Bit of a thought experiment here as to how to handle these duplicate accounts.

(tl;dr two federated accounts with different IDs report the same webfinger handle, what do?)

Let's say @ruario@social.vivaldi.net posts an English article under his account (and then is federated), and posts a translated Japanese one that is also federated, but under the Japanese ID.

What should NodeBB do when encountering the latter? Currently, it will try to assert the actor, fail the webfinger backreference check, and probably drop the post. Not so good.

One could adjust the actor to the former (canonical ID), but that's not technically right either.

That also opens up potential account impersonation possibilities, so that is something that would need addressing as well.

@pfefferle@mastodon.social just wanted to poke you about this issue again.

The latest updates to NodeBB now do a webfinger backcheck to ensure that the actor has a valid webfinger entry for their purported handle. If it does not, then the user is not properly created. Mastodon also does this. This check is probably for security as well as for preventing handle collisions.

The multilingual plugin in conjunction with the ActivityPub plugin creates users that share the same handle, and that causes issues with federated content.

For example, this article by @jonvt@vivaldi.com will load up just fine in Mastodon, but this japanese article by @akira@vivaldi.com will not, because that second article's attributedTo is https://vivaldi.com/ja/?author=176, which fails that check (the author's ID is actually https://vivaldi.com?author=176 as per the handle backcheck)

cc @AltCode