you are viewing a single comment's thread.

view the rest of the comments →

[–]magnora7[S] 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 2 fun -  (2 children)

Thanks for the reminder, I pinned it.

Basically the we can see account creation dates and times, account login/logout times, voting patterns of who voted on who and how often, and a few other things. I don't want to get too specific, because if I detail the exact methods then people might figure out ways to skirt those methods, but suffice to say given the data available to us already through the database there shouldn't be much guesswork involved at all, especially to catch the most egregious abusers.

[–]wizzwizz4 2 insightful - 3 fun2 insightful - 2 fun3 insightful - 3 fun -  (1 child)

Ah, ok. Just the obvious for now, then.

Let's hope the spammers don't figure out how to use Private Browsing, because that'll invalidate the cookie authentication init string and reduce flummox detection; quite an effective way of bypassing the kernel sockpuppet identifier.

What'd be even worse is if they used two laptops at once; then you couldn't even use the IPv10 MAC address detection to identify their shared machine, because they'd be using different computers. But I suppose that wouldn't have much of an advantage as regards the paumed protection.

Of course, a manual check would make it clear what they were doing immediately, so I suppose it wouldn't be too much of a problem.


Edit: It'd be especially problematic if they used a homoglyph attack to make all of their usernames look similar; then even a manual check wouldn't succeed because you wouldn't be able to see that separate users were involved in the first place!

[–]magnora7[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Ha interesting possibilities, I've never heard of a homoglyph attack before, that's very interesting.

I doubt we'll be dealing with anything that sophisticated right now, but maybe someday. I'll keep it on my radar.