all your most important things.

We’re almost there!

I have this problem badly enough I was interviewed for this article: https://www.wsj.com/lifestyle/workplace/work-colleague-same-...

You wouldn't believe some of the things that have shown up in my inbox.

I once worked at a company whose lawyer shared the same first and last name. Rarely I would get an email and then a "please don't read that, delete immediately" afterwards.

I have a similar username on a "social media" site as the founder's username. I would get hateful personal messages, requests for favors, begging for money, etc., constantly. At first I would respond to correct people, but after years and years I stopped. I just disable notifications for that site and never read my mailbox, personal messages, etc. This has been going on for about 19 years now.

I have nickname@berkeley.edu as my alumni email address and I get a lot of interesting emails directed towards more important people…

I have a common first initial and last name and that's my gmail and I get more email for other people than myself

The other end of the spectrum has its own problems too. My first and last names are both quite rare — deliberately so, thanks to my parents. That means when someone, say a potential employer, googles my name, it’s reasonable for them to assume every result they see is about me. For a while, I actually liked that. It felt like having a unique identity online. Until one day I discovered someone else had created a YouTube channel under the exact same name. Presumably they happen to share this unusual combination legitimately — but the content on that channel wasn’t exactly what I’d want showing up when someone searches for me. I tried to “correct the record” by setting up my own channel, just to add some better signals. But since YouTube isn’t my thing, my videos barely register, and Google still insists on showing the other person’s channel first.

I wonder if I'm accidentally doing that to someone.

My complete name is rare, but I share it with a journalist who's quite a bit older than me.

This is why actors and musicians use stage names.

Using a stage name doesn't protect you from someone else coming along later and sharing the same name (as your stage name).

If you are famous enough, people might even deliberately name their kids after you.

Here you can trademark the name and sue anyone who uses it…

My firstname / lastname isn’t common but if you google it you get a disbarred attorney with the same name. I’ve been asked on interviews about being disbarred; I know then that someone at the company is a sloppy “researcher”.

Dennis Ritchie (co-inventor of the C programming language) had a page on his personal web site called “My other lives” with a list of other Dennis Ritchies.

“Outside of my main professional career, I have accumulated other WWW-recorded accomplishments and have other interests. Generally I pursue these interests using separate mail addresses, SS#, and DNA.”

It's preserved here:

https://www.nokia.com/bell-labs/about/dennis-m-ritchie/other...

> It's preserved here: > https://www.nokia.com/bell-labs/about/dennis-m-ritchie/other...

Which is preserved here [1]

[1] https://web.archive.org/web/20250919063134/https://www.nokia...

This made me feel the world is huge and I know nothing about the lived lives of others.

You’re experiencing sonder.

https://www.thedictionaryofobscuresorrows.com/concept/sonder

https://www.dictionary.com/browse/sonder

No, you're an experienced tumbler.

Interesting look into what Zuck and other mega celebrities experience day to day. I'm sure Zuck and others of a certain stature have many protection layers, but surely some things slip through and it's interesting to consider those just a tier lower that can't afford all of the security, etc.

Reminds me of the Bill Murray quote: "I always want to say to people who want to be rich and famous: 'try being rich first'. See if that doesn't cover most of it."

It's something to remember when considering the reactions and attitudes of extremely high profile people. If you've ever felt bad because of a shitty comment posted by someone you don't know, you have just a fraction of what some people have to endure. Even when you know the comments are unreasonable and 'haters gonna hate' there's still some damage done.

High profile figures may appear distant, callous, or even fully radicalised by that onslaught. While you shouldn't have to blindly accept poor behaviour from people just because of their fame, I think you should still try to have compassion for their situation. If you think in terms of a bad person compared to bad behaviour we risk normalising a response to that behaviour that creates a feedback loop that exacerbates the problem.

Part of me wonders if there is nothing to be done. Perhaps the worst of people will still create enough poor feedback for someone famous enough. Will the majority being more compassionate mitigate the problem, I'd like to think so.

At times I'm mused that man is perhaps calibrated to live in tribes of 100. If you're known to ten million, however, you can get the 100,000x the correct dosage for whatever attention your actions draw.

Hard to fix, -- since even if people were considerate enough to make a tenfold reduction you'd still be overdosed by 10,000x.

I wonder if the emergence of "virtual celebrities" like VTubers has anything to do with that. Seems like the best of both worlds: You get the loyal fanbase and positive energy of a celebrity, but can also simply "log out" of that identity if it would negatively impact your "real" life.

Depends. If you are a really recognisable persona and you just log out one day, then expect a bunch of psycho-fan creeps looking for you in the real world.

Yeah, they'll probably always be a small number of creeps who try to doxx you, unfortunately. But I think it's still the difference between "a small number" and "everyone who has seen you on screen at some point".

An identity that is obviously constructed (like VTubers) at least signals to the audience that the real person behind the character would like to stay anonymous. I think the majority of fans would respect that wish.

Whereas celebrities who make their real-life identity into a brand - even if that brand is an obvious fiction as well - signal the opposite to their audience.

Yes. Outside of the sheer security, people telling rich people they're fake will just warrant a cute condescending laugh and they go on with their life, while the guy here is basically denied his identity.

With the Internet, you can now be famous, without being rich.

Many of the truly rich people are quite anonymous. The billionaires you read about are really just the tip of the iceberg.

Plus fame minus rich is probably not great. You can get a lot of unwanted attention that you can't avoid by moving or hiring guards.

Related phenomenon: So-called "Lolcows". Over here in Germany, we have the infamous case of "Drachenlord", a Youtuber that had a lot of negative interactions with his "fanbase" to the point that one could argue he was dependent on being harassed.

Also interesting how the definition of "famous" has changed due to that: We now have thousands of "micro-celebrities" who undoubtedly have a fan/celebrity relationship with their specific audience, yet are completely unknown to a wider audience. So even fame is now a relative term.

The Warhol Corollary: In the future, everybody will be famous to fifteen people.

>Many of the truly rich people are quite anonymous

Are you trying to tell me that there are people out there worth more than Elon Musk who are not throwing money at political campaigns, funding mass projects or cultural pursuits? Because, yes, its possible for someone who is worth say, half a billion or even up to maybe 10 billion dollars or so to stay out of public life, but at a certain degree of wealth that wealth becomes institutional and closely tied to political power, so it becomes functionally impossible to remain fully anonymous. What state, what government would allow a private citizen worth so much money to go untaxed, without that person somehow being tied to the government? Or are you saying that the state, which commands use of force and violence, would not use that force to extract wealth from those who are not apart, directly, of its apparatus?

Yup, but the number of "influencers," even making six digits, is small.

A couple months ago, I was at a stoplight, and this kid in an old beater was in the left-turn lane, to my left.

He had a steadycam rig in the passenger seat, and was nattering on about something.

Six figures ain't what it used to be.

I suspect a majority of folks on this forum make over six figures.

Not sure how many of us can afford bodyguards, though. Bodyguards make a lot. I know a couple.

We would need to define "famous", because just because someone has a steady cam doesn't mean they're famous :P I would think the amount of "famous" "influencers" making that much is a much higher percentage.

Outside of that Twitch leak some years ago, is there any reliable data on how much content creators make?

I used to be a full-time YouTuber, and I was very successful. For my channels, the revenue estimates on Socialblade were accurate. Reality for me tended toward their high estimate.

Fair 'nuff. Certainly not something I feel like dedicating any time to researching.

I suspect that the number of folks that need bodyguards, but can't hire them, is nonzero.

It definitely is. https://de.wikipedia.org/wiki/Drachenlord Unfortunately, there doesn't seem to be an English version of the article. Maybe auto translate will get the gist across.

Considering that you can be a youtuber from anywhere, making a few hundred grand annually would make you actually quite wealthy. It's not the same thing as working for a big tech company but being required to live in a very high cost of living area.

The website security model breaks down when people constantly try to enter your password.

The currently model assumes good behavior by most people most of the time in order for basic web services to function. Seems like an obvious vulnerability to malicious activity.

I’ve heard stories of celebrities having things like hotel room and rental car reservations canceled because people thought they were playing a prank.

This is why people like my wife exist. They solely are the “human in the loop” on reservations making sure a human on the other side knows it’s legit. It’s a fascinating field.

Like for example how Facebook search results and graph search seem to encompass an ever enlargening circle of Friends Of Friends (and if not just reset the privacy settings to public anyway)

I rue the day (in 2004/5?) I got my name as my gmail address. My first name is not rare and my surname very common. Since then I've collected an eclectic group of homonyms who I just can't get out my inbox. The list includes: the retired English nurse who races remote control yachts and never pays his telco bill, the South African gold miner whose best new spots I am privy too, the NZ sports shop chain owner with a large property portfolio linked to my identity, the English lad on probation who ignores my suggestions to improve his dire CV presentation, and the Perth member of an illegal motorcycle group who is called occasionally to ride outs for fallen members.

You must have the most English name imaginable!

This is why we should replace names with uuids.

That would make parties a bit awkward, but it would avoid collisions.

Hi,my name is 1bd0a30d-b415-4747-9650-f1f6e530cd2a, can I get you something to drink?

What a coincidence! That's my name too!!

John Jacob Jingleheimer cfeb6ddc-43a5-4ba9-8a28-b71d93407c78, that's my name too. Whenever I go out, the people always shout, cfeb6ddc-43a5-4ba9-8a28-b71d93407c78

As The Clash booms through the speakers

Lock the taskbar, lock the taskbar!

Hmm, yes, I don’t know what I want, but I’m sure we’ll hash it out together

We do have personal numbers used for identification purposees, in my country we have the OIB

https://en.wikipedia.org/wiki/Personal_identification_number...

which superseded the JMBG

https://en.wikipedia.org/wiki/Unique_Master_Citizen_Number

JMBG? One of the ex-YU countries?

Yes, Croatia moved to OIB, which is randomly generated unlike the MBG which was derived and contains personal information, like date of birth, region and gender.

Both points sound really weak I‘m afraid. From the perspective of a ruler of a country, both are much larger attack vectors for adversaries than opportunities for myself.

> Countries don’t really want unique IDs per person

Given the number is countries that already have those and those that attempt it every few years... I'd say it's not correct.

For spies, you just issue multiple identities - the origin country shouldn't have any issues with that part. It already happened for witness protection level stuff.

For voting... yeah, that's a citation needed. Politicians mostly worry about foreigners coming to vote.

That's BS, you can have spies with or without unique IDs, and there's better ways to get votes than creating fake people.

Also, a lot of countries do have IDs...

Biometrics have made it very hard for spies to have many different identities.

I propose we use UUIDv4 to interfere with any attempts to build demographic databases.

I strongly suggest UUIDv7, with our birthdate encoded as time.

Ordering the world population by birthday becomes so easy. Plus no endless discussion on wether or not we should use UUID as primary key.

People wouldn’t be fond of their name divulging exactly how old they are.

It's not a matter of being fond of, we're trying to be efficient here

I mean, it’s not hard to guess how old people are…

It’s hard for that guess to be accurate, though. Some people look ten years older or younger than they really are.

Yeah but think of the automated age discrimination during resume/CV screenings.

At the very least names should be unique strings, preferably pronouncable

In The Dispossessed by Ursula Le Guin, the anarchists have names assigned at birth by a computer, guaranteed to be unique. They are gender-neutral (I think their artificial language doesn't have the possibility for gendered names) and monomial.

(I highly recommend reading the book, it's one of my favourite novels.)

They are not guaranteed to be unique as I recall, at one point the main character gets in a fight with a guy who demanded he change his name since he was tired of getting confused.

Ursula Le Guin didn't sugarcoat anarchism, at least, though I still think the depiction of the main planet system is a lot more depressingly plausible.

Those two names, IIRC, are unique but similar. (Shevek and Shevet, or something like that.)

Correct horse battery staple

“That’s amazing! I’ve got the same combination on my luggage!”

Pronounceable by *someone* or by you? Try getting together a native Cantonese speaker, Arabic speaker, and Inuktitut speaker and find a name all three of them can pronounce without noticeable issues.

Great! Everyone can get named a combination of Papa and Pizza, which are the only 2 words I've heard consistently pronounced everywhere I've traveled.

On second thought, I think the Japanese say "piza", so we're back to a unary sequence now. I call dibs on Papa¹

Well, Papa, if you've only ever heard pizza being pronounced correctly you haven't played Mystery of the Druids.

Great point. Touché

You need to have a restricted set of allowed syllables to prevent attackers from having names with similar pronounciation to common ones.

In unique name world I would totally for a scammer telling me "Hello, my name is Marck Zuckaberg, give me all your data".

Urbit IDs https://urbit.org/overview/urbit-explained/urbit-id

I dare you to name your kids UUIDs and see what happens.

I suspect when they are old enough to change their names, they will. For example, Wavy Gravy's son changed his name back to a normal family name: https://en.wikipedia.org/wiki/Wavy_Gravy#Personal_life

"Ohhh, if it isn't 99adbad3-f3c8-4c52-99d8-be692c62b9db again! Man, what a blast last Friday at e128001f-9737-4245-b08b-73bc50db0204's party, right?"

That's impractical. Someone made a base8192 Hangul UUID conversion, only ten characters long.

This? https://alicecengal.github.io/uuid-hangul/

Telling Siri to pronounce the output there is absolutely wild, I may not speak Korean but can tell it’s outputting unpronounceable nonsense.

I tried using Google translate's voiceover, it seems fine? I don't have an iPhone so I can't compare with Siri. It is obviously a nonsensical string of ten characters, but all hangeul characters should be pronouncible.

Well obviously in your personal circles you'd still use nicknames.

99ad and e128 in this case.

First guy is "bad", second guy is "bo8b" (Bob).

I just go by Ad Bad. Yeah I know about the other guy. E7 123 and the other college friends call me Ad Bad 3 and him Ad 88

But you'd call em 99ad for short in casual conversation

I feel like the names we have now already work well for casual conversations

Absolutely... but they will be mere nicknames.

Which version? Probably UUID v7, right? So names can be easily indexed in a btree database

As someone who already has trouble with names, I endorse this. Now everyone will feel my pain

Right after we upload minds into machines.

An IPv6 would also. Then this chap could have his website hosted on it.

that is silly. Obviously it should be the hash of someone’s genetic code plus the hash of the mind state vector at last checkpoint (to account for twins and clones)

Even monozygotic twins do not have absolutely identical DNA. And even with clones I bet there are many errors in cell replication, besides the epigenetic differences.

Sorry but I am voting for the opposite solution, meaning:

    with Session( engine ) as session:
        youngest_ids_subq = (
            select( func.max( People.id ).label( "max_id" ) )
            .group_by( People.name )
            .subquery()
        )

        purge_stmt = (
            delete( People ) 
            .where( People.id.not_in( select( youngest_ids_subq.c.max_id ) ) )
        )

        session.execute( purge_stmt )
        session.commit()

    unique_idx = Index( "uq_people_name", People.name, unique=True )
    unique_idx.create(bind=engine)

So as the younger iteration, our friend Mark would now own bankrupcy offices now, on top of his shares in Meta, and be protected from impersonation forever.

Your version of the Purge would make an interesting Stephen King movie.

Even better: social security numbers

Why, we got something similar in other countries. Here in NL it is called BSN; Burger Service Number (burger means civilian).

I believe the civilian should be able to create identities based on their private key (which only the government knows) and these should have different details. Like for example, a nickname, a realname, a telephone number, and address, or multiple of these. But then, also the civilian should be able to revoke the licenses. Or, rather: they should be valid for a short amount of time.

> burger means civilian

I just realised this is probably the German etymological branch of "burgoise".

Sorry to ruin your fun but in German it's actually just Bürger (capitalized because all nouns are). Though the true etymology might be entirely different.

Bourgeoisie or Burgher in English, Bourgeois in French or in German Bürger, all from old Frankish burg, for town. English has both words, but they now have different meanings, and the term Burgher is mostly obsolete.

The divide (or perception of a divide) between city dwellers and the country is not something the US invented, these divisions predate the colonisation of America.

> burger means civilian

Nice try, so you tell me that the burger hospital I passed by is not in fact a place where they patch up burgers until they’re back on their feet?

A lot of countries have a unique ID for their citizens which is used for routine identification. On websites, at the bank, etc. nothing special about SSNs in this regard, except that they were leaked more times than you can count.

> On websites, at the bank, etc. nothing special about SSNs in this regard, except that they were leaked more times than you can count.

That's not that special either. Plenty of countries make their numbers de jure public information.

The most special thing about the SSN is that the cards say (or said) not for identification, and then they're used for exactly that.

> Plenty of countries make their numbers de jure public information.

That's the difference. A lot of people and processes in the US make the assumption that the SSN is a well kept secret despite them being publicly leaked so many times. This assumption is a weakness for any process that relies on "secret" SSNs.

> on their private key (which only the government knows)

What? Why?

How is a key private if the government (which belongs to the public) can read/edit/use it?

Because the responsibility of the proof that you are you lies, ultimately, at the proper authorities.

You could prove that through the government signing your public key...

Oh, we know what it is and we also know that it is terrible for identification.

Just hand out IDs with an actual unique id number with a check digit to _all_ citizens.

A mix of six upper and lower case gets you nearly 20 billion unique IDs, which should be enough for a while.

If we colonise the galaxy we could increase that to seven letters.

A social security number is unique. I do agree it's better to use a different unique number.