16 comments

[ 3.0 ms ] story [ 41.7 ms ] thread
I'm confused. What is the purpose for this? Is this for sites that have exmaple.com/username so you know ahead of time what paths you most likely want to reserve?

Seems silly. You should either put users at example.com/user/{username} or you should put all non-user profiles under a reserved base like example.com/res/settings.

Twitter, for example, will place the username at the first level (twitter.com/username). Most of the other interactions occur under a small group of other addresses, such as /i/ and /settings/. However, I can still see this being a helpful resource so that you don't have to think about all possibilities from the outset.
Some of these are also usernames that a user might use to impersonate being a part of your organization: administrator, contact_us, news, et al.

That can help stop some particularly egregious social engineering attacks.

I guess if you have usernames in a shared namespace with system components this'd make sense - it's not something I'd consider a feature.

consider:

website.org/aloha

website.org/contact

website.org/u/aloha

website.org/users/aloha

users.website.org/aloha

u.website.org/aloha

aloha.website.org

with the first two examples, yes, there is a potential for collision - so you'd want something like this.

I consider the next four examples to be best - the final example I consider potentially administratively painful depending on implementation.

Having usernames as subdomains is relatively common, and it does seem like this list has that use case in mind (see the variations on www)
Don't forget the ancient classic: website.org/~aloha

Mastodon's interesting approach: website.org/@aloha

yeah, I neglected those.

I still use ~ on a couple web servers I administer, easy way for me to give people a sandbox attached to their user.

I agree. Even if you think /user/ or /res/ is too long or unsightly, you could have shorter prefixes like (in an example.com/username system) example.com/.settings or example.com/_settings, or (in an example.com/settings system) example.com/@username or example.com/~username.

That said, it might still be a good idea to blacklist these anyway, as you might end up with someone registering the username 'reset-password' (which isn't on this list yet) trying to phish your users, or 'support' trying to masquerade as your support, depending on what your app does.

Certainly doing this is introducing technical challenges easily avoided. But it’s also a win for reading, typing, and remembering URLs. Don’t confuse back-end elegance with elegance in communication with humans.
I could see a profanity list being more useful. How many people really try to register with the username "projects"?

As other people have mentioned, namespaces for user URLs solves this better.

The CSV version (with one field per line) is identical to the plain text version.
Interesting. I assumed it was just a generic parser, and the url fragments don’t contain anything that’d require any effort - but adding quoting, commas, tabs resulted in identical output too.
Or: Why you should not put things like usernames at the top level of your domain. sheesh...
Look at reddit.

    reddit.com/r/subreddit

    reddit.com/user/my_user_name   (Why not u? I don't know.)
Pretty straight forward. There are also ones like subreddit statistics and they're all... after the name.

    reddit.com/r/subreddit/about/traffic
(Note: Public viewable stats are only turned on if the mods turn it on.)

[edit] Wait. Reddit removed user access site-wide to those pages? Morons. Well, the URL point still stands.

Oddly

  reddit.com/u/foo
does work, but it just redirects to

  reddit.com/user/foo
There used to be sane times where usernames were prefixed by a tilde in profile URLs...