|
|
| Author |
Message |
| 25 new of 63 responses total. |
mcnally
|
|
response 25 of 63:
| 
Jul 15 03:18 UTC 2007 |
I'd prefer to see fronttalk and backtalk modified so that the filtering
system works a little better. The problem that "spin" ("pins", etc.)
is exploiting is that even if you twit-filter their response, it's
still aggravating to go through the conference because the twit filtering
occurs after the fact -- i.e. after the conferencing software has decided
which items to show you as "newresponse" items.
If that's too much to bite off, then I suggest we try to work on an
alternative "fixseen" command that will mark as read any items where
the *only* new comments are from a person identified on your twit list.
Used in conjunction with existing twit filtering mechanisms such a
command would take most of the pain out of the "spin" vandalism,
at least for regular conference readers experienced enough to know
how to use twit filtering.
|
unicorn
|
|
response 26 of 63:
|
Jul 15 03:59 UTC 2007 |
How about if something was written into the system to detect if someone
is typing faster than is humanly possible, and reading/replying faster
than is humanly possible, and automatically logging them off the system?
|
mcnally
|
|
response 27 of 63:
|
Jul 15 04:08 UTC 2007 |
No.
For one thing, people might have good reasons for doing that
(I can think of one user (no longer active) who used to run a
script which went through agora and downloaded all newresponse
items, then read them off-line, composed responses, and logged
back in with the responses.)
For another, it doesn't really address the problem and is
simple for the vandal to circumvent. I can write an expect
script in 10 minutes to do what "spin" (etc) is doing, and
furthermore if I set a variable, expect will happily mimic
the typing speed of a real human for me. You could spend
hours or days writing such a countermeasure and it could
be circumvented in 10 minutes. And you might break other
(worthwhile) scripts in the process.
I think it's a flawed approach.
I like my approach (though I'm sure someone can come up with
a better idea) because it improves the functionality of the
conferencing system and gives users additional control over
blocking people they want to block. I would prefer some sort
of solution that left people the option of still reading
every single response in a conference, however worthless some
of those comments might be.
|
slynne
|
|
response 28 of 63:
|
Jul 15 05:23 UTC 2007 |
I am thinking about abandoning agora in favor of other conferences for
a week or so. I mean, I wonder how long they are likely to keep this
up. Alternately, I wonder if we could temporarily shut down newuser? I
suppose this person might just choose to wait us out though. It is
hard to say.
I dont like any of the above as a solution really. Like Mike, I would
prefer to see improvements in the filtering or fixseen or both. But
realistically, I dont see that happening in any sort of timely mannar.
|
cmcgee
|
|
response 29 of 63:
|
Jul 15 12:21 UTC 2007 |
ok, I'd like the board to call an emergency meeting, with two agenda
items:
1) appoint unicorn to staff
2) discuss appropriate strategies for keeping Grex from being totally
shut down by this twerp.
I'd be glad to host the meeting at my place, if necessary. Clearly
STeve doesn't have enough time to deal with this; Gelinas and cross are
out of action for the moment, and janc hasn't signed on recently enough
to recognize there is a problem.
Board needs to make a temporary decision about keeping people interested
in reading Agora.
One idea I have is from trapping stalkers with email. You leave the
email account funtional, and let everyone but the stalker know the new
address. We could leave Agora functional, but start a new summer agora
that we privately emailed people about. Then he could spam Agora all he
wanted.
It doesn't seem that he's actually reading anything, so we might be
under his radar.
|
cmcgee
|
|
response 30 of 63:
|
Jul 15 12:22 UTC 2007 |
The other thing I'd do is unlink any linked items, and relink them to
AgoraII
|
cmcgee
|
|
response 31 of 63:
|
Jul 15 13:27 UTC 2007 |
Also, we'd have to make sure Walter doesn't reset the automatic roll-over
mechanism when he opens the new cf.
|
nharmon
|
|
response 32 of 63:
|
Jul 15 13:34 UTC 2007 |
Folks, I'm willing to bet money this person is using TOR, and that every
single one of the hosts he is coming in from is a TOR exit.
http://tor.eff.org/faq-abuse.html.en
TOR was never intended to be a way for people to evade bans, etc. And as
a result, it provides a python script that will give a list of current
TOR exits. That would provide us adequate protection.
|
cmcgee
|
|
response 33 of 63:
|
Jul 15 13:40 UTC 2007 |
So all we have to do is get ONE staff member to spend a little time?
|
mary
|
|
response 34 of 63:
|
Jul 15 14:01 UTC 2007 |
There are lots of proxy servers out there. I suspect this is not as easy
as blocking a known list of IP addresses.
I like Mike's solution although the immediate response should be to close
newuser, temporarily.
|
slynne
|
|
response 35 of 63:
|
Jul 15 14:21 UTC 2007 |
re: shutting down newuser. Yeah and then we have to hope that this
user doesnt already have a bunch of accounts created. But that clearly
seems to be the thing to try. There are tons of proxy servers out
there and new ones get added all of the time.
Our staff situation is such that I am willing to take a risk with
unicorn, even though I dont know him well. He seems like a nice enough
fellow.
Another possible temporary solution would be to grant several trusted
people fw powers in agora so that they could delete any inappropriate
responses as they get entered. Would that prevent items from showing
up as new?
|
cmcgee
|
|
response 36 of 63:
|
Jul 15 15:42 UTC 2007 |
I'd prefer not to shut down newuser.
It would give this guy feedback that he had indeed gotten a strong
reaction from his harassing tactics. If we leave the current Agora open
for his attacks, and start a version II, he may never change his
tactics.
If we shut down newuser we've given him a lot of information and made
ourselves a more interesting target.
|
remmers
|
|
response 37 of 63:
|
Jul 15 16:01 UTC 2007 |
Of course, there's also the possibility that he or she is already a
well-known user under another login id, and is reading all this, and so
already has lots of information. In which case, none of the quick fixes
proposed, other than shutting down newuser, will do any good.
|
cmcgee
|
|
response 38 of 63:
|
Jul 15 16:10 UTC 2007 |
Of course that's possible John. And it's possible that it will not do
any good to attempt a quick fix. It is far more likely that a quick fix
will work, however.
|
gelinas
|
|
response 39 of 63:
|
Jul 15 16:15 UTC 2007 |
No, I think John is on the right track. Our friend has at least one loginid
that hasn't been used yet.
|
cmcgee
|
|
response 40 of 63:
|
Jul 15 16:38 UTC 2007 |
Let me get this straight. John and Joe believe we have a current user
(whom we may or may not recognize as a contributor to conferences) who
is maliciously creating new logins and flooding Agora with spam by using
TOR.
So far the user has spammed agora under pins, pnis, and spin. Joe knows
of at least one other loginid that hasn't been used yet.
The solution to this problem is to close Grex indefinitely to any new
users. This will cause the person to become bored and to discard the
tactic. At some point, we will reopen newuser, and the person will
refrain from trying this tactic again.
|
cmcgee
|
|
response 41 of 63:
|
Jul 15 16:49 UTC 2007 |
After reading the latest posting in Agora, a lightbulb went off.
During Happy Hour we had a discussion about an MNET decision to permantly
block a certain user. I raised the question about that user (who has been
on Grex in the past) refocusing their behavior to disable Grex.
I think perhaps that has happened.
|
mary
|
|
response 42 of 63:
|
Jul 15 17:11 UTC 2007 |
We don't know whether this person is a part of our community or not.
Either way, there may be established accounts ready to go even if we
close newuser. So closing newuser may not give us instant
gratification.
There are lots of anonymous ways to access Grex. Tor is only one of
'em.
Anything we do will reward this twit. Anything. This discussion is
rewarding. I really, really hope we don't try something like stealth or
closed conferences.
If we close newuser we could put up a message (on the newuser page)
saying we're having a twit problem and we don't know how long it will be
before we get it under control. Could we offer folks the opportunity to
request an account by contacting a volunteer, like the path we've
already discussed, maybe even implemented, for those wanting to expand
guest priviledges. A hassle? Sure. Doable, maybe. It would be tricker
to screen at the pre-account level. But it would be a way to allow those
who want in, in, until the bigger problem can be addressed.
It's not perfect. We've had twits before and we'll have 'em again.
Maybe establising a way to bridge such a problem by closing an automatic
newuser is something we should have available at all times.
|
mary
|
|
response 43 of 63:
|
Jul 15 17:12 UTC 2007 |
Regading #41. Doubtful. Really. For a number of reasons.
|
cmcgee
|
|
response 44 of 63:
|
Jul 15 17:54 UTC 2007 |
I like mary's suggestion of closing newuser, and setting up a "request"
system for new bbs privileges.
|
mcnally
|
|
response 45 of 63:
|
Jul 15 19:16 UTC 2007 |
I'm pretty sure there are other accounts that have been created by
this user already, so we should expect more attacks even if newuser
is shut down. E.g. check out user "nips" ("spin" backwards) created
on July 15th.
More to the point, though, I think Colleen has got it exactly wrong
(when she suggests a show of force will make the user think twice)
and Mary is exactly right when she writes "Anything we do will reward
this twit. Anything." Trolls, twits, and vandals thrive on attention
and a sense of power. Power to disrupt your enjoyment of the system
is minimally satisfying. Power to compel you to compromise the mission
of your organization and close off access to new users is on another
level.
Regrettably we may need to take some temporary steps to give time to
address the problem but I'd like to ask that we try to come up with a
plan FIRST and also a timetable. We're now 18 months from the point
where we "temporarily" turned off outgoing mail access for new users
and I don't want to see newuser die the same death by default.
|
cmcgee
|
|
response 46 of 63:
|
Jul 15 19:20 UTC 2007 |
I don't think I suggested a show of force, and I really don't think I implied
that we could get a user like this to think.
I have exactly the same fear you have about "temporarily" turning off newuser.
My suggestions are meant to try to solve the problem with some other steps
before we move to that level.
|
marcvh
|
|
response 47 of 63:
|
Jul 15 19:30 UTC 2007 |
The standard approach favored by most other discussion systems or
collaborative content systems (Wikipedia comes to mind) is to provide an
easy way to simply declare a user a "vandal", either hiding by default
or removing entirely everything that user has contributed. This only
works if it's easier for the moderator to remove the vandalism than it
was for the vandal to enter it in the first place, and if there are
enough active moderators with this power so the vadalism is taken care
of reasonably quickly.
Unfortunately the nature of our conferencing software makes this a
difficult prospect. Certainly making newuser harder to use seems
unlikely to deter a determined vandal (who likely has tons of free time)
but may deter the (rare) bona fide new user.
|
cmcgee
|
|
response 48 of 63:
|
Jul 15 19:32 UTC 2007 |
Ah, I see where you got that idea, McNally.
No, I was summarizing how I saw as remmers and gelinas suggestions. I
should have added a line that I thought that assuming that this person
would go away if we closed off newuser was wishful thinking of the most
head-in-the-sand variety.
See response 36, which is a clearer statement of my current stance.
|
cyklone
|
|
response 49 of 63:
|
Jul 16 01:16 UTC 2007 |
Regardless of how grex chooses to deal with our vandal, I'm quite certain that
that there is no connection with the disgruntled mnet user, because she has
extremely limited computer skills. She'd have to enlist help to pull off the
stunts "spin" is responsible for.
|
