# Imposter @fredwilson, or how to fix arweave-id name collisions
It was great to see [@fredwilson](https://feedweave.co/user/D1kJn5N17FNsnvl7S7kT2vm_66FKWo6yiaWMv0hsoDc) trying out FEEDweave earlier this week!
Fred's [Twitter proof](https://twitter.com/fredwilson/status/1235929324106080256) inspired a bunch of his followers to also sign up for FEEDweave, including a clever user that tried test the limits of [arweave-id](https://explorer.arweave.co/app/arweave-id), the identity system used by FEEDweave under the hood, by trying to take Fred's name.
Imposter alert! Looks like we have two of **@fredwilson**!
This is bad! Name collisions shouldn't be possible in an identity system.
## What happened?
The imposter, who's wallet address is [smxYk4xwr2USynuT90oqvtUkrzPHiBmA1U5Z3QwCU1s](https://feedweave.co/user/smxYk4xwr2USynuT90oqvtUkrzPHiBmA1U5Z3QwCU1s), signed up for FEEDweave and claimed the username **@fredwilson**, even though it was already registered.
Although there are some UI checks in place to prevent claiming duplicate names in the UI, fake Fred were clever enough to bypass them, probably by submitting a transaction directly to the blockchain.
[arweave-id](https://github.com/shenwilly/arweaveID%20arweave-id) is an identity system used by many apps on Arweave, including FEEDweave. This is what powers its human-readable names.
An ID registration via **arweave-id** is just a generic Arweave transaction with `App-Name: arweave-id` and the username string as its data. Here is the [transaction](https://explorer.arweave.co/transaction/GLuXZgdHKkQddJA70Pn_YXlkMxhS-UBKAmo-RD_sGTc) where the real Fred Wilson first claimed his name.
Here is the imposter [transaction](https://explorer.arweave.co/transaction/ToE7rLkfLc-JP4wcRVhsHfrnSnbGjvmnt1ggh4ZgRH8) from user **smxYk4…**
Nothing prevented **smxYk4...** from submitting a valid transaction with `App-Name: arweave-id` and the name `fredwilson`.
Here lies our bug! The UI was looking up arweave-id transactions by wallet address and displaying them without checking whether that name was already claimed by someone else.
Since Arweave is optimized for data storage and has only a basic VM, there is no way to validate application-specific logic, such as username uniqueness, at the consensus layer.
## How to fix it
While there is no support for data validation, Arweave does create strong guarantees for transaction ordering through its consensus mechanism, just like any other blockchain
This means we can sort transactions by block height, from oldest to newest, and enforce the following rule at the application layer:
* **A name belongs to the user who first claimed it**
* **Subsequent claims for the same name are ignored**
Since the real Fred Wilson, [D1kJn5N17FNsnvl7S7kT2vm_66FKWo6yiaWMv0hsoDc](https://feedweave.co/user/D1kJn5N17FNsnvl7S7kT2vm_66FKWo6yiaWMv0hsoDc), was first to claim the username **@fredwilson**, the UI should only display it next to his account and no one elses.
A new [update](https://github.com/feedweave/arweave-gateway/commit/ec4a51656d5811e04f2021f66e8aa95233bda574) to the gateway has implemented this functionality and stripped the imposter of his fake moniker. 👊
## Future improvements
While sorting registrations from earliest to newest solves username collisions, "first to claim" identity systems aren't ideal because they can incentivize name squatting.
To prevent this, other identity systems, like [ENS](https://ens.domains/), use a more complex auction mechanism for registering names to deter squatters and encourage a fair distribution of names.
FEEDweave could potentially integrate with something like ENS in the future, but that would introduce additional complexity of using another blockchain system.
FEEDweave today also supports linking your Twitter account with your Arweave wallet. Instead of relying on arweave-id, FEEDweave could proxy to Twitter names for its human-friendly names. While this is arguably the simplest solution, it introduces a centralization vector with reliance on Twitter.
What do you think is the ideal identity system for FEEDweave?