The nerdy joke is that there are only 2 hard problems in computer science:
Naming things
Cache invalidation
Off by one errors
I've recently had...
For further actions, you may consider blocking this person and/or reporting abuse
Cis men are the group generally least affected in our society right now, and this is one of those problems which would likely be handled much more smoothly if they weren't so overpowered in computer decision making.
Amen, this is why diversity is so important. There's nothing evil about being Cis and white but your experiences are not the experiences of everyone else. We may be the majority in tech but are certainly not in the world!
I'd say there are other groups less "affected" than that one. In the "Privilege Olympics" there are many contenders.
The question here is about identity vs identification, and of the interests and independence of users vs service providers. Perhaps there are even implications for surveillance & mass control. But I think it's a stretch to characterize this primarily as a question of discrimination and diversity.
Not saying there is no truth in you comment, but I think there's a biased generalisation here, making it a matter of privilege.
I believe it is more a matter of either education and experience.
Developers (or decisions makers) of any category can't know every case, as they aren't machines; they'll do mistakes and oversimplifications. They'll almost always miss at least one use case; we shouldn't blame them for that.
I believe it's a limit of the industry as a whole, more than a social issue.
Designing in a more inclusive way is something that, I think, is more related to the responsibilities of a Domain Expert or a UX Designer; but the industry doesn't value those roles enough, or not yet.
In 10/20 years we might still have the same level of patriarchy, privilege and inequality, but I'm pretty sure it will be a lot more common to make inclusivity considerations while designing (either at UX, at domain or at technical level).
It's a matter of yet immature industry (a really young one, regardless of who make decisions), and of shared common knowledge and practices gained through time and experiences.
I would hope for improvement in team building and education, so that everybody is given the tools to be aware of issues that need to be addressed. So that everybody can share more wisdom to future IT workers and contribute to a better base of common practices to consider and remember.
To conclude I'll exemplify my point:
Personally I often complain of website assuming the user nationality or language, based on biased factors: my IP address won't reveal what language do I speak or what's my nationality, nor will my OS language, nor will half of my full name.
I don't make it a matter of privilege, but rather ignorance (that is: lack of exposure).
This has multiple significant impacts - for one, there's those who go through a name change because of life changes like those mentioned in the article, but also people change names because of purely personal reasons (for instance, deed poll), marriage, adoption, or others that I haven't thought of. This impacts more than 50% of the population at some point in time! Not to mention couples where both change their names (double-barrelled surnames) or where family names adapt as you grow and 'gain' names as some cultures do it. So - no matter why, this should be something we are better at, I completely agree... and it's a huge problem (My wife is still changing her name and going through hassle, nearly 6 years on from us both getting married).
On a related note I once read about a legal name which could not be entered in most computer systems. The man was a refuge from China (?) whose last name was the single letter "O." This was, almost always, flagged as an invalid last name because because it was too short. He legally changed it to "Oh" and was quoted as feeling that he was betraying his ancestors.
Last year in college I had a colleague that had only a first name. I didn't enquiry further as to why, but anyway, I figure it must be a pain.
It is common in some parts of the world. My country has > 1000 ethnic groups, and many of us don't recognize the concept of surname the way Westerners do. Nowadays most of us who don't have surname either have multiple given names (I'm in this category), or new parents just add Western-style surname to their babies' names. I'm in my 30s, personally acquainted (ie. work colleague, former classmates, etc) with ~5 people who has one name.
Miss Penelope, this is an eye opening piece.
I appreciate that you mentioned using not using an email as a primary key. This was a new idea to me and I will make sure to avoid this.
I can empathize with you. A couple weeks back, I was at a small donut shop where I ordered and paid with a card. I heard them call the person before me, by name, and quickly realized they were about to use the name from my card. I havenβt been back, but their donuts were so good!
As for changing names, I can imagine it being rather common for people leaving domestic violence to change names.
Name from the card? Geez. In my corner of the world, they usually at least have the decency to ask you your name, if that's how they call customers for order pickup.
That's normal everywhere I've ever been. I've always been asked for my name or assigned a number that was printed on the receipt.
The name being pulled from my card as a new thing to me.
I donβt see the issue with using the name on your card?
Let's start with the issues pointed out by OP, and add to that the fact that many people don't like being called out by name by a stranger in public.
That's so stupid... I'd get it if it was your full name, but your first name? Come on. Seems pretty arrogant.
@ExpDev did you even read the article?!
The name on card is usually the entity's legal name (because business cards don't even have a human's name on it, but the company name).
It's perfectly reasonable to want the opportunity to use a name that makes more sense (such as one the person would more immediately respond to, or one that's easier for the person saying it to pronounce).
@ExpDev if people try to use my first name, they will almost always pronounce something that has no resemblance at all to how it should sound. So I always go by James, the english equivalent. And my name's not even that difficult...
The "name on the card" problem is likely less in the UK and Europe where everything's contactless or we tend to use out phoens to pay. The phone screen could just be our wallpaper, it doesn't need to show the payment app or anything.
For me, I live in the USA and we just arenβt that advanced.
I'd say we should send you some sort of foreign aid but unfortunately we're completely screwed over here at the moment.
Someone I used to work with had issues when she changed her name. She transitioned while at the company and they were very supportive. Email address and phone-book details all changed without issue ... for a while. It seemed that once a year, some automated process would notice the discrepancy between her old name and her current name and change many things back. Awkward for me, infuriating for her.
Which is weird that it would change everything to the old name, instead of syncing to the new name...
"Changing" name? It would be good to start at zero and get interfaces to accept people's real names from the beginning. There are lots of sites which still only take [A-Za-z] and even block spaces and hyphens.
In 2020.
I recently posted this example (silmaril.ie/screenshots/river-isla... - warning NSFW). The devs will get the blame, rightly or wrongly, for what is likely an organisational failure to update antique DBMSs, OSs, and server environments to handle modern character encodings.
Wouldn't it be nice if the 20s was the decade we got Naming right? Do we need to shout and scream in more public places?
My wife and I just had our third child and turns out you can't even use an accent on a letter for a birth certificate in the US. Like literally the legal associated with her SSN is spelled differently than it will ever be spelled in 'real life'.
Many national governments have various problems dealing with peoples' names. It's quite common.
This is nice: github.com/patch/i18n-testing/blob...
You think that's bad, what about password policies that only allow you to enter 8-12 characters, a-z, 0-9, and maybe an underscore if you're lucky. And that's for a BANK!
That's exactly the problem. They're using 50βyear-old software and the cascade of changes that would be needed if they fixed the source database field spec would probably require more COBOL programmers than exist. Don't forget that these are orgs who have a licence from IBM to recompile the mainframe OS as well as the language compilers, because the lawyers say they need traceability from boot code up (read: plausible deniability)
Why did you mark it NSFW???
Use of the f word :)
Thatβs not NSFW haha.
Depends on where you work, I'm sure.
PayPal also doesn't let you change your country of residence. I have moved internationally three times in my life, twice since getting my primary email address. Since I don't want to create a new email address just for PayPal, I have just stopped using the service entirely.
Outlook let's you create alias for the same your account. you can have a@live.com, b@live.com, c@.live and login with same password and get everything in one place.
The unnecessary use of legal name is huge. Stakeholders too often say "We have to use the legal name for compliance" when the compliance matter is not real, we later find out.
We've now flipped the default: process owners must provide a demonstrated business case for use of the legal name, absent that, they're getting the best name we have, which yes, will sometimes be the legal name, but not always.
Directly or indirectly our work ends up being used by people. Knowing the impact of each of our decisions is extremely important and enriching, not only helps us to create better designs from the very beginning, but also shows us how cultural or social biases lead us, unintentionally, to make design decisions that negatively affects people and that technically, do not have any valid support. Our work increasingly permeates our society, the world where we live, and our responsibility to prevent the perpetuation of exclusive models is growing. To think big is to get out of those thousand lines of code that we have to write and look at the world around us, to be better people and better professionals.
Thanks @penelope_zone to make us a little less ignorant today and a little better engineers
I took on a combined surname, which consists of original one - (dash) wife's one.
renaming is so difficult and often involves writing support or even sending letters with a photo copy of my new ID. It was a big hustle...
I confess I had never thought of the now-obvious ramifications of this issue for
trans people, but given the disproportionate number of women who use the apps I have developed I have at least since ~2004 tried to make it relatively simple to change one's name. The apps I developed in my first professional programming job were almost exclusively used by women for the first two years, and more than one of them had a name change during that period, so fungible names was a basic requirement. It's taken a lot of forms over the years, but now I have a fairly simple schema now that uses an array of hashes containing personal info, for which the last index is always the current and authenticatable version. But still...I see I can make it better by adding pronouns and honorifics into that hash, and absolutely forbid the re-use of old identities.
Thanks!
I love this post! When I'm a little over 3 years from when I took my wife's last name, and I still live in a world where I'm frequently filling out paperwork to prove I'm still "me." And it's only a minor inconvenience as a cis man. My password manager has been a godsend nevertheless.
Thank you for sharing your experience!
Hey Penelope! It was a pleasure meeting you in Nashville, and I'm stoked to see you posting on our platform!
You've given me a lot to think about in this post! This isn't an issue that affects my day-to-day life, thank you so much for reminding me of it. π
Flexible names should be a minimum UX expectation at this point tbh.
Completely agree on all accounts. For every application and website I've written, authored, and maintained since I was a teenager (I'm 33 now) I've always
The only time I've ever had to ask for a legal name or other identifiable information, was when I wrote an online ordering system and it was required for shipping and billing information. And I've always made sure that data stayed forever changeable.
I fully believe in storing as little information about a user as possible in my databases, sticking strictly to what is needed to make the app do it's thing, and nothing more. I don't even want your passwords if I can help it.
It straight up baffles me when I see anything else. Like MAXIMUM password length for example. Give me a break. But then.. yeah.. my wife has gone through a name change too, she got married to me and took my last name, and getting her online identities matched up to that has been a weird hell and a half.
I can't see why anybody might want a maximum password length, unless they DON'T store the hashed password, that doesn't bode well (even if was encrypted it would be terrible).
Bcrypt is limited to 72 characters. It's the only reasonable limitation, as you would not want password managers to assume the users password was longer than required to authenticate. (especially if you migrated upwards in hash. )
Totally true, anything longer and BCrypt will truncate. I like Argon2's input limit of 4.29b characters much better hehe
That said, 72 characters isn't the worst length limit, but when you're asked by your bank for a max limit of 14 or something similarly pathetic like that
Hi Penelope, nice post! I think dealing with names is something that is highly underestimated, check this link for a long list of assumptions programmers often make about names and which are all false.
kalzumeus.com/2010/06/17/falsehood...
In the beginning of your post you mention:
I think I don't fully understand it, if you change your name, then I guess you DO want to receive mail that is sent to your old name, right? People that didn't get the news of your new name might want to reach out for you. Having the old email address still around will surely help. If you really want to close the gate behind you with a new name, for whatever reason, then you could set up an automated response that notifies the sender of your new email address.
Escaping from domestic violence is one use case mentioned above. There are surely other examples.
The point is to try not to make assumptions about what people want or need. Sure you can set a sensible default, but give users the flexibility change it.
I agree re-use is problematic by default, but banning it outright blocks a few scenarios where it could be useful.
Undoing squatting: someone already used WellKnownName or TradeMark and did little useful with it. Not allowing reuse ever makes squatting a more damaging attack :-(
You could make an exception for forced takeovers β by court order e.g. for trademarks, or by convincing the company controlling the namespace. All forms of forced takeover can be controversial though (cf.
kiknpm story)...What about amicable resolutions, where both parties agree to transfer the name? Do they have to go through customer support?
What about paying off the squatter? Does allowing reuse enable squatting for ransom, and would blocking it prevent it?
What about a person who held a cool name for their own use, and someone really wants to pay a lot for it?
Role accounts: Alice has a "safety@example.com" role, moves on and is handing that account over to Bob. She also gives him control of 3 bot accounts.
Many services ToS expect 1:1 account:human correspondence but that rarely matches all ways humans want to use them...
(Of course users do circumvent such things by just giving Bob the passwords to her actual account. But that's bad, and with federated logins increasingly risky.)
Technical takeaway: don't bake the assumption re-use is never possible into the system.
Whenever you have handles that are not a number/hash but people actually care about, you'll have policy decisions to make sooner or later.
Generally, this is an interesting area where technology tends to restrict imformal flexibilities humans had... "I'm sorry Dave, I can't let you do that" kind of thing.
I like the route Discord and Blizzard have taken with regard to usernames - you can pick whatever you want, and the user entered part changeable and isn't unique, and then they tack on a four (or so) digit numeric identifier to the name that makes it unique (I suspect under the hood, that identifier is related to the actual primary key in some way).
The UI largely allows users to use the user created name, and anywhere the full identifier is used, they make it as seamless as possible and avoid requiring the user to know it.
I agree. I didn't like this system when I first saw it, but it's really growing on me
Another extension of the legal name issue is misguided security policy. I've had support reps hang up on me and lock my account because the gender they assumed from my voice on the phone "couldn't possibly" be the account owner, based only on the first name on the account. This was after I verified my address, ssn, and phone (both the number and that I owned it by them sending a code via text). How does this policy work for gender neutral names, let alone trans people.. So absurd.
Awesome post! That's a problem space that I've been dedicating a lot of thought these days.
I've one of those long Iberian Peninsula names. Since it often overflows standard name form fields my US documents have 4 or 5 different compressed versions; I'm considering changing it to a shortened name plus surname format (like the one I use here) just to avoid noise.
One remedial solution for the "username re-use" case would be a shadow-lock for the old username, allowing only the original user to switch back to it if desired.
What's astounding is that the names don't even have to be foreign to overflow some of these systems.
"Christopher" is an exceedingly common name in the US, and yet it routinely gets truncated, usually to "Christophe" by systems, even when using the legal name may be warranted!
Exactly - while I do understand the pre-2000s rationale for smaller field sizes, this is one of the 'compromises' that boggles my mind.
Composite family names ('Tessier-Ashpool') suffer a similar fate, operators picking one part at random.
First off, this is a fantastic post, Penelope! Thank you for sharing.
My wife is Katelyn Carroll and I am Michael Tharrington. No name changes for either of us, yet! But we are seriously considering combining our last names to be Carrington. π Emphasis on the caring β€οΈ as that's a good name to try and live up to.
Google allows name-changes? Really? I've had to create a new gmail account (a year ago or so) because the old user-name was a reference to a hobby I no longer identified with. Sure, mail from the old email address gets forwarded (because I set it up like that), but I do have to manage 3 google accounts these days. Because you know: business email too... In my case not a big deal - I no longer identify with the old account, but it wasn't as big a deal as changing gender is, I'm sure.
Still - if it's possible as you say - the process is certainly not easily discoverable or found in google (the search engine).
I'm in a similar situation. Everywhere I read it says to create a new account and forward the email. But in this day and age email isn't the only thing tied to your google account...
PayPal primarily doesn't allow handle changes to help combat fraud. Imagine creating one PayPal account and letting a bot with a name list a million handles long just cruise around. Not allowing reuse in that world would quickly destroy all sensible usernames.
Combating fraud is the primary reason most popular services make name changes difficult. Allowing aliases connected to a single point origin account like Google is the compromise.
The policy may have changed, but Google used to restrict name changes to once per year. I think that is a pretty reasonable strategy for dealing with this sort of thing.
I agree, and in the rare case where you need to change it more than that I think having to contact them manually to get it done isn't at all unreasonable.
Choose wisely.
Usernames and account names/profile names/etc. are not the same thing. Changing one's profile name should be as easy as changing a password or address. That hardly seems like an issue to me.
Usernames are certainly linked to public activity, reputation and various other important things and to allow them to be changed creates more problems than it solves. The only solution I can see is a "formerly known as" listing in the user's public details. That way you get to have a current name while not denying others the option of seeing what your previous incarnations have done on the site, for better or worse.
Your singular approach and comment in this thread absolutely helps elucidate and frame both the nature of the question and the follow-on dogpile thoughtleading as a classic "forest for the trees" view on an issue which has more depth and breadth than the FWP tone taken throughout the thread.
Inevitably when time comes for the hard work to begin, if the conversation has not matured beyond what is expounded here, the most likely solution to be used will be a brownfield, slash-and-burn approach. In practice this ends up with the PIC knee capping everyone down to their level.
Another really annoying thing is places which refuse to update honorifics; several places now refer to me as Mr. (new, post-transition name) and seemingly have no way of updating it. Once a mister, always a mister, I guess.
Wow, great article. I am happy to have changed my name when I was so young I didn't have time to have a big footprint on the Internet, only using IRC and one Hotmail account that I don't use anymore. I have that habit to use an email address as the login primary key, and I don't give the possibility to change it. I will now take a deep dive into this situation and change it in future projects since I don't have much power on the ones I did before.
In Estonia we have personal codes and therefore don't really have problems with name changes, but by default our personal codes infer sex and birth date, which would be very problematic in your case. Basically you would have to 'write support' on every other site to get old accounts back. I think neighboring Latvia went with random personal codes now, so essentially they have something closest to your 'stable uid'.
Those kinds of arbitrary limitations to what changes you can do to your personal information on sites can be completely ridiculous, and they seem to be based on some theoretical static idea of what a user is (probably closer to a CS textbook example than a real human being).
Many sites that easily let you change your name doesn't let you change user names, if you happened to use your full name as your username then there's not much to do besides creating a new account. If you have a lot of data you want to keep and you can't migrate any of your data it's even worse.
Even if you're not changing your real-life name there are many valid reasons for why you might want to change your user name, I don't think I'm the only one who wouldn't want to use the user names I chose when I was 15.
There are many other examples of personal information you should be able to change, but so many sites restrict it. People change, people make mistakes. There are many times where I've realized I've made a typo when finally submitting some information regardless of how careful I was. There's no reason for this, other than laziness and lack of understanding of the user.
@penelope_zone Interesting topic which clearly helps devs like me who like to get their users at home. The OAuth part is quite interesting as well because I have to admit, I did make the mistake :(, but I now try to get the unique ID (when returned by the authenticator).
Just a question. In Belgium, the national security number is made on the date of birth reversed: YYMMDD-XXX.YY. With the year using 2 digits, you can easily understand the issues we are beginning to face. More and more people begin to have numbers conflicts (currently avoided by running the random generator a bit longer and checking each time, but that another topic to discuss).
The random number being generated at the end is ending with an odd digit for people identified as men. Do you have a similar (stupid?) logic in US as well? Does changing the official gender change the national security number as well? This cause a lot of harm as well for services used to authenticate against the national number. I know US isn't great wrt social security, so pardon my ignorance here.
Nice article! Thanks for a new point of view. I didn't know you could change your email with Google.
I also wanted to point out that name squatting is against policy for GitHub, not sure about Twitter. So you might have to have some traffic on your old account if you want to keep it.
Sounds like a case of bad primary key selection to me. The old username problem is serious though. There should be a deactivation window even if it's to let the original user reclaim the used username... so long as the primary key is the same.
You said:
I can confirm that is true for GSuite but everywhere I look everyone says you can't change your email address for individual accounts.
Am I looking in the wrong places or were you only talking about GSuite?
I personally think username reusability is necessary, disallowing it may cause issues with trolls and attackers that can register and then update usernames multiple times, making impossible for others to use.
The systems that limit the frequency of username changes and/or have a name lockout period before release seem to do okay with balancing the need to release them back for genuine use and preventing malicious use.
First of all, Congrats for changing your name.
I think github usernames problem has a simple solution, when a user changes the username we take all its code and move it under de new account. But that's another problem, anyone pointing to this repo will immediately start failing. Didn't that happend with npm and react?
Might be worth noting that this should all be covered by GDPR, at least as far as the legal names are concerned.
Part of the GDPR says they have to make sure their data is up-to-date, and only the minimum required. If a name changes, it's no longer up-to-date and they're at fault if they don't change it in their database, including scrubbing any reference to previous names.
Another part is the right to have all your info from any other party scrubbed.
I know the GDPR doesn't apply to parts of the world like the US, but there are repercussions for breaking it over here.
excellent post. I want to narrate a real case that I had right here in dev.to.
last year i deleted my old profile on Github and created another one using the same username.
the case is that before that, i had registered here on dev.to and my new profile was blocked due to having a different uuid from the previous profile.
talking to @ben by email I managed to reactivate my account, but there is another bug involving the change of usernames that often goes unnoticed.
Consider this a rather silly question from someone who does not know much, but is it so much of an issue to change your legal name and then go to all the companies using it and changing it there? If you'd first change your legal name you would then have an official document proving that change. It should be possible for these companies to change the name in that case.
Again, I don't want this to sound ignorant, but I think it may solve some of the problems you described.
And of course, the changes in those systems you described are important and need to happen - but I'm not sure this is something which will happen fast, and in the meantime...
Enjoyed the post, thank you! These primary key ID details are so bedrock. On the Twitter platform, we are all just unique numbers ;)
Great read! Thank you for sharing.
"Please for the love of all that is holy don't use a user provided string as a primary database key" π π π
The problem with that is that then one user would be using two (or 10) usernames. And usernames are valuable. People don't want to have MyN4m31zJohn as paypal handle
Unfortunately the ability to change a name in the application is dependent upon convincing product owners that there is value in that data model.
Interesting article!
How would you go about implementing the old username redirecting to the new username bit when it comes to database structure?
Good topic and very well written. Thanks Penelope for sharing.
What a lovely read for today.
Thanks!