Page MenuHomePhabricator

Username Generator Tool
Closed, ResolvedPublic

Description

I've been thinking about some of the ways users can deanonymize themselves when posting on a forum.

Besides password re-use from non-anonymous accounts (which password managers deal with), writing style (Anonymouth is supposed to deal with that - openjdk support in progress), Re-using a non-anonymous username by mistake is a remaining problem.

I found a simple python username generator that has an optional GUI. It combines words from a pre-defined list:

https://github.com/korons/username-generator

License: GPL2


IMHO this is a simple tool really worth packaging for Whonix.

Details

Impact
Normal

Event Timeline

HulaHoop created this task.Aug 5 2016, 1:01 AM

I don't think this tool is ready for prime time.

	# Verbs and nouns for namegen
	verbs =
['happy','sad','tall','short','malious','ravenous','smooth','loving','mean']
	nouns = ['hacker','lumberjack','horse','unicorn','guy','girl']
	# Not Safe For Work verbs and nouns to be added in later
	verbs_nfsw = []
	nouns_nfsw = ['rapist','fuck']

Can you ask on tor-talk please which tools are advisable for this purpose?

There's a lot of them. Anything specific we are looking for that can slim it down?

https://github.com/search?utf8=%E2%9C%93&q=Username+Generator

Good choices:

*https://github.com/EzraBrooks/UsernameGenerator - This looks reasonably simple and its random generation is a good thing. So surveillors are unlikely to flag the output as coming from a Whonix specific tool. Unlicensed

*https://github.com/lordappsec/UsernameGenerator - Well featured perhaps too much. Picks from predefined real name lists. Unlicensed

*https://github.com/MGakowski/Word-Name-Generator/blob/master/Generator.py - Simple random but readable. Licensed.

*https://github.com/AlexShulz/UDG - Can generate random username, email address and password. GUI optional but in non-English language. sqlite dependency Licensed

I limited choices to python only. If you're ok with some other langs let me know.

Lack of GUI is not a deal breaker IMHO. If its a simple one-line command it should be usable. We shouldn't worry about password generation as they're out of scope and better done with specialized tools. Licensed is a big thing - means we won't have to chase people who might not be active anymore.

Is any of these tools popular?

No such tool already in Debian?


What about the list / generator by Tails?

https://git-tails.immerda.ch/tails/plain/config/chroot_local-includes/lib/live/config/2010-pidgin

Could could (would have to be) slightly modified to just output a generated user name rather than doing modifying pidgin config. Ideally, Tails would refactor out the username generator script from the pidgin modification script.

Is any of these tools popular?

No.

No such tool already in Debian?

Not exactly. The closest thing I found is meant to be a password generator but it can do good job generating pronounceable usernames.

Cons:

The word length is fixed at eight characters. That's not too bad because a user can just append some characters from the next word. People might be tempted to misuse it for passwords instead though they can do that anyway with any other solution.

https://packages.debian.org/jessie/gpw

What about the list / generator by Tails?

If its easier for packaging why not? However I don't really like being limited to a predefined list. Makes profiling of users easier - network observer would say "probably the person behind that username is an anonymous OS user because it comes from this word list"


If you don't find gpw acceptable then https://github.com/MGakowski/Word-Name-Generator/blob/master/Generator.py is the next best thing. Users can choose the word length.

pwgen is perfect for our purposes.

https://lists.torproject.org/pipermail/tor-talk/2016-August/041969.html

Packaged in Debian

Reliable enough that its used by Debian Installer to recommend stronger passwords
Can control length, capitalization, special symbols and numbers.

https://screenshots.debian.net/screenshots/000/000/598/large.png

Such strings (from the above screenshot) would be used as user names? Probably better than anything a user could manually make up. And since there is no standard on pseudonymous user names, I don't see anything that speaks against this.

Installing pwgen by default would be super simple (can be done for Whonix14). Send a pull request for anon-meta-packages? Fits in anon-workstation-packages-recommended.

Patrick closed this task as Resolved.Aug 17 2016, 9:21 PM
Patrick assigned this task to HulaHoop.

Merged.