The question you need to ask yourself is why you would like to impersonate a user?
list itemIs it because you want to recreate an error the user has? Just ask him if you can logon to his account and temporarily change his password to do so. You don't need any additional plugins to do this and the user knows you are accessing his account. Do you want to read his private messages? Why would you do this? Here (in Belgium) it's illegal. For two reasons :** it's considered as private information and thus you're not allowed to read it. It's simply illegal.
**Another reason is GDPR : you only can access user information if it's relevant to do so and only for the duration that it's relevant. No way you can justify reading his private messages.
In case of abuse or more serious illegal activity by the user, let's say he/she's trolling other members, you'll get this information from other concerned users and can act according to this information. It's your perogative as administrator to ban users based on their behaviour on your website.
And if the user really does illegal stuff like insinuating or distributing child pornography (I know heavy example), you're legally obliged to report this to the authorities. Not doing so makes you an accomplice, at least here in Belgium.
So in my book, there's no reason at all to impersonate a user. And if anybody reports abuse and provides the necessary proof, I'll act according to the forum's rules and if needed according to the Belgian law.
