Stories
Slash Boxes
Comments

SoylentNews is people

Meta
posted by janrinok on Sunday July 03 2022, @03:30PM   Printer-friendly
from the lets-see-what-happens-here dept.

I realise that this has been an unpleasant time for many of our anonymous community members, but I can assure you that it has been necessary. I am not yet prepared to go into details but I can at least update you with our findings so far. But first we have to look at some historical data.

Anonymous Cowards (ACs) have always been - and will hopefully continue to be - welcome members of our community. There are many perfectly understandable reasons for wishing to post as AC and how you chose to live your own personal life is of no concern of this site. Equally, you are welcome to use VPNs and other security measures to protect your privacy. We take similar measures to protect all of your data so that you will not be compromised by us. These measures are effective and to the SN administration ACs appear as a single user with the user identity of #1.

We cannot treat some ACs differently from others. While we can manage to sort out your comments etc with the aid of the hashes that we produce, they change so frequently as to be useless for any purpose outside of this site. But the Administration is only concerned with what happens within this site and so this point is moot. We have no interest in the rest of the internet so IP addresses are also of no interest to us. How your comments get from wherever you are to us is irrelevant. The bottom line is that ACs can only be treated as a single account. That account is granted certain permissions or not granted those permissions and they apply to every AC interaction.

Most of our community, both logged in and AC, participate in the discussions in an reasonable manner and discuss the topic that has been outlined and any threads that resulting from it. It is true that, particularly at weekends, there is a slight increase in the number of ACs appearing but on their own they are little more than a minor irritant. There is, however, a 3rd group, consisting of ACs who sole purpose seems to be to derail any sensible discussion. Over recent years they have become more aggressive and often use personal attacks rather than challenging what is being said. Some are more obvious than others and I am sure that you can all think of examples of such people for yourself. A very small number have stated that it is their aim to prevent SoylentNews from continuing.

On 22 Jun of this year we received an implied threat (https://soylentnews.org/comments.pl?noupdate=1&sid=49894&page=1&cid=1254201) suggesting the the person making it had a target date of 6 July for some event or other. It is possible that this is related to another 'prophecy' in which this individual foretold that the site would soon be dead. We believe that we can identify the person making that threat with a reasonable degree of certainty. However, since that time the number of ad-hominem attacks has increased and we have also been subjected to increasing amounts of spam. In small amounts either or both of these things can be shrugged of, but when they come increasingly aggressive and frequent, they can make the entire experience of being in this community very unpleasant. I know that we have lost both staff and numerous community members because of this toxic atmosphere - and not, as some would have you believe, because we administer the site!

Almost all of this behaviour is conducted by a very small number of ACs and occasionally via sock-puppet accounts. As the levels of harassment increased over the last few weeks it was obvious to us that we could remove it by simply preventing AC access. This was not an easy decision to make but we knew that we could protect the majority of the site by this simple action. The result is, as you know, that we reluctantly removed anonymous access by ACs to the front page.

We are now actively looking for more permanent solutions and hopefully to exactly what we had before. I have experimented with providing stories on the front page which are AC friendly, and also in my journal. We are still looking for a better solution but unless we can separate individual ACs then I cannot see what else can be done. I would welcome your feedback and suggestions. The outcome of our decision is also our loss as you can see if you look at the numbers of comments that we are now getting compared to before the ban.

I have spent a lot of time analysing the posts, both current and historical, to try to identify the person or persons responsible for this unwanted content. I am not going to name specific individuals because I believe that you can each reach your own conclusions. By looking at both the spam and comment content, and their meta data, I have established the following.

The person spamming our site is one of our own Anonymous Cowards who is currently blocked because we have removed access for the AC account - and that block affects all ACs. He is also one of the people regularly carrying out ad hominem attacks against other community members. He will be reading everything that we post about this issue.

Unless the abuses cease everywhere on the site including in journals, ACs will remain outside of the main site except for specially released stories until we can devise a better system. For us to currently do anything different would be foolish and irresponsible in the extreme. As soon as the abuse ceases we can readmit all ACs to the main site again.

I know that this will be as much of a disappointment to you as it is to me, and you may also be thinking of leaving. I ask you not to go. Rather I would encourage you all to let the abusers know that they are not fighting for your freedom of speech ("freeze peach") but they are by their actions actively preventing your participation in our site. There is one particular post (https://soylentnews.org/comments.pl?noupdate=1&sid=50204&page=1&cid=1257692) which suggests that this is being done on behalf of all ACs and that you all stand as one behind this action. I don't believe that anybody has the right to claim that if you haven't actually agreed to it.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday July 04 2022, @02:46PM (7 children)

    by Anonymous Coward on Monday July 04 2022, @02:46PM (#1258034)

    Fair enough.

    I was thinking perhaps if people don't want to log in they can have the option (with a bunch of check boxes) of

    A: Having their IP address/hostmask/both stored (either temporarily for like an hour or indefinitely)
    B: Only having the hash stored

    Viewers can then filter out anonymous posters that only want their hashes stores if they choose

    Or, you can have anonymous posts that select to store only their hash screened ahead of time before being posted.

    The option to store the hostmask temporarily can give mods enough time to identify and (temporarily) restrict the IP address/hostmask into the future if it submits spam.

  • (Score: 2) by janrinok on Monday July 04 2022, @04:20PM (6 children)

    by janrinok (52) Subscriber Badge on Monday July 04 2022, @04:20PM (#1258048) Journal

    A couple of problems. The database is built around those hashes, They are used as unique identifiers all over the place. CmdrTaco could have used IP addresses, random strings, incrementing counters but he chose hashes and he has explained the reasoning behind his decision. I have published that explanation several times on this site. So if you want to take away the hashes you have to rewrite EVERYTHING. We cannot store the hashes 'temporarily' - they are woven into every bit of code and all the stored data that we have.

    You are probably aware that for almost a year now we haven't had a Perl programmer on the team. There is nobody who knows Perl well enough volunteering to support the site for free to do what is obviously a significant task. Furthermore, any suggestions that require new code (assorted checkboxes and the code to process them) just aren't possible at the moment for precisely the same reason. It is easy to say 'why didn't they do....?', the simple answer is it doesn't matter, we have to work with what we have.

    The fear that people have of hashes is rather silly. The original slashdot actually stored and used the IP addresses themselves, and nobody complained about that. The problem that CmdrTaco had is that they are not the most efficient way to store the data when you have to do processing or access a database. So he changed it to hashes which improved the response time of the code significantly, meant everything would work for both IPv4 and IPv6, and it was much easier to code in the first place. We simply forked the code at that stage.

    And in these days of VPNs and TOR, all that most hashes hold is the LAST step in the link between the user and our site. Nobody connects directly to the site from the computer in front of them. So the hash tells us nothing. We haven't got a secret way of decoding or hacking VPNs or TOR. But we don't care - we don't want to know who you are or where you are. We are trying to run a place for techy story discussionse - not a dating website!

    --
    I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
    • (Score: 0) by Anonymous Coward on Monday July 04 2022, @05:24PM (5 children)

      by Anonymous Coward on Monday July 04 2022, @05:24PM (#1258059)

      I never said to only store the hashes temporarily or not at all. Record, use, and keep those indefinitely.

      The options I was referring to was in reference to what you can possibly store/record in addition to hashes so that you can use the additional information to address/deter the specific problem cases. The additional information would only be used/looked at when relevant, otherwise, just do everything the same as before.

      • (Score: 2) by janrinok on Monday July 04 2022, @07:00PM (4 children)

        by janrinok (52) Subscriber Badge on Monday July 04 2022, @07:00PM (#1258069) Journal

        OK, I think I am understanding some of it but.....

        If somebody wants to remain anonymous so that their comments are evaluated by content rather than by username then people are already able to log in and post anonymously. If they don't trust the SN staff then why are they even joining the site? Would you use a bank if you did not trust the bank staff?

        The additional information would only be used/looked at when relevant

        What additional information will they provide? How will that information identify somebody who might be about to abuse our system or how do we relate that information to somebody who abused the site in the past?

        Or, you can have anonymous posts that select to store only their hash screened ahead of time before being posted.

        Who do you envisage will calculate the hash and what is it a hash of? If it is the AC then why should we trust his hash? If it is a hash of an IP, how will he know which IP address we are seeing? He will not know what TOR exit IP or might not even know the VPN IP he is using. If it cannot cope with TOR, then we need to have different procedures for different types of IPs that we might see. So it cannot be the AC who provides it.

        If we calculate it (again?) then that will require a software change - well the whole thing will actually - and we cannot implement that change without a programmer. We haven't had a programmer for almost a year. But what do we gain by implementing this change? We already have to calculate a hash, and every AC logging in has to go through the security procedures that a username/password can bypass. If they want to prove who they are there is a perfectly good procedure for doing that - we call it logging in. Once inside (and verified) they can post anonymously. That system is already implemented and is being used by many community members today.

        The option to store the hostmask temporarily can give mods enough time to identify and (temporarily) restrict the IP address/hostmask into the future if it submits spam.

        We already store both the IP hash and the subnet hash. But ACs do not connect to this site using the same IP/subnet every time they do so. Some people are changing their IP every few minutes. That is how they hope to avoid having the same hash twice. There are flaws in that logic which we can sometimes exploit but that is another discussion entirely.

        I haven't used slashdot in years so I have no idea what they do - but I am still not clear exactly what you are suggesting the benefits will be or how they work.

        I am tired and it has been a long weekend, so perhaps it is my problem not understanding what you are suggesting. But at the moment there are too many uncertainties for me to see how it would help resolve matters for AC posts.

        --
        I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
        • (Score: 0) by Anonymous Coward on Tuesday July 05 2022, @03:52PM (3 children)

          by Anonymous Coward on Tuesday July 05 2022, @03:52PM (#1258288)

          With the hostmask you can set temporary bans that are broad enough to block the person's ISP within a given region but narrow enough not to block the ISP within other regions and not to block other ISPs. Kinda like how IRC channels do (at least Efnet used to let channels do this, I haven't used it in a long time).

          Of course most IRC servers do screen for things like VPNs and Tor before they even let you in. Perhaps you can have a way for screening for these things and have submitted posts made from these sources prescreened before posted.

          • (Score: 2) by janrinok on Tuesday July 05 2022, @05:55PM (2 children)

            by janrinok (52) Subscriber Badge on Tuesday July 05 2022, @05:55PM (#1258319) Journal

            There is no way of proving that the AC contacting us now on a specific IP address is the same one that was 'prescreened' - whatever that term means to you. You can be "prescreened" quite easily but we call it "creating an account". And afterwards it doesn't care what IP address you have.

            It sounds to me that you want the benefits of having an account without actually creating one. Nope, it's not going to happen.

            If you want to connect to the site as an AC you have to go through the automatic security checks.

            --
            I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
            • (Score: 0) by Anonymous Coward on Tuesday July 05 2022, @06:15PM (1 child)

              by Anonymous Coward on Tuesday July 05 2022, @06:15PM (#1258325)

              I mean you prescreen the comments themselves coming from VPNs or TOR for flaimbait before you let them be posted. There are services that can determine if they are coming from tor/known VPNs.

              • (Score: 2) by janrinok on Wednesday July 06 2022, @04:31AM

                by janrinok (52) Subscriber Badge on Wednesday July 06 2022, @04:31AM (#1258454) Journal

                Any rewriting of Perl code - and to change comment processing requires a lot of changes - requires a Perl programmer that we do not have.

                As an aside, the title "Maybe do like slashdot" isn't very helpful unless you say what slashdot do. Most of us left that site in 2014 and haven't been back.

                --
                I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.