you are viewing a single comment's thread.

view the rest of the comments →

[–]zyxzevn 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 3 fun -  (19 children)

Thanks for this insight. And already people were fearing that some admins were hijacking reddit.

Connecting via phone-numbers can be hijacked via click-farms. But can block some activists.

Reddit uses DRM to identify browsers, which could be helpful to ID the user at registration.
You can also run a system-analysis (network-test, speed-test, mem-test, screen-size, browser-version) to see if registrations are very similar.

As a fun note, I thought of more controversial questions at the registration:
"Who really started WW1?" "What department was destroyed at the Pentagon at 9/11?"
"How fast flies a swallow?"
"What makes frog change their sex?"
"How bad is sugar for your health?"
"What makes facebook addictive?"
"What states reported voting fraud, and how much?"
"Who pays fact-checkers?"
"Why does laughing gas make a person fall asleep?"
It would be fun to have an extreme long list of questions.
And researching some of the answers would make people realize that there is more going on.
Why not use the questions to help convince attackers to stop?

[–]magnora7[S] 6 insightful - 3 fun6 insightful - 2 fun7 insightful - 3 fun -  (18 children)

You can also run a system-analysis (network-test, speed-test, mem-test, screen-size, browser-version) to see if registrations are very similar

Yes I have done this. They spoof their IP, spoof their browser and even spoof the version number of the browser. It's constantly changing for all of them with every comment and post it's a new browser, new IP, new everything, basically randomized. They've really got it down to a science. Although perhaps the randomness itself is a giveaway...

Thanks for your questions, good ideas. We just need something that is easy to do once, but very hard to do 100 times. Another option would be to have them pay $1 in some cryptocurrency to register an account. This would mean they'd have to pay me to attack the site, which upsets their whole method that is based on being able to register unlimited accounts. But it would obviously deter some real users too. But that might be a cost worth paying.

Why not use the questions to help convince attackers to stop?

Lol you might as well try telling wet paint not to dry. Not worth the effort, trust me. Plus if one does wake up and quit, they just replace that person, so this doesn't actually mitigate the attack.

[–]zyxzevn 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 3 fun -  (17 children)

it's a new browser, new IP, new everything, basically randomized. They've really got it down to a science. Although perhaps the randomness itself is a giveaway...

Sounds like very organized. Maybe even military.
Certainly a well worked out procedure.
Maybe they also have 1000s of facebook /google accounts.

Speed of a calculation also randomized? (javascript/wasm) Might be harder. Also some data may be cached if they did not clear it (like site icon).

[–]magnora7[S] 9 insightful - 5 fun9 insightful - 4 fun10 insightful - 5 fun -  (16 children)

Yeah I agree it's very organized. It's known JIDF has done this sort of thing for a while, could be them. I've had run-ins with them before. They stole one of my subreddits long ago fraudulently through the redditrequest system and literally put up a JIDF flag on the sidebar after they stole it. That was like 6 years ago. Then when I started calling those people out, the reddit admins immediately banned my account for something I did 3 months prior...

This is the subreddit (which was intended to be a backup/alternate sub for /r/undelete):

They also have a wiki article:

So this has been a problem for a while. Usually it was just an edge case thing though, or trolls playing around, but now it's a serious problem that affects almost all sizable forums. Our current attacks could be JIDF, could be Chinese, could be US, could be Russian, could be all 4, could be something else. Who knows. I would say JIDF and China both probably do not like some of the things posted on saidit, so they would have motive. But I really have no idea. Could just be a crazy guy in his basement who works for hire off craigslist paid by some random person that just doesn't like saidit for some reason. But it seems pretty well coordinated, especially if you include the DDOS attacks (which are STILL ongoing, like every 3rd day for literally years) so I'd guess it's at least a 3-4 person organization.

Also the DDOS attacks still occur even though they're obviously not successful, which indicates to me someone just has an automated DDOS attack botnet on a rotating schedule.

Speed of a calculation also randomized?

Cool idea but each page is always completely custom so there's no baseline metric to judge against because the filesize is always different

Also some data may be cached if they did not clear it (like site icon).

Perhaps, I'm not sure how to detect this in a way that would be useful though

[–]zyxzevn 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 3 fun -  (14 children)

It sounds like JI DF to me.

With calculation I mean something like a complicated physics calculation.
In both JS and WASM.
You can also render something to the screen with JS to test the speed of their graphics.
You can combine the speed-check with a word-check (captcha). You render a noisy image of a moving&rotating word, while spheres and other objects move in the image. Easy for humans. Very hard even for AI trained for exactly this.

[–]JasonCarswell 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (4 children)

Perhaps a new idea: Make our own captcha with a 3x3 or 5x5 grid or whatever. Those 9 or 25 squares each have an image with one optical illusion or visual puzzle that has to be selected by a human.

[–]zyxzevn 3 insightful - 3 fun3 insightful - 2 fun4 insightful - 3 fun -  (3 children)

Click the pictures related to news items that are censored in mainstream news..

Like: Student uprising China. Tower7. Fake chemical attack in Syria. Fake passports that survived 911. Palestine children being shot.
Collateral Murder, Damaging Hillary e-mail, crime statistics, rape statistics, Actual covid death statistics, Vaccine victim, etc.

[–]JasonCarswell 3 insightful - 4 fun3 insightful - 3 fun4 insightful - 4 fun -  (2 children)

I like your train of thought!
However, it has to be easy enough and not too esoteric to avoid alienating newbies and sheeple, unless we want to make a conspirophile club.

Riffing with a joke based on your premise:
Show a bunch of famous politicians, "Click on the faces of war criminals:"
Correct answer: all of them.

[–]zyxzevn 3 insightful - 3 fun3 insightful - 2 fun4 insightful - 3 fun -  (1 child)

Order the list on how many people they got killed..

My idea might stop some foreign interference and from some agencies. But we would need to test it.
The Chinese student uprising will stop some chinese manipulators. They are not allowed to discuss some topics.
The Palestine/Israeli apartheid system problems may work a bit, but I think that exposing the warcrimes&corruption will do better. I assume that they care about their own country.
Same with US/UK agencies. Want to improve your country/agency? Why not expose some problems and corruption? Like the $90T debt that the pentagon has created according to the financial expert (Skidmore). Or the weapons and money that were given to terrorists in Iraq/Syria to prolong a devastating war.

[–]JasonCarswell 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

The way you're thinking is interesting. The objectives are educationally exposing power, counter-ops, and security - and were aligning towards a good balance. I hadn't considered the counter-ops.

How much of the SaidIt enemies do you think are just normal "citizens"? Like good ol' 'Mericans who would defend their country no matter what others said - except in this case they just visitors from Israel, China, Russia, even America and Canada - and they don't want to see their nation exposed.

How much of the SaidIt enemies do you think are organized and/or covert ops? Similarly from various origins serving power that doesn't want to be exposed.

How much do you think we could deter either civilians or operatives with a little counter agitprop?

How much of a difference is this signup puzzle to the typical stuff on SaidIt? Focused perhaps, but ultimately not much, IMO.

I like this brainstorming fun and don't want to deflate it, but these are my honest questions, and ultimately: Are we overthinking the signup puzzle?

To your ideas:

Because someone is from China (and thus censored and ignorant) or ignorant of China, IMO, they shouldn't be denied. I like the idea of making them do a little research homework to join (if they don't already know the answers), but wonder if that's too much.

I can't speak for all of them, but if you're a grunt who's hired to kill brown people in foreign lands you don't really care much how the government gets the money to pay your military salary to feed your family. I wouldn't expect it's too different by suggesting these cyber war assets think they're James Bond serving the Queen by hacking and crapping on our news aggregator. In short, it's just a job to them. I would hope that we make their lives hard and stressful and stir up inner conflict and like Facebook employees, they get PTSD, burnt out, and converted to believing conspiracy theories. I just don't think we can do all that during sign up.

Bonus: It hadn't occurred to me before, but obviously, even if these ideas aren't good for SaidIt, these security system concepts can be pondered, theorized, mulled over, and developed for the /s/PhoenixForum (for lack of a better name). The more solid that Next-Gen Forum idea gets, the more likely we are to previs it, and more likely folks are to actually build it.

[–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (8 children)

fancy shit. does anyone have these moving captchas in use today?

[–]zyxzevn 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 2 fun -  (0 children)

I saw it a few times. Most sites use google (google-captcha) instead.

[–]magnora7[S] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (6 children)

That's a cool idea. I could probably cook something up maybe, like 2 grids and the letters, each rotating independently, all the same color on top of each other, with some animated wavy effects distorting all that.

I found this code available, view the demo, we could modify this maybe:

That was the only one I could find, everything else was research papers

[–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (5 children)

Nice, I bet that would work much better than what we have in place now to stop bots and scripts and non-humans.

[–]magnora7[S] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (4 children)

Yeah I agree, I'm down to swap out our captcha with this animated one if that's an easily doable thing

[–][deleted] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (3 children)

Hhahaa nothing is easy around here. You'd also have to figure out a secure way to get the captcha secret into the js widget in the first place, without a scripted browser being able to read it. I didn't dig into how the demo does it. With a plan image, all the user ever has access to is the image itself.

[–]JasonCarswell 2 insightful - 3 fun2 insightful - 2 fun3 insightful - 3 fun -  (0 children)

I'm surprised to hear you thinking tribaly like that. Sure Zionist are at the top, but really it's about speaking truth to all power, regardless of national origin or their minions.