Dear developers,
Sometimes I share access to my PC with another person who also plays Go on OGS.
We expected that a simple logout-login would switch the user, but there were some strange occurrences.
One time, the name (title) of a game challenge was saved while user A (“Alice”) was logged in and then appeared as default title for user B (“Bob”), replacing the previous, never-changed “Friendly Match”. I asked a moderator to change the title after the game had started, but it turns out that this is not currently possible.
In another instance, after Alice had logged out and Bob was in the chat view, Bob wrote a line of chat into a room that Alice had never seen and never joined. Yet, the line of chat appeared in that room as though it had been written by Alice!
These could - in theory - be some real issues.
The first scenario could be abused by planting an offensive, embarrassing game name into the victim’s default value. If they are as careless as Bob, they would then open that challenge with the embarrassing title to all the OGS public under their own name
The second scenario may be even more problematic, if someone were to invest the time to find out how to reproduce it. You could basically steal the identity of the previously logged-in user and say anything in their name, like things that get them banned.
I am now reluctant to use OGS on public computers, and I can only suggest to my fellow OGSers to keep this a secret from pranksters and foes in your circle of friends and family