you are viewing a single comment's thread.

view the rest of the comments →

[–]magnora7 5 insightful - 3 fun5 insightful - 2 fun6 insightful - 3 fun -  (10 children)

I agree this is a problem, and why a forum that has no votes but still uses the reddit format may be a new thing to try on the next forum.

The fake upvoting problem is an issue, and the real deal is these people have infinite IP addresses and can spoof their browser credentials. I've made scripts that detect activity like logging in and out to too many accounts too quickly, but even these rules can only block a certain IP. And if they have a completely different IP address every single time they make a page request, then there is literally no way to block them.

We at least have it fixed so when a user is banned from saidit, their votes go away as well, which helps remove the effects of vote manipulation. But the reality is, they just keep creating accounts with unique credentials each time, and so I have no way to differentiate those accounts from the accounts of regular users other than the behavior of the account... I have done some work developing algorithms good at detecting accounts that vote too quickly all together on a the same post or comment, and then autobanning all those accounts. But the result is they just make 10 more new accounts every time. This has been going on for years and I'm honestly not sure how to better engage it than we already are. I am open to suggestions, but also the amount of programming work necessary to get marginal improvements on this issue is rather steep.

We also built the block buttons, so posts by known troublemakers can be blocked by the users. We've really given the issue a fair shot many times over, but the real problem is that the vote system will exist to gamed in the first place. Another idea I had is to make a forum that limits the number of IP addresses a user can have, using the fact that the browser credentials and IP are randomized every time as a giveaway to shill activity. The problem is many VPNs mimic this behavior as well so it's again tough to differentiate between shills and normal users. Which is of course what they are trying to do, to pretend to be normal users while hijacking the information stream.

I think the real answer is a no-vote forum, where the threads are sorted by who left the last comment, old school style. But even this can be hijacked with enough volume. I really hate to say it but the text-based forum is in trouble because I have been thinking seriously for 5 years about this issue and I don't have a better solution than what we currently have. So many forums have failed because of it. Any better solution requires a team of people working 24/7 to monitor each post and comment individually as it arises, which is a ridiculous amount of work that requires a ridiculous amount of money. We have 10 volunteer content admins which helps but it only goes so far.

Anyway, if people have ideas, I'm listening.

[–]Vulptex 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (9 children)

This is the one type of case where shadowbans might be a good course of action. But iirc you might have to tweak a few things to get their votes to not count, I think that was broken in reddit's final open source version.

The only other thing I can think of is removing voting rules altogether, then the most determined party wins.

[–]magnora7 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (8 children)

Shadowbans only slow down their process slightly, because of reddit they know all they have to do is logout or look with a private browser mode to see if they're banned or not. It's 10s of hours of programming for me, to result in a few minutes of annoyance for them. Not worth it, unfortunately. Furthermore I have a moral issue with shadowbanning in general, I think it's a form of gaslighting for the real people who get caught up in it.

The only other thing I can think of is removing voting rules altogether, then the most determined party wins.

Yeah that's kind of where I'm at with it too. The thing is, they're always the most determined party, because they're being paid to do so. They will always have the most time and energy to devote to manipulating the forum. This somehow has to be taken in to account when designing a new forum. There needs to be a way to disempower the busybodies and empower the people who post infrequently. Which is the opposite of how it works now. But at the core, if they can create infinite anonymous user accounts, then we have no real defense. So I think something like limiting the number of IP addresses per user might be the way to go.

Or another user suggested that maybe new users could be restricted to a certain sub, and then get community approval before they can post to the rest of the site. But the downside with this, is that the moment this approval system gets hijacked by some shills, they'll approve a thousand more shill accounts, then the whole system is shot again.

Another idea is to make people pay $5 to register an account, with no refunds if they get banned. This would make shilling extremely expensive. But it would also certainly deter real users, and it would be awful for anonymous truth telling because it ties back to a cash account, which is kind of against the whole point of this site.

It's a real pickle.

[–]Vulptex 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (7 children)

I've dealt with this on reddit before, you'd be surprised how many of them don't check for shadowbans. Just make 100% sure they're not real users before you do it, and remember, mods can still approve their posts if it was a mistake.

You shouldn't need to program it yourself, the functionality comes with reddit. If you set a user's _spam flag, they will be shadowbanned. I think you'll have to fix the votes, but that's it unless saidit's changes broke something else too. Alternatively you could make one that only shadowbans votes.

There's also is_suspended but you already have a replacement for that, and _banned which I would never use if possible, that's the one that logs the user out of their account and blocks their password. For shadowbans there's also a flag that keeps their profile page visible.

A script could auto-ban accounts from a certain IP, but it sounds like that's not going to work here, and it's not really the greatest thing to go by anyway. A cookie might work for some cases, but probably not this one.

In the case of real users I think an automated message explaining their ban would be a good idea, I got it working without much trouble.

[–]magnora7 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (6 children)

Actually I don't think we inherited any of that functionality unfortunately. They stripped out all the admin controls from the open source. D3rr had to make a new ban system from scratch basically when we first started. Unless you're talking about some mod-level functionality I'm unaware of, I don't think we have it.

I would be down with an automated message to the person banned. But on the other hand maybe it's good sometimes if they don't know they're banned, similar to shadowbanning. Saidit currently doesn't explicitly say "you're banned", I believe it just returns errors when the banned user tries to post or comment something. Which I think is a reasonable system.

[–]Vulptex 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (2 children)

Oh shit! There was no need to make a whole new ban system. They only stripped out the frontend. The functionality is still there, you just have to make a button to enable it (or don't, it may be a good idea for only you to be able to perform shadowbans). I know these things because I've tested it out myself. If you look through the source code you can see the _spam and is_suspended attributes, and they do work. u/d3rr I feel bad for you now.

Make a test account and use the console to set its _spam attribute, then post stuff with it and play around with mod tools (spoiler: most of them don't work), then try is_suspended and maybe _banned.

I have tested the global ban on saidit and it does not send a message, but it does remove the post and comment buttons like a subreddit ban. I think it would be helpful for real users to know why they were banned.

[–]magnora7 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

I'm sure d3rr just built a new frontend if that's all that was necessary. I didn't work on this portion of it so I don't know the details, only d3rr does, but he deleted his saidit account so tagging him is especially pointless.

If you can figure out how to code the sending of an automated message upon banning that might be good, but I still think that maybe the extra of delay of shills and bots having to figure out they are banned might be worth it, especially if you were previously suggesting shadowbanning...

[–]Vulptex 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

It's a completely different backend. u/d3rr was apparently unaware that the backend for admin tools was included, so he rolled his own quick one. But if you need someone shadowbanned, use the console to set their _spam flag. Since they're separate functions a message would not be sent for shadowbans, but would for normal bans (or suspensions, if you want to switch to that). Iirc you have to program the system account to send a PM automatically when a ban or suspension is fired.

I do think suspensions might work as a replacement for users who became unbannable after the 500 error happened when attempting to global ban them, which seems to be getting more common.

If I have time I can make some changes myself and test them, assuming the github is up to date. I could add a frontend for shadowbans and suspensions. I'm guessing the reddit admins have a completely separate program from reddit that they use to take these actions.

[–]Vulptex 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

Actually it's in_timeout, not is_suspended. That might be ruqqus.

Anyway you can see the in_timeout property here: https://github.com/libertysoft3/saidit/blob/master/r2/r2/models/account.py

The _spam attribute comes from a superclass and is the same as what's used for sub bans, and I think posts and comments and messages too.

[–]Vulptex 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

[–]Vulptex 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

u/d3rr I saw this line:

# TODO: refactor to self._spam
if self.is_global_banned:

Accounts already have a _spam property, it's inherited, I think from thing, along with _deleted. Enabling it causes the user to be shadowbanned.

The code for "chucking" an account (password lockout) with the _banned property starts on line 556.

In listingcontroller.py, at line 952, you can see where the profile pages are blocked for _spam, _deleted, and in_timeout. Here's the shadowban one:

# hide spammers profile pages
if vuser._spam and not vuser.banned_profile_visible:
    if (not c.user_is_loggedin or
            not (c.user._id == vuser._id or
                 c.user_is_admin or
                 c.user_is_sponsor and where == "promoted")):
        return self.abort404()