Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Suggested Modstorm Countermeasure

By Nater in Meta
Tue Nov 13, 2001 at 10:30:01 AM EST
Tags: Kuro5hin.org (all tags)
Kuro5hin.org

This is a straightforward proposal to a straightforward problem, so I'm going to keep this short. Somebody's got a grudge against a few K5 users and under the current system, whoever it is is able to abuse the ratings to carry out the grudge.


There have been several diaries in the last day or two and several around halloween that expose some abuse of the K5 comment rating system. Several users have lost and regained and probably lost again their trusted status.

The attack is simple, the begrudger simply creates a army of accounts and uses them for the sole purpose of rating down the grudgee's comments. In addition, recent attacks appear to be automated.

My proposed solution is also simple. It is a two-part strategy. First, don't allow a user to rate comments until the user has posted comments. This countermeasure would destroy the potency of the attack in its current form and is no great obstacle to legitimate users. Second (and I don't know enough about scoop to know whether this is already true or not), require a minimum mojo (1?) to rate comments.

The countermeasure works in the same way that most everything works on K5: via the community. The current attack works because there is no means for the community to counterbalance an account created in bad faith if that account has not posted any comments. The requirement that an account post comments provides the means for feedback. The minimum mojo provides the effectiveness of the feedback.

Are there any objections?

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Scoop
o Also by Nater


Display: Sort:
Suggested Modstorm Countermeasure | 70 comments (50 topical, 20 editorial, 1 hidden)
An idea. (4.57 / 14) (#1)
by Anonymous 6522 on Tue Nov 13, 2001 at 02:00:49 AM EST

I've been thinking about this too, and the solution to this problem could be the ability to moderate account themselves, instead of just comments.

Let's say ynqvangbe nohfrf Xheb5uva goes and massmods someone with his millions of accounts. Everyone who thinks that's was a really shitty thing of him to do could vote to have his account disabled, his moderation undone, and all votes he has made against any accounts rendered invalid. All accounts that have been disabled in this way could be thrown into a bin like hidden comments for peer review. I don't see how this system could be abused in the long run, as the abuser would have to have enough accounts to override all sane K5ers, all abuse would be undone as the abusing accounts are disabled.

Plus this would spare rusty the effort of having to manually punish moderation abusers.

Implementation... (4.62 / 8) (#2)
by Nater on Tue Nov 13, 2001 at 02:08:14 AM EST

Yes, I believe that would work, and it would probably clear up the current situation. But the its main disadvantages against my proposal are the effort to implement it and the fact that it's a new chunk of code that we can theorise about but can't truly understand until it's done.

The solution I've proposed is the simple addition of two conditions on the ability to rate comments. It could be implemented in just a few minutes and operates within a system that is already well understood.


i heard someone suggest that we should help the US, just like they helped us in WWII. By waiting three years, then going over there, flashing our money around, shagging all the women and acting like we owned the place. --Seen in #tron


[ Parent ]
True. (4.85 / 7) (#4)
by Anonymous 6522 on Tue Nov 13, 2001 at 02:21:38 AM EST

But your idea seems more of a stopgap measure, it would just take a little more work, or a more complex script to get around it. My idea, while it's more complicated, may solve this problem once and for all. People will finally be able to stop bitching about modstorms. They will be able to settle their stupid little grudes in a right and natural way, by flaming each other, and the current system can take care of that easily.

[ Parent ]
Automated attacks (4.54 / 11) (#3)
by sigwinch on Tue Nov 13, 2001 at 02:19:18 AM EST

I usually vote down Meta stories, but I too am concerned by large-scale comment rating attacks so I'll make an exception. An attack scenario:
  1. Attacker creates numerous accounts.
  2. Attacker creates a large number of accounts, and posts enough good comments to get Trusted User status on a few of them.
  3. Attacker uses an automated program to vote down (twos and threes) all non-attacker comments from the past month. Most active users lose Trusted User status.
  4. Attacker can now rate comments to zero and active users cannot fix the problem because they don't have TU. If the attacker is sparing in his use of zeros, he could really hurt the user experience of the zero targets.
Sure, it can eventually be corrected by administrative intervention, but it would be annoying to everybody in the interim, and it could end up being a continual measure/countermeasure battle against the attacker. Not good.

I would personally prefer a web-of-trust based system along the lines of Advogato.

--
I don't want the world, I just want your half.

Obviously (4.85 / 7) (#5)
by Nater on Tue Nov 13, 2001 at 02:30:29 AM EST

Technically, there will always be some way to abuse the system. The distinguishing feature that determines whether or not a particular attack will be problematic is how much effort and/or discipline it takes to carry out the attack. The attacks that are currently occurring are not especially difficult and don't require any discipline. The attack you've described would require a great deal of discipline on the part of the attacker, and I believe that an individual with self-control sufficient to carry out the attack would not have the desire to carry out the attack, except in extremely rare cases.


i heard someone suggest that we should help the US, just like they helped us in WWII. By waiting three years, then going over there, flashing our money around, shagging all the women and acting like we owned the place. --Seen in #tron


[ Parent ]
Use hidden sids to get trusted status (4.25 / 4) (#26)
by Sunir on Tue Nov 13, 2001 at 04:44:29 AM EST

Writing good copy is difficult, especially difficult to do with many accounts. Doing this publically in the diaries (as Rusty has suggested) is also difficult as everyone would notice. The solution is to use a hidden sid (like trolltalk) to cross-rate each account.

You should be able to create dozens of trusted accounts within a day, if you work around the surge protector.

The reason why this hasn't been greatly abused is that no one really cares. I mean, it's kuro5hin. Laid back, chillin'. Getting petty over Mojo is pretty boring. Do you really want to read 0-rated comments?

It's more serious if you consider this completely defeats the purpose of Mojo; that is to hide spam from spammers.

"Look! You're free! Go, and be free!" and everyone hated it for that. --r
[ Parent ]

There's always a way to circumvent (4.00 / 1) (#62)
by tzanger on Wed Nov 14, 2001 at 04:55:46 PM EST

Think about it though: You don't get trusted status by posting tons of comments; you get it when those comments are generally accepted by the community. And if you're going to take so much time and work at that, it's highly unlikely you're the type of person to create a zillion accounts to bitchslap someone.



[ Parent ]
Another good idea. (3.50 / 8) (#6)
by dram on Tue Nov 13, 2001 at 02:40:25 AM EST

Here was another good idea that fuzzrock had a while ago. Maybe we should look at that again. I think it would solve many of the problems that you are speaking of. Hope it's helpful.

-dram
[grant.henninger.name]

After noticing who's voted... (4.40 / 15) (#9)
by la princesa on Tue Nov 13, 2001 at 03:01:54 AM EST

I can see yet another looming disaster on the horizon much more poisonous than modstorming. Some twit with 100 clone accounts could just flood the queue with votes and/or stories, which would screw with the quality of k5 far more than the rating abuse. It is really sad that this site is so close to being that messed up due to some inane spat between people with too much spare time. It looks like the occasional users may have to get screwed over to prevent clones wrecking the site entirely (i.e. switching to a system where voting and rating are only allowed once someone's been contributing for awhile.)

Nooooooooo!!!! (3.25 / 4) (#21)
by Nater on Tue Nov 13, 2001 at 04:01:58 AM EST

Some twit with 100 clone accounts could just flood the queue

This is just asking for a Star Wars Episode II joke, so I might as well bite...

K5: Attack of the Clones


i heard someone suggest that we should help the US, just like they helped us in WWII. By waiting three years, then going over there, flashing our money around, shagging all the women and acting like we owned the place. --Seen in #tron


[ Parent ]
queue-flooding (4.50 / 2) (#47)
by Delirium on Tue Nov 13, 2001 at 05:46:07 PM EST

Some twit with 100 clone accounts could just flood the queue with votes and/or stories, which would screw with the quality of k5 far more than the rating abuse.

This is the type of attack that shut down k5 for a few months last year. I'm not sure what the specific measures taken were, but I understand that measures to prevent such an attack from re-occuring were taken during the downtime. Perhaps one of the scoop-coders would know more about this.

[ Parent ]

uh oh (3.50 / 6) (#11)
by Delirium on Tue Nov 13, 2001 at 03:18:20 AM EST

Here we go one more time for good measure...

Differences (5.00 / 3) (#13)
by Nater on Tue Nov 13, 2001 at 03:32:14 AM EST

This is a proposal for a complex "currency" scheme that was well-enough lambasted in the attached comments

This has nothing to do with modstorming.

This is a proposal for a "Ratings Killfile" that puts a dictator in charge of who can and can't rate.

This points out the problem.

This begs for a solution to the problem

I have proposed a solution which places no additional burden on users or administrators except to post a comment before they can rate other people's comments, directly addresses the problem of modstorming, and does not require the addition of a new subsystem in scoop.


i heard someone suggest that we should help the US, just like they helped us in WWII. By waiting three years, then going over there, flashing our money around, shagging all the women and acting like we owned the place. --Seen in #tron


[ Parent ]
I understand that, but... (4.00 / 2) (#15)
by kjb on Tue Nov 13, 2001 at 03:41:16 AM EST

I have proposed a solution which places no additional burden on users or administrators except to post a comment before they can rate other people's comments, directly addresses the problem of modstorming, and does not require the addition of a new subsystem in scoop.

There are times when I rate others' posts and don't comment myself because I feel that others have made comments that have expressed my opinion as well as I would have or better than I would have.

I certainly don't want to see a flood of "me too" posts so that people can rate others' posts.

I would be interested in reading solutions to that.

--
Now watch this drive.
[ Parent ]

The proposal refers to comments in general. (4.30 / 10) (#16)
by la princesa on Tue Nov 13, 2001 at 03:48:20 AM EST

At least, I'd gathered that one simply needs to have posted a few comments period to rate, not post to any story one wishes to rate comments for. Essentially, it would to some degree just expand the trusted user scope such that one had to be 'trusted' to rate at all and perhaps 'extra-trusted' to rate comments zero. What I don't get is why people are going to such trouble to mess up a perfectly reasonable system. Five or six fake accounts is one thing, but now that it's approaching dozens (script-generated, no less), some changes will likely have to be made to k5 and possibly scoop. I sincerely dislike people who make a mockery of implied trust.

[ Parent ]
If that is true... (3.00 / 1) (#18)
by kjb on Tue Nov 13, 2001 at 03:51:56 AM EST

then I agree.

--
Now watch this drive.
[ Parent ]

Sort of (3.00 / 2) (#20)
by Nater on Tue Nov 13, 2001 at 03:54:46 AM EST

I was thinking more along the lines of an untrusted-normal-trusted setup, but yes, you've got the idea.


i heard someone suggest that we should help the US, just like they helped us in WWII. By waiting three years, then going over there, flashing our money around, shagging all the women and acting like we owned the place. --Seen in #tron


[ Parent ]
"Me too" wouldn't work (3.33 / 3) (#17)
by Nater on Tue Nov 13, 2001 at 03:51:37 AM EST

I certainly don't want to see a flood of "me too" posts so that people can rate others' posts.

The second part of my proposal corrects that. Such comments should be rated down because they lack content and therefore do not add to the discussion. The user's mojo then sinks below the threshold and the entire exercise is a wash.


i heard someone suggest that we should help the US, just like they helped us in WWII. By waiting three years, then going over there, flashing our money around, shagging all the women and acting like we owned the place. --Seen in #tron


[ Parent ]
Understood (3.00 / 1) (#19)
by kjb on Tue Nov 13, 2001 at 03:54:37 AM EST

ok, fair enough.

--
Now watch this drive.
[ Parent ]

old discussions and new solutions (4.33 / 6) (#22)
by Delirium on Tue Nov 13, 2001 at 04:13:33 AM EST

FWIW the ratings killfile doesn't put a "dictator" in charge of who can and can't rate. It proposes the implementation of usenet-style killfiles, in which each person can choose which ratings they see in the score calculations. Thus you choose who can rate in your view of things. There's no dictator; the major problem, if you consider it one, is that different people would see different ratings, depending on their killfiles (or lack thereof).

The "currency" scheme was also a proposed answer to problems like this; new users wouldn't have enough "currency" to go on a ratings spree. It certainly has its share of problems, but I'm not sure it's entirely unworkable.

My main point wasn't that your solution is necessarily a bad one, but that we've had this discussion many many times before, mostly around May/June when it was a major problem. Rusty's solution at that time was that he will disable the rating ability of accounts he sees being abusive in that regard.

As for requiring a new user to post comments; how would that prevent a script for auto-posting a comment under the new user (say, to an old diary where it's unlikely to get noticed) and then proceeding to rate?

[ Parent ]

The Problem Remains (4.00 / 3) (#27)
by Nater on Tue Nov 13, 2001 at 04:49:34 AM EST

This problem is still discussed because it is still a problem.

As for requiring a new user to post comments; how would that prevent a script for auto-posting a comment under the new user (say, to an old diary where it's unlikely to get noticed) and then proceeding to rate?

The comment(s) are there so that if the account is later abusive, there is a way to correct the behavior. Both checks (minimum mojo and comment posted) are necessary to allow correction because, for instance, in the case of Scott Lockwood, there are plenty of comments to rate, but it has no affect on his ability to rate others' comments, and in the case of the current attacker, there aren't even any comments to rate even if rating them had such an effect.

The idea is not to prevent attacks by making them impossible, but rather by making them ineffectual.


i heard someone suggest that we should help the US, just like they helped us in WWII. By waiting three years, then going over there, flashing our money around, shagging all the women and acting like we owned the place. --Seen in #tron


[ Parent ]
problem? (4.25 / 4) (#38)
by Delirium on Tue Nov 13, 2001 at 10:29:05 AM EST

This problem is still discussed because it is still a problem.

I'm not entirely convinced. Taking a glance through the hidden comments, I can't see any abuses there, and I don't think I ever have seen any abuses there that lasted more than a few hours. The only thing that would be affected then, if the comments aren't actually hidden, are users' mojos. And worrying about mojos seems to me about as interesting as worrying about Slashdot karma. Plus, the current system seems to work fine - in most cases other users will rate the "modstormed user" back up, and in problematic cases one of the admins will disable the offending accounts.

This is not to say that if there are simple solutions they shouldn't be implemented, but I don't think it's necessarily a major problem.

[ Parent ]

Problem (4.00 / 1) (#43)
by rusty on Tue Nov 13, 2001 at 02:25:03 PM EST

It's a "problem" in that there's one guy who's decided to be a pain about it. This happens from time to time. It's hardly a widespread site phenomenon though.

____
Not the real rusty
[ Parent ]
Great, the high school mentalities have arrived. (3.94 / 19) (#23)
by Kasreyn on Tue Nov 13, 2001 at 04:16:56 AM EST

I don't really care which side of the Vladinator/Zero Rating 7 massmod war you're on - it's just plain childish. Vladinator I have nothing to say to, since I honestly don't know enough about the situation to make a judgement. If it's true you're using mass accounts to moderate down anyone who disagrees with you, the two words "grow up" would seem most fitting. Zero Ratings 7: It's just a web forum. Comparing someone abusing a website moderation system to a criminal madman is silly at best, and paranoid at worst. Please, think up a better excuse.

Is crap like this my cue to go elsewhere looking for intelligent discussion? I finally (mostly) quit on /. when children and idiots like this reduced the quality of posts to about nothing... if the same's about to happen to K5, I might as well be on my way. Anyone got any sites to suggest?

Congratulations, microcephalic nitwits, you've successfully ruined other people's enjoyment! I hope it makes you happy. Sometimes I wish we could such ban high school mentalities from the internet. "You must be... THIS... smart to be online."

*sigh*...


-Kasreyn

Who this late at night doesn't give a shit if he's about to be massmodded into oblivion. Now, in the morning... =P


"Extenuating circumstance to be mentioned on Judgement Day:
We never asked to be born in the first place."

R.I.P. Kurt. You will be missed.
You've got it backwards. (3.66 / 3) (#67)
by Scott Lockwood on Fri Nov 16, 2001 at 11:39:58 AM EST

    If it's true you're using mass accounts to moderate down anyone who disagrees with you, the two words "grow up" would seem most fitting.


False. I have exactly ONE extra account - the one I'm posting this from. Yes, It was a selfdefensive issue, and no, I'm not moding poeple down for disagreeing with me (I'm not moding at all anymore in fact) but rather I was retaliating in kind. In short, I did not fire first, so please keep your moral condemnation to yourself.

"I have no respect for a man who can only spell a word one way." -- Mark Twain
[ Parent ]

Sigh. (4.00 / 9) (#24)
by driph on Tue Nov 13, 2001 at 04:18:20 AM EST

Well, props to the person who generated all those accounts(you got uids 22897 through 22988 or so, right?), at least you haven't been(at a glance) as destructive with them as you could have. I thank you for that, at least.

So what do we do now? Perhaps we implement a check that would be easy enough for most real people to clear, but tough for scripts. Something like inputing numbers from a generated image as part of the account creation process might work, I suppose.

Of course, that'd prevent the blind from creating an account, but I'm sure we'd be able to do something to help the user if that situation ever came up.

--
Vegas isn't a liberal stronghold. It's the place where the rich and powerful gamble away their company's pension fund and strangle call girls in their hotel rooms. - Psycho Dave

As we used to sya in the Army (4.14 / 7) (#37)
by wiredog on Tue Nov 13, 2001 at 10:16:12 AM EST

"Here we go again, same old shit again."

We go through the "modstorming" debates on about a quarterly basis. Eventually the idiots get bored, and leave, and take their toys with them.

My friends and I learned, in grade school, that the worst punishment you could impose on a bully was to ignore him.

The idea of a global village is wrong, it's more like a gazillion pub bars.
Phage
[ Parent ]

yes, but (4.00 / 3) (#39)
by mami on Tue Nov 13, 2001 at 11:40:37 AM EST

it costs a lot of swallowed anger to ignore abusers. Trying to do it is unnatural and not good for your mental health.

Now, you could say, you get what you pay for. But that would mean, if one had a system, where accounts would cost something, one would loose a lot of freedom of speech, if one would try to do more than just trying to ignore the "evildoers" (sorry, I love that word, it's so plain to the point). If you had the same bullies in a subscription sort of K5 system, you would loose the non-bullying subscribers in a minute.

Not that in general there isn't something good to your advice, but if "ignoring" the bullies becomes "official policy", I don't think that, on the long run, people will like that policy. The silent outrage of some people getting away with too much will finally PO too many people, I think, and cause them to leave. You can't constantly live against your own conscience of right and wrong. I would not advise anybody to do so. The line between ignoring a problem and denying the existence of a problem is pretty thin, I think.



[ Parent ]
ebay implements this (4.00 / 1) (#46)
by Delirium on Tue Nov 13, 2001 at 05:44:17 PM EST

So what do we do now? Perhaps we implement a check that would be easy enough for most real people to clear, but tough for scripts. Something like inputing numbers from a generated image as part of the account creation process might work, I suppose.

That's what ebay does. And they use random fonts and a random hashed background to stop people from OCRing the images.

[ Parent ]

In other words, you want 'Think Cash' (none / 0) (#64)
by pin0cchio on Wed Nov 14, 2001 at 11:00:24 PM EST

So what do we do now? Perhaps we implement a check that would be easy enough for most real people to clear, but tough for scripts. Something like inputing numbers from a generated image as part of the account creation process might work, I suppose.

In other words, you want a Think Cash system. Most "think cash" systems in existence lack accessibility. For example, eBay, PayPal, GeoCities, Tripod, Freeservers, and AltaVista use this to keep bots out, but it also shuts out legitimate visually-impaired users and other legitimate users behind character-cell browsers. PayPal claims to render its letters and numbers as speech, but it's broken; when I clicked the "Listen to the numbers" link a few days ago in a recent Mozilla nightly build, nothing at all happened.


lj65
[ Parent ]
Don't Think It'll Work (4.33 / 9) (#28)
by Cloaked User on Tue Nov 13, 2001 at 05:08:56 AM EST

At best, this will merely inconvenience modstormers.

Why is that? Let's take your ideas one at a time:

First, don't allow a user to rate comments until the user has posted comments.
Okay, so now in addition to an automated account creation process, you need an automated comment posting. Non-trivial, but most certainly not beyond the realms of possibility. Perhaps post a diary for each account, and have one other acocunt comment on it, round-robin fashion?

Second (and I don't know enough about scoop to know whether this is already true or not), require a minimum mojo (1?) to rate comments.
This will slow down modstormers, but all they need to do is create a handful of "genuine" accounts, post real comments with them, and then use each one in turn to mod up the comments and so prepare the "storm accounts" for action.

If carefully planned and correctly executed, from a fat enough connection (such as the one I'm on the end of now, at work), it would still be relatively easy to launch an extremely effective modstorm. Also, as the effort involved has increased, I would imagine that a mod stormer would go all out and storm everyone except their friends, rather than just their "enemies", making the problem worse.

That said, if this really is becoming a problem (I'm a regular, but pay very little attention to comment ratings, etc), then perhaps it is better to implement something like this as a temporary, "slow it down a bit" solution while something more effective is worked on. I have to confess, though, that I can't immediately think of anything that would be effective. If people want to spoil other people's fun, they'll generally find a way of doing it. The only way of stoping it that does spring to mind is making it cost money to set up accounts, or to rate comments, neither of which, I imagine, would be very popular.



Cheers,

Tim
--
"What the fuck do you mean 'Are you inspired to come to work'? Of course I'm not 'inspired'. It's a job for God's sake! The money's enough and the work's not so crap that I leave."
Rate Limits (3.60 / 5) (#29)
by Nater on Tue Nov 13, 2001 at 05:32:08 AM EST

All those things have to happen publicly, though, and there's always someone ready to blow the whistle and preempt the attack.


i heard someone suggest that we should help the US, just like they helped us in WWII. By waiting three years, then going over there, flashing our money around, shagging all the women and acting like we owned the place. --Seen in #tron


[ Parent ]
A better idea (2.66 / 15) (#30)
by qpt on Tue Nov 13, 2001 at 06:35:44 AM EST

When faced with a problem, it is necessary to first understand the nature of the difficulty. Specifically, it is important to know why the situation is a problem at all. In the case of mass moderation, the assumption would be that this behavior interferes with the normal operation of kuro5hin.org and is thus a problem.

This, however, demands that we determine just what the normal operation of kuro5hin.org should be. That is, what is its purpose?

As near as I can tell, the purpose of kuro5hin.org is to allow people an opportunity to bitch and moan. That being the case, mass moderation can be seen only as a splendid contribution to the site, and not a difficulty at all.

Rather than discouraging the practice, I think the site administrators should make a reasonable effort to accommodate mass moderation. Perhaps there could be an automated mechanism for creating dozens of accounts rather than having to write a script by hand. The possibilities are endless, and I am certain that many of you could think of better ideas than I can.


Domine Deus, creator coeli et terrae respice humilitatem nostram.

Honestly (3.50 / 8) (#31)
by Neuromancer on Tue Nov 13, 2001 at 06:41:27 AM EST

I don't think that this is occurring. I know that I have lost/gained/repeat trusted status over the past couple of months, but seriously. If someone was bot voting, I figure that 2 or 3 users would never have a story in the submission queue for more than a few mintues, it only takes 20 downvotes to knock their article off. It would take me not even 20 mins to write a perl script that could create an army of users and downvote them.

Rating, not Voting [n/t] (3.20 / 5) (#32)
by Nater on Tue Nov 13, 2001 at 06:57:11 AM EST


i heard someone suggest that we should help the US, just like they helped us in WWII. By waiting three years, then going over there, flashing our money around, shagging all the women and acting like we owned the place. --Seen in #tron


[ Parent ]
Yes, but (4.00 / 1) (#49)
by Neuromancer on Tue Nov 13, 2001 at 07:32:02 PM EST

Why would somebody bother to mess with ratings and not the submission queue?

[ Parent ]
Ask Vlad (5.00 / 1) (#54)
by Nater on Wed Nov 14, 2001 at 06:15:33 AM EST

Why would somebody bother to mess with ratings and not the submission queue?

I don't know, but they do. Some people seem to think that it's not a problem. Well, I'd like to point out that it's ratings, and particularly the ratings of trusted users, that keep the content of the comments from devolving to the level we see on certain other websites. Furthermore, trusted users are trusted users because of ratings. Basically, this is one of the systems that keeps K5 "clean" and right now, people are messing with it.

It hasn't happened yet, but what if some schmuck decides to create an army of accounts, trash eveyone's mojo indiscriminantly and then post a few comments from each account on a hidden sid, and use the same army to rate them to infinity and beyond? That leaves K5 with one person who has an army "trusted accounts" which probably oughtn't be, and a huge mess for the admins to clean up, not to mention the havoc that could be wrought on content. Would you keep coming here if all there was to read was several thousand penis birds and all the regular content was immediately trampled by the trusted user? I can hear you say "So what? The admins can clean it up." That only works up to a certain point, and it doesn't prevent the shit from hitting the fan repeatedly, while content suffers in the meantime.

Sure, we might not understand why someone would want to do this, but that doesn't change the fact that right now, we're seeing the beginnings of it. Also, I really don't care whether it's my suggestion or some other suggestion that eventually makes it into production, as long as there is some recourse other than "let the admins take care of it."

Of course, maybe ratings are fine and it's this whole "army of accounts" business that needs to be addressed. Hey, here's an idea: insert a "cabal detector" in scoop that heuristically determines when a group of accounts is in collusion, and then not allow a cabal's member to rate each other's comments or to rate comments that have been rated by another cabal member.


i heard someone suggest that we should help the US, just like they helped us in WWII. By waiting three years, then going over there, flashing our money around, shagging all the women and acting like we owned the place. --Seen in #tron


[ Parent ]
Ooh ooh! (4.33 / 9) (#35)
by Elkor on Tue Nov 13, 2001 at 08:52:58 AM EST

How about letting editors go into an account and repeal all their votes for the past week? That way, if there was an abusive account, an editor could "fix" the problem and restore the attackees mojo.

When an editor goes into a users account there could be a button that they click to reset the votes.

The button would be called, of course, "deploy countermeasures."

Regards,
Elkor


"I won't tell you how to love God if you don't tell me how to love myself."
-Margo Eve
song author (none / 0) (#65)
by wkearney99 on Thu Nov 15, 2001 at 11:45:43 AM EST

That song, "Eye of the Hurricane" was written by David Wilcox. Who, if you haven't heard him, has a pretty decent collection of material. See: http://davidwilcox.com/EYE.html Whether Atkinson covered this or not, I've no idea.

[ Parent ]
You're right.... (none / 0) (#66)
by Elkor on Thu Nov 15, 2001 at 12:03:57 PM EST

I couldn't remember the original artist, but heard and loved the song as sung by Roy Atkinson.

Thanks for the proper attribution.

Regards,
Elkor


"I won't tell you how to love God if you don't tell me how to love myself."
-Margo Eve
[ Parent ]
Social Problem (4.60 / 10) (#40)
by joecool12321 on Tue Nov 13, 2001 at 12:59:11 PM EST

Many interesting solutions. But one thing I've learned from reading Kuro5hin is to watch out for technical solutions to social problems. And this seems like a social problem to me.

One thing that seems clear from reading the comments is that it affected very few people, and within a few hours Rusty was able to fix everything. If that's the case, why implement a system that: 1) Makes life, on the whole, more difficult for Kuro5hin users; 2) Gives unneeded attention to the mod-bombers? The social repercussions seem self-evident.

But it also seems apparent that the problem won't just go away (/.).

So I think a solution that implements social pressure is going to be the best. Obviously, technical changes will need to be made, but the social solutions (namely Elkor's or JCB's seem the most "social") will have the best results. But, are perhaps avenues for abuse in those as well? As long as it takes enough time (which apparently it does right now) for the script to allow human intervention, all seems well. But even if it's not too slow, if the script is fast, as long as you could check a "hidden user" status page, abuses could be stopped.

--Joey

The world's simplest solution to modstorm attacks (4.94 / 18) (#41)
by chipuni on Tue Nov 13, 2001 at 01:47:41 PM EST

Modstorm attacks are relatively easy to prevent. It requires no new code from Rusty; it requires no new tools on the client side, either.

The solution is to get more people moderating. When I came into this discussion, there were a total of 92 ratings done for 31 comments -- an average of just under 3 ratings per comment. (Two comments had eleven people rating them.)

In other words, a modstormer with just five accounts could, on average, turn a '5'-rated comment into a '2'-rated comment.

In my opinion, if you're not rating most of the discussions that you're in, you're part of the problem.
--
Perfection is not reached when nothing more can be added, but only when nothing more can be taken away.
Wisdom for short attention spans.

technical steps to make this easier (3.50 / 4) (#45)
by speek on Tue Nov 13, 2001 at 05:04:46 PM EST

To make your dream a reality, there are technical steps that can be taken to increase rating. Right now, rating is too much a pain to rate anything other than those comments that elicit a strong response, positive or negative.

First, fix it so that rating comments doesn't require a page reload (yes, you can get around this now, but it's still inconvenient)

And second, skip the 1-5. A binary system will work fine.

I can't wait for the inevitable response: "your a lazy shit, can't even be bothered to rate!". To which my response is, I'm just treating rating with the amount of seriousness it deserves. How about you?

--
al queda is kicking themsleves for not knowing about the levees
[ Parent ]

A few things... (4.00 / 1) (#50)
by chipuni on Tue Nov 13, 2001 at 08:46:59 PM EST

I agree that rating comments should be easy. I'd love it if we didn't reload pages.

I don't feel that a binary system will work well, though. I use ratings to 'order' stories: 5s are better than 4s are better than 3s... though all of them would have gotten a 'yes' in binary. I strongly appreciate the ability to read just the top-rated stories to find what people consider the most important.
--
Perfection is not reached when nothing more can be added, but only when nothing more can be taken away.
Wisdom for short attention spans.
[ Parent ]
sorting wouldn't change (none / 0) (#68)
by speek on Sat Nov 17, 2001 at 08:48:44 PM EST

There are just as many numbers between 0 and 1 as there are between 1 and 5. Whether I rate a post 4 or 5 should be pretty irrelevant. The only reason it seems important is that only 5 people rate each comment, as opposed to 100.

--
al queda is kicking themsleves for not knowing about the levees
[ Parent ]

Binary (none / 0) (#63)
by Elendale on Wed Nov 14, 2001 at 06:31:15 PM EST

If you mean like Slashdot, it won't work. Slashdot moderation style has been shown to fail. For n number of moderators (where n is small) it works fine, but as n becomes large the overall rating of a comment becomes close to arbitrary. Why? Essentially, each rating applied to the comment has a set "power", no matter how many other ratings have been applied. Under the K5 system each rating's "power" is related to how many other ratings have been given. I'd post more on this, but i have other things to do (like eat so i don't, you know, die- well, that and finish off this semester of college) so you'll have to take my word for it, or look around for the old arguments.

In a more related note, i don't think modstorming is a problem. I may just not be noticing it, but it isn't as widespread as it was feared it would become. I agree it is a potential abuse, and as such should be looked at and hopefully dealt with; but i haven't seen any decent solutions thus far.

-Elendale
---

When free speech is outlawed, only criminals will complain.


[ Parent ]
not like slashdot (none / 0) (#69)
by speek on Sat Nov 17, 2001 at 08:49:57 PM EST

binary: 0 or 1, add them up and average. no different than 1 to 5, but there's only two choices for each rater.

--
al queda is kicking themsleves for not knowing about the levees
[ Parent ]

Combining ideas (5.00 / 1) (#70)
by Nater on Mon Nov 19, 2001 at 06:20:39 AM EST

This is going to require some mathematics that even I haven't worked out yet and I'm going to rehash some mechanisms that you're probably already familiar with, so bear with me.

I've written my own blogware. It sucks, it lacks a lot of features, I'm going to rewrite rather than maintain it, but I've been thinking about how to do crap filtering better.

Slash uses moderation to do two things: 1) modify a comment's score and 2) indicate why. It is a simple binary moderation of -1 if it's bad and +1 if it's good. Slash also doles out moderation points sparingly to users whose comments have been moderated up more than down, so that only a limited number of moderations can take place. The balance of the moderations done to a user's comments is the user's "karma", and at fixed points on the karma scale, priviledges are granted and taken away. Among those priviledges are: 1) the ability to obtain moderation points, 2) the ability to "metamoderate", and 3) the ability to post comments with higher initial scores. A comment's score is arbitrarily constrained between -2 and 5, where comments scored -2 are effectively deleted (although really, they're just hidden). Karma is arbitrarily constrained to 50 and less.

Scoop uses ratings to do one thing, indicate on a scale of 0 to 5 how "good" or "bad" a comment is, with the comment's total being a simple average stored to two decimal places. A user is assigned a value called "mojo" that is the simple average of the most recent subset of ratings on that user's comments. A comment's total rating and a user's mojo are naturally constrained between 0.00 and 5.00. At a certain mojo threshold, two priviledges are granted to a user, those being 1) the ability to rate a comment at 0 and 2) the ability to see comments whose total rating is less than 1.00.

There are things I like and don't like about both systems. Slashdot's binary moderation system is mathematically simple. Ignoring the "reason" associated with a moderation it's a simple good vs. bad decision. I also like Slash's finer-grained assignment of priviledges at different points on the karma spectrum. I like Scoop's system because by default it grants everyone the ability to rate arbitrarily many comments. I also like the way values in Scoop are naturally constrained versus the arbitrary constraint of karma and comment scores.

The system I've been thinking of is kind of a combination of both. Hopefully you're familiar at least with the shape of the arc tangent function, if not, look it up, because you will need it in order to follow what comes next. I intend to (at some point) derive a function from the arctangent function with the following properties: 1) f(x) approaches 0 as x approaches negative infinity, 2) f(x) approaches 5 as x approaches positive infinity, 3) f(0) = 2.5, and 4) f(1) = 3.5. Call this function rating(x) and its inverse score(x).

This is how my proto-system works:

Users have mojo, just like in Scoop. Mojo is calculated from the user's comments' ratings just like in Scoop.

Comments have a score, like in Slash, but a rating is displayed on the page, like in Scoop, and the rating(x) function is used to calculate the rating from the score. Comment scores can go as high or low as they have to.

When a user posts a comment, it is given an initial score of score(mojo).

When other users moderate that comment, their options are -1, 0, and 1, which are added to the comment's score, causing a recalculation of the comment's rating and the user's mojo.

When a user's mojo is recalculated, various priviledges can be granted or revoked depending on whether or not various thresholds have been crossed. So far I have an incomplete list of priviledges, but one of the better properties is that admin priviledges can be granted at or close to a mojo of 5.00, because the rating(x) function is asymtotic. Real users can never have a mojo of 5.00 or 0.00, so a threshold at those levels can never be crossed. Likewise, if the administrator chooses, the threshold for various admin priviledges (powerful stuff like deleting an account or creating new sections) can be granted to users with really really high mojo (like, say 4.98). It would take a lot of really highly scored comments to get mojo that high. New users would have to overcome a certain amount of artificial "mojo inertia" in order to simulate the real "mojo inertia" that affects old users with lots of comments.

This system has all the properties I like about Slash and Scoop without the things I don't like. Moderation is a simple good/bad/don't care (or alternately increase/decrease/leave this comment's score). Lots of different priviledges can be granted or revoked at arbitrary levels. All values are naturally constrained. Before I implement it, I'm interested in the potential abuse scenarios people can imagine.


i heard someone suggest that we should help the US, just like they helped us in WWII. By waiting three years, then going over there, flashing our money around, shagging all the women and acting like we owned the place. --Seen in #tron


[ Parent ]
Some issues (3.50 / 2) (#53)
by joecool12321 on Wed Nov 14, 2001 at 02:33:35 AM EST

I was thinking about this at first, as well. When thinking about the social aspect of the issue, I was originally going to argue that we needed to encourage more people to vote. And the best way to do that would be to have a simpler rating system (I like the idea of 5 radio buttons running along the bottom of the post. You still have all the choices (1-5) but not the dropdown menu). However, I /thought/ this ultimately fails.

We already know that scripts are an active part of the mod-bomb. By having more people rate, you gain very little solvency. Why? Even if 40 people rated your post, every single time, and you recieved an average rate of 3.5, it would take a mere 110 accounts to get the rating below zero. Getting 110 accounts to trusted-user access seems trivial. But in writing about this now, I actually ran the numbers, instead of just hinking about this in my head. It does seem feasable.

The question now: would more people rate if it were radio buttons instead of the dropdown menu? I think I would, at least at first. But then I might get lazy. Do we want people rating us that wont even take the time to click on a dropdown menu?

The time isn't so much an issue for me (on reload) because I rate as I read, and only have to click on the "rate all" once or twice.

Thanks for forcing me to run the numbers,
--Joey

[ Parent ]
Band-Aid (4.75 / 4) (#48)
by flikx on Tue Nov 13, 2001 at 06:39:39 PM EST

...covering up a mineshaft.

Those things would be very easy to beat, given a little effort and about 10 minutes of perl coding for slow coders.


--
One future, two choices. Oppose them or let them destroy us.
Suggested Modstorm Countermeasure | 70 comments (50 topical, 20 editorial, 1 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!