This thread is permanently archived
antispam idea
| if you lose your ID it's your fucking fault.
identity of posters can be verified through email in a manner of your choosing in a way that lets them stay semi-anonymous.
do not add explicit tutorials on how to post on this website. it should remain a word-to-mouth initiative. perhaps add a teeny leetlie email address in a corner somewhere. persons that are motivated enough to post will email on their own accord.
email spam can be fought using email tools. you can ban IPs that abuse.
| *cries in variable IP*
| ideas and criticism very welcome.
we should all agree to keep dangeru.us a place where you can stay anonymous and where it is super easy to post. it would have stayed that if retards didn't spam like that.
my proposition will turn dangeru.us into a semi-exclusive club. there will be no need for captcha, instead users will remember a few words or so that never change, so they never need to decypher anything. instead you just put... "coffee dakkar 121" in the captcha field every time
| >>572152
you're right. then instead of looking at a posts's IP address you would look at the unique ID password it used and band it directly in the database of accepted users.
think about it. no captcha buggery, easily controllable spam, and you only need to remember a few words every time to post without worry.
it's almost like an account if the captcha was a password.
|
i'm sure nobody here wants to log in to post. you just want to open a thread, write a comment and punch a few things into captchan. this is my idea for that.
| the captcha will be in your head and will never change. the only problems may be that you forget it, on user's end, and that you need to set up a database on the server's end.
but i have the will and imagination that this will fix everything.
oh also the user may use a VPN, but even that is fine. you don't need to look at IP address to identify the poster, only the ID.
and to confirm the identity, that's easy, just ask to write a 100-word poem or some shit.
| this will also fix the problem of the IDs that we have now (d51941) being based on IP and changing all the time. you simply need to set up an (optional) pseudo-ID that is based off the actual password ID.
people that don't want to be tracked can simply turn it off.
| summoning the colors. what do you think?
| No login, no password, no email
We already had a discussion like this before
| I understand your suggestion op, and I kinda dig it. But I honestly don't think prefetcher will bother distributing passwords one-by-one like that. And nor did I expect them to. It sounds tedious. And it would effectively kill newcomers to the board.
| >>572191
does 'newcomers' include spam?
also if the password distribution is tedious, it can also be automated and not subjected to review. we just need to find a way so that spammers don't just fill a form and get to spam all over again.
| >>572197
but you have captcha... i agree there should be no login, and if you don't want an email we can try to work that out. but doesn't it sound attractive? it would be like a secret captcha that you only have to create once and then you can stop trying to decypher the one we currently have, to just put in the same stuff in each time without thinking.
i'm sure we could make this work.
do you want a password or do you want a spammer?
| >>572212
why don't you write the code yourself and push it to the github? danger/u/ is open source.
| >>572212 I want to stay somewhat anonymous
I use this board to vent and say things that'd get me fired(we have strong anti-hate policies where I work)
I don't want any attachment between my real life self and my dangeru personae
| Problems:
1. If this is linked to IP, how is this any different from an IP ban?
2. How will you deal with people with changing IPs?
3. How will you even link IPs with emails if nobody has their own email server?
4. How is the spam-prevention of this better, exactly? With this, we would always have to see and delete the spam before we can ban the ID. Captchan just protects us and we never see it.
I liked the part about making it harder for new users, though.
| 5. No more threads about our adorable little captchan!?
| >>572216
1&2&3. it does not need to be linked with IP. posts will be 'imprinted' with secret IDs based on what password was used. if that secret ID is discovered to be spamming, the password can just be invalidated.
4. captchan fucked up lately & wasn't really up to the task. plus everyone's been complaining. passchan would be super easy and possibly way more efficient. a mechanism can be put into place that purges all threads created by a specific secret ID when it is banned.
| Why don't we all sign our posts gpg keys already
| >>572216 >>572217 >>572221
5. captchan will evolve and become passchan!
also the threads can also not just be purged (because some people want to find old threads) but just immediately sent to an archive and hidden from plain view, possibly.
my design would indeed make it a little bit hard for low-internet-skillz newbies, but it may just end spam and captchan annoyance altogether .
| >>572222
somewhat nice-ish idea, but doesn't go well with danger/u/'s userbase. relatively hard to set up and you don't always have it on you. also you could lose it. but i'm sure you're only half-serious
| >>572221 The amount of spam we got would still go up if you don't have to fill it out manually. Reol spammer made the site go down for 3 days just by posting too many things.
If it doesn't have to be linked to IP, why don't we just create new accounts every time we get banned?
>pabst rose dumb
| >>572227
that's the whole thing. the weakness in the plan.
we need to make sure that there is a verification process that stays semi-anonymous and discourages all spammers from taking it. but it's the same thing with captchan: to spam, all you have to do is fill out many captchas.
but the difference with my system is that when an ID is banned for spamming, all the threads and posts are thrown the fuck out. so the spammer would be set back a lot just by the press of a button.
| Clearly, the only way to combat the spammer is require the legal name, dob, social security number/passport number/citizen number, last three home addresses, a land line phone number, last five cell phone numbers, a passport photo, IP address, hardware MAC address, DNA, and a 24/7 uninterruptible live stream attached to a body cam of the user.
That way, it will be *almost* impossible to troll danger/u/, or, any website really, unless you pay money to get your posts ignored.
| >>572226 Actually pgp might be ok with danger/u/s userbase considering the people who post on /tech/. We could integrate it into the app pretty easily as well, I expect.
>>572224 Excluding newbies might be good considering the people we've had in lately.
| >>572229
imagine: a spammer undergoes a lengthy ID-obtaining process.
his ID in hand, he goes to spam. as soon as spam is detected, all his threads/posts are archived or deleted and he cannot post anymore.
the last problem would be that he can set up a spamming bot as soon as he gets an ID to just flood everything. that's why we need an automated spam-detecting system that dishes out immediate bans to highly suspicious users.
actually why don't we have that yet
| >>572229 But the IP ban system (probably) already does that! Colormod said something about spam management tools being included.
| >>572231
no
>>572234
why isn't it a thing now? it would be immensely practical.
>>572232
make a poll.
| >>572236
we'll need to be more precise than that.
if there already is spam detection, then the plan can go ahead. we'll now need a spammer-proof ID obtaining process.
| >>572232
Next to no one uses PGP encryption for everyday life unless they're required to for work, work for the government, or are part of an actual terrorist organization- so absolutely no one except the most pointlessly paranoid users are going to use it to browse a niche website under the illusion that they're safe, while they play video games through Steam and mic chat with friends on Discord.
Look, there's no solution to any form of security issue without accepting some compromises. All we know is there are fewer people who are going to want to make yet another account on yet another (totally not shady) website than those who would just fill in a captcha and fail one in five or six posts.
| I also note that no one here responded to the suggestion of coding any of these garbage ideas and submitting them to the github.
| >>572240 it's not about safety, it's about identification. I haven't given a fuck about security for a long time.
| >>572235
Imagine, deciding instead to spam the registration system so as to completely block up the email server that the admins would theoretically use to send these hand-written passwords to each new user. Now, since the email system is completely backlogged, and since it would be far easier to find a needle in a haystack than sifting through literally thousands of garbage email registration requests for "legitimate" users, anyone who accidentally loses their account information is effectively permabanned from the website, forever.
| I still think that having a user system will lose half the users to some chan board and the other half to reddit
| >>572244
also gonna add that it doesn't need to be on email and that modern emails have anti-spam solutions. we just have to set those problems right and i'm sure that there's a way to do that
| come on lasses, i've been the only one trying to come up with something so far
| There's a perfect system,
> Get spam
> Ban IP and delete posts
> doxx spammer and make their life a living hell by signing them up for spam
Or plan B
> ask for our FBI agents to help lp us
| >>572247
good
>>572244 >>572245 >>572248 >>572249
i'm going to add that low-skilled spammer can just fill out the captchan to spam, but they don't know shit about setting up an email-spamming bot. the only thing needed is email antispam measures. if it's a lengthy registration process, they may just be discouraged and won't want to do the whole crap all over again as soon as they get banned.
| >>572258
how reliable is email anti-spam? can email addresses be banned? i'm sure they can. i'm sure some (temporary, easy to set up) email domains can be banned too.
| at least email spam would not be visible on danger/u/ and users that already have passes would be able to keep posting without much problems.
spam would only affect newcomer registrations, and we don't have that many newbies here, or do we?
newbies present yourselves
i've been here since 2017 or so
| >>572261 nononono you get it wrong, email spam would affect the admins and mods also probably clog the system mailer or whatever queues new user requests
It could either make it all more costly or make an opening for a full site takedown
| pref here,
i'm gonna make it short and to the point.
no, we won't collect any personal data other than the IP addresses which are logged only for banning purposes.
i'm not gonna request anything beyond that
| >>572299 a mailer system is not free and adding a mailer will require a separate "worker" process and it will either be on a separate server (more hosting costs) or on the same(two processes draining resources from the server, if the worker overloads the server then the site goes down)
It's a nightmare if you're short on budget
>>572328 and the great one has spoken! Thanks pref!
| i guess i can fucking close my thread then
This thread is permanently archived
| carefully distribute unique codes per user's request over email. they act as passwords. instead of filling in the captcha you put your password in every time without account.
track posts with this unique ID/password. when spam is noticed, identify the ID and REMOVE IT from the list of accepted users.
keep going until IDs are not requested anymore because no new users. track IP addresses on this website. compare IPs with IPs in the email metadata and act accordingly.
don't forget