|
Grex > Coop > #284: Grex Town Hall -- How do we move forward? - Fall, 2010 |  |
|
| Author |
Message |
| 25 new of 334 responses total. |
kentn
|
|
response 142 of 334:
| 
Nov 24 23:29 UTC 2010 |
We're in luck: the Board added PayPal verification as an acceptable form
of identification a few years back (see item 23 in coop). So, what we
are talking about then is an automated way of verification. You can
already be verified via PayPal, though it is a manual process of the
treasurer checking the PayPal account to see who has paid via a verified
PayPal account. If we do implement this, we'd need to make sure that
there are good records kept so that the treasurer and the verifiers are
in the "loop". The verification policy doesn't say anything about the
amount of money, so there may be micro-payments for verification only,
and payments for memberships to tell apart and handle.
|
richard
|
|
response 143 of 334:
|
Nov 24 23:29 UTC 2010 |
This response has been erased.
|
richard
|
|
response 144 of 334:
|
Nov 24 23:30 UTC 2010 |
Can't you just do automatic verification. Say you have to provide a
valid email address, a link is then automatically sent there that you
have to click on to validate. Then the system notes that email and ip
and in the future automatically rejects any other newuser request that
ever comes from those details. No humans or human judgement is
involved. You have a valid email, you get in.
|
kentn
|
|
response 145 of 334:
|
Nov 24 23:41 UTC 2010 |
E-mail isn't in the current list of acceptable forms of ID for
verification. PayPal has pre-validated accounts, where you link a
credit card or bank account to the PayPal account and they make sure
it's real. So, that gives use more confidence that the person with the
PayPal account is real and gives us a better audit trail if there are
issues.
To allow e-mail verification of the type you suggest would require more
Board actions and potentially a member vote (although it appears that
PayPal verification was added only via a Board vote). We certainly can
discuss this at an upcoming meeting.
I would be concerned that someone using a fake name could create a
free e-mail account and get verified, cause problems, and we'd have no
recourse to identify them if the govt. came calling.
|
cross
|
|
response 146 of 334:
|
Nov 24 23:46 UTC 2010 |
resp:144 What's the point? Kent understood exactly what I was getting at
in resp:142. There's no humans involved there, either (other than the
person getting an account).
|
cross
|
|
response 147 of 334:
|
Nov 24 23:49 UTC 2010 |
As a matter of fact, we talked about doing this at a board meeting in, I
think, 2008. It just hasn't been done yet.
|
richard
|
|
response 148 of 334:
|
Nov 25 00:07 UTC 2010 |
I'd think email verification is preferable to paypal. Grex is a non-
profit site and need not be in the business of encouraging or requiring
prospective new users to use a corporate site, PayPal, that has no
ownership stake here. Why solicit hits for PayPal unless Paypal is
paying Grex to do that?
Grex staff also doesn't need to get into storing personal information
about users. Email verification obviously isn't foolproof as kent
points out, but if it is done with Grex blocking future new user
requests from both that email address *and* the ip address it came
from, it at least makes it more difficult.
|
cross
|
|
response 149 of 334:
|
Nov 25 00:11 UTC 2010 |
We already know that the likes of Chad will give fake email addresses; they
did it to get around the *current* validation scheme. Richard, are you
willing to clean up after another attack from Chad or someone like him?
My suspicion is that your real objection to the validation scheme is that I
put it into place.
|
cross
|
|
response 150 of 334:
|
Nov 25 00:13 UTC 2010 |
Oh, yes, and it's really not about paypal per se. Any service that did
something similar, but could track a user down to a human being, would do just
as well.
Grex already stores personal information about users. It has since its
inception.
Trying to block on email address and IP address is a) useless when one
considers something like tor and how trivial it is to create a throw-away
email account, and b) more invasive for legitimate users who want multiple
accounts than what we're currently doing.
|
richard
|
|
response 151 of 334:
|
Nov 25 00:19 UTC 2010 |
No I object to the validation scheme based on what it is, not that you
came up with it. And re #150 I think limiting users to one login is
okay, who needs multiple logins here these days anyway?
The overriding point is that grex does not and should not be in any way
encouraging or promoting use of outside commercial services. Doing so
would just outsiders question grex's mission and whether grex is being
paid off by these commercial services to encourage its users to sign up
there in order to validate here.
|
richard
|
|
response 152 of 334:
|
Nov 25 00:30 UTC 2010 |
In fact I believe that Grex encouraging validating via a micro-payment
through PayPal is essentially promoting use of a for-profit service and
could be a violation of the rules for a 501(3)(c). This sort of thing
could threaten Grex's tax status.
|
mary
|
|
response 153 of 334:
|
Nov 25 00:49 UTC 2010 |
Oh, God, Richard. You better get right on the phone to The Red Cross,
Kiva and a host of other charitable non-profits and let them know about
this right away.
|
cross
|
|
response 154 of 334:
|
Nov 25 03:36 UTC 2010 |
resp:151 What if a user *wants* multiple logins? Why should we restrict
that? Have you *really* thought this through?
|
rcurl
|
|
response 155 of 334:
|
Nov 25 05:24 UTC 2010 |
Don't all online bbses, forums, etc "argue endlessly about [one or more
of] conservative vs liberal, republican vs democrat, atheism vs
religion, pro-choice vs pro-life, gun control, oil, wars, and all the
usual stuff"?
|
nharmon
|
|
response 156 of 334:
|
Nov 25 13:42 UTC 2010 |
I can not think of a single other forum I participate in that allows
political or religious arguments. So no, not all. But I'm sure many do.
|
cross
|
|
response 157 of 334:
|
Nov 25 13:44 UTC 2010 |
resp:155 That's my point. Grex is no longer unique; it's now a small fish
in a very, very big pond.
|
keesan
|
|
response 158 of 334:
|
Nov 25 15:10 UTC 2010 |
Last I looked at the Puppy Linux chat area two people were discussing
marijuana. Some linux forums have a 'general' area where people talk
about anything they like. SDF has a general forum.
|
kentn
|
|
response 159 of 334:
|
Nov 25 15:36 UTC 2010 |
If we can get the PayPal verification system working, would we also
credit their micropayment after we've assured ourselves the account
is okay? Any payment could be considered a donation and stated as
such several times during the verification process, if we cannot do a
credit. What is the smallest payment you can make via PayPal?
|
kentn
|
|
response 160 of 334:
|
Nov 25 17:04 UTC 2010 |
I see where PayPal offers micropayments and that might actually save
some fees as the rates are lower than if you send a small payment via
regular PayPal (the example I saw was that usually a $1 payment would
incur a 33c fee, but with micropayments the fee would be lower, 10c).
The problem with this is it requires a new PayPal account and is geared
more for merchants selling digital downloads. Plus, somebody in the
transaction (Grex or the user) loses those fees if you give money back
(and the credit transaction might incur a fee as well) unless PayPal
refunds the fees.
|
cross
|
|
response 161 of 334:
|
Nov 25 18:17 UTC 2010 |
Eh, I'd say ask them to donate either two or six dollars. Then you really
could make them members; if they let the membership lapse, that'd be their
decision.
|
kentn
|
|
response 162 of 334:
|
Nov 25 18:29 UTC 2010 |
Okay, then we should make it clear that using PayPal as a verification
method means making a donation for membership. That's one way to get
members :) I have a feeling that verification is a side benefit of
PayPal anyway, since you usually get there for the purpose of paying for
a membership.
|
nharmon
|
|
response 163 of 334:
|
Nov 26 13:46 UTC 2010 |
You know what, perhaps we should reconsider the whole paid membership.
Maybe being a verified person is all we should require to be a member.
If we did that, I think people would still donate to the organization.
In fact, some might feel more inclined to donate after receiving "free"
services (principle of reciprocity and all that).
|
cross
|
|
response 164 of 334:
|
Nov 26 15:40 UTC 2010 |
Hmm. That's interesting. I kind of like that....
|
veek
|
|
response 165 of 334:
|
Nov 26 18:05 UTC 2010 |
I was wondering, if someone wants to create a conference - what is the
procedure to do so? (I'm not planning such a thing, but if we have
newusers from the 'reverse engineering' community, they will need a
conference - in fact they may need multiple conferences.) Would that be
okay??
|
cross
|
|
response 166 of 334:
|
Nov 26 18:07 UTC 2010 |
Yeah, that's fine. I think they just request it from the conference admin.
|