I found these, but I don’t think either one is extensive:
- GitHub - shouldbee/reserved-usernames: 590+ usernames in this dictionary! A list of reserved usernames to prevent url collision with resource paths. This repository hosts the list in multiple formats like JSON, CSV, SQL and plain text. You can use its just download its by wget. · GitHub
- GitHub - flurdy/bad_usernames: A list of usernames to avoid/block in any exposed web applications where people can choose their own username. · GitHub
- GitHub - 6abc/bad_usernames: A list of usernames that should not be allowed in an real world application. · GitHub
- GitHub - creativefoundrysg/disallowed-usernames: An open source database of disallowed usernames for software projects to prevent phishing and impersonation. · GitHub
- List / Set of Bad Usernames · GitHub
- A list of reserved usernames to avoid vanity URL collision with resource paths · GitHub
- https://www.ietf.org/rfc/rfc2142.html
Be advised that such blocklist-based solution will never catch all attempts at hacking. Just think of an abuser doubling the word, prefixing it with the or adding a neutral ending (e.g., 1).
Also note that the random generator might actually produce some identifier on the list by chance and then the user could be surprised.
Anyway, if we wanted to ensure no possibility for clash, chatmail might standardize on an allowlist-kind of scheme such as by always beginning or ending with some uncommon and visibly distinct character, such as a number.
Related: