Are there any popular examples you can name?
The reason there are no examples is that the feature isn’t fully implemented. Most traffic doesn’t use the itch.io app for web games, so it would prevent most users from using the feature.
clicked away that cookie warning or whatever that nagging screen was
All the “nagging screen” would need to say is “developers will be able to see and share your username” that’s really it for people to fully understand.
Here’s an idea. (in this case, a non-naggy checkbox that would need to be checked for any data to be sent.)
Probably needs some changes like an always yes/no that can be changed in account settings, and other stuff to fit itch’s design language. But it can be made it a way for the user to understand whats going on.
anyone seeing that leaderboard could just try out passwords with your account name and try to hack your account
First, I’m fairly sure itch.io has rate limiting, you can’t just spam password attempts without raising some red flags (getting your IP banned for some time, or account locked or something), but let’s say they don’t for the sake of example.
If people can just get into accounts with usernames and spamming passwords, why do people comment/post/review/do anything with their username attached?
Like, if I can hack people with just a username & some time, wouldn’t you be putting yourself at risk by replying to any posts?
Also, You can search a long list of users (mostly creators) with the search bar at the top of itch.io? If usernames were really that sensitive, why do you see them everywhere?
But also, it could pass in a display name or unique identifier to web games, instead of a username, avoiding this username/hacking point entirely.