Hi everyone,
As you can see from my profile I have been around here off and on for some years. After a gap of about 2 years I came back today and my username was not recognised.
So I re-registered with the same details (same username, same email) and was surprised that my profile was as before, and I am still shown as the author of posts made in 2021 and earlier.
Is this a security hole?
If I had recycled my previous username, but from a different email address, would the same have happened?
If someone else had decided to use that username (maliciously or in all innocence) using a different email address, would they have inherited my profile?
The security hole is that this offers an attack surface whereby the attacker takes over an obsolete account, getting the benefit of whatever trust is carried forward from the older posts.
Agreed, all my stats are reset, so hopefully any automated trust levels are zeroed. But that still leaves the human trust (em says presumptuously) generated in the minds of anyone who remember the username, or looks in my profile at my “most replied” posts from 2020, or looks around the forum and sees my username on those older posts.
Anywhere other then on a Qubes forum I would fear being labelled as paranoid for asking this question, but in the context of Qubes I hope that paranoia is welcomed.