Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

The flaw of unaccountable accounts

By I Am A Troll So There in Meta
Wed Feb 06, 2002 at 02:50:27 AM EST
Tags: Kuro5hin.org (all tags)

I have noticed that it is very easy -- too easy -- to create a K5 account. The system is too easy to abuse. As an example, look at the submission queue.

The submission queue is designed to let the majority decide what stories get posted. Or does it?

An extreme scenario

Let's not forget that free email accounts are extremely easy to obtain. In fact, if you run an SMTP domain, you can create a hundred, a thousand, a million aliases, all of which correspond to a unique email address. This immediately entitles you to an equivalent number of K5 accounts.

"Oh," you say. "Why would anyone waste their time to do such a thing?" Let's forget about the "why" for a minute, and consider the who. Who would do such a thing? Certainly not the more reputable users of the site. Certainly not those who genuinely want to participate and contribute. The unfortunate answer is, it is those who want to be destructive. It is precisely those we don't want to deal with, who ultimately has the time and effort to put into such a thing.

OK, you say. Rusty can just delete all those accounts immediately. Sure. It may be hard if this destructive person is able to create email accounts with several different domains, but still possible.

A plausible scenario

But consider now a less extreme scenario: that a certain population among K5er's (let's call it X) decides they want to sign up for multiple accounts. You don't have to go very far -- each person in X only needs to get one extra account (i.e. they have two accounts each). I'm sure this is already happening to an extent; but suppose X represents a significant percentage of K5. Suppose further that each person in X decides to vote with both accounts.

Now suddenly, population X has obtained double power -- they get two votes per story, and they get to rate each comment twice. This is now much harder to fix -- because it's not one person with many accounts, but many people each with a few accounts. And this tips the balance of the voting system used in the submission queue -- it no longer represents what the majority wants, but is heavily skewed towards what population X wants. Furthermore, since this could potentially be quite unnoticeable, the views and opinions expressed on K5 could be subtly tilted towards a particularly viewpoint which is not representative of its true population.

Again, let's consider who are the most likely to do such a thing. What would population X look like? Again, the answer is: those with too much time on their hands, those who have a grudge (and therefore the motivation to go through the trouble of doing something like this), and those who think it's fun to be destructive. In short, those whom we don't want to have this unfair voting advantage.

Root of the problem

The root of the problem is that an email address is ultimately unaccountable. A bunch of email accounts could all be different people, or could be one person, and checking for this is a job that no one (least of all Rusty) wants to do. After all, censorship isn't something this site wants, is it?

There must be a way to prevent this scenario from happening. Unfortunately, that may probably involve personal information that I doubt anyone on this site would be willing to give.

Grain of Salt

Finally, the upshot of all this is, please don't take this site too seriously. You're probably getting a heavily colored view of things. If you base your philosophy on the debates that go on here, well ... you have my deepest sympathies.


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Related Links
o Also by I Am A Troll So There

Display: Sort:
The flaw of unaccountable accounts | 99 comments (95 topical, 4 editorial, 0 hidden)
After the Great Crapflood (3.66 / 6) (#1)
by wiredog on Tue Feb 05, 2002 at 02:55:17 PM EST

Rusty tweaked Scoop so that you couldn't create more than two (IIRC) accounts a day from the same IP address.

Peoples Front To Reunite Gondwanaland: "Stop the Laurasian Separatist Movement!"
clarification (4.60 / 5) (#5)
by hurstdog on Tue Feb 05, 2002 at 03:08:51 PM EST

...couldn't create more than two (IIRC) accounts a day ...

Its configurable. On my dev site, I have it set to like 20000000 so I don't have to worry about it. But on k5 we use 2. :-)

[ Parent ]
Limit of 2 (3.00 / 1) (#61)
by sigwinch on Tue Feb 05, 2002 at 11:40:07 PM EST

But on k5 we use 2.
Thank $DEITY for /16 dynamic IP netblocks. ;-)

I don't want the world, I just want your half.
[ Parent ]

Proxies? (4.00 / 2) (#18)
by J'raxis on Tue Feb 05, 2002 at 03:45:00 PM EST

Proxy servers.

— The Raxis

[ J’raxis·Com | Liberty in your lifetime ]
[ Parent ]

yo (3.16 / 6) (#35)
by medham on Tue Feb 05, 2002 at 05:28:12 PM EST

Unless your sig is using "front" as a verb, as in "Yo, why you frontin'?", then it's missing an apostrophe. I'll let you guess where.

The real 'medham' has userid 6831.
[ Parent ]

Nyet (1.85 / 7) (#38)
by I Am A Troll So There on Tue Feb 05, 2002 at 05:49:48 PM EST

Please to be takink your granma's grammar lessons again. It is usink here "Front" like "Palestinian Liberation Front", not to be "frontink" like verb.

[ Parent ]

That would explain... (5.00 / 2) (#37)
by UncleMikey on Tue Feb 05, 2002 at 05:30:26 PM EST

...the relative lack of AOLers :-)
[ Uncle Mikey | Radio Free Tomorrow ]
[ Parent ]
and again. (4.00 / 9) (#2)
by Defect on Tue Feb 05, 2002 at 02:57:33 PM EST

The answer for so many of these alleged problems is "does it really matter?"

In theory, this population X could also consist solely of terrorist ferrets bent on ridding the world of doritos. Shit, eh? Or, rather, who gives it? If population X wants to go through the effort to vote twice on every story, then they've earned the right to do so in my book. Right now, i'm having a hard time bothering to vote on every story once, let alone multiple times.

I'm thinking we should hold a celebration for this alleged group of story voters, otherwise nothing would get out of the queue.
defect - jso - joseth || a link
Just yesterday (4.50 / 6) (#16)
by roystgnr on Tue Feb 05, 2002 at 03:42:07 PM EST

I ran across Javascript Bookmarklets. I knew these things were technically possible, but was amused to see the variety of actions that could be taken with them. "Log in to all my other accounts and vote on the kuro5hin story on Mozilla/IE's current page" wouldn't be a very large script.

I think slashdot takes a lot of crap that kuro5hin doesn't simply because of volume; why amuse yourself pissing off thousands of people when you can piss off tens of thousands?

[ Parent ]

So what's the answer? (4.16 / 12) (#3)
by rusty on Tue Feb 05, 2002 at 02:58:08 PM EST

I know all of this. Anyone who's thought about it a little would know this. So what's the answer?

Not the real rusty
Well duh! (4.66 / 15) (#6)
by DesiredUsername on Tue Feb 05, 2002 at 03:09:50 PM EST

The answer is the establishment of the K5 Secret Police.

Any time anyone creates an account (free webmail or no) the K5SP leap into action. They track down the human responsible and question them mercilessly. After determining they have no other accounts (which they could easily do just by checking their records to see if they've seen this person before--the merciless questioning thing would just be for fun) they give it a green light.

Kind of a like the waiting period/background check to own a gun only more stringent because these accounts are Damn Powerful whereas a gun....pfft.

Play 囲碁
[ Parent ]

TINK5SP (4.50 / 6) (#26)
by jabber on Tue Feb 05, 2002 at 04:10:50 PM EST

There is no K5 Secret Police, Commrade... Why, to even suggest there is, is.. UnAmerican.. If one were to be established, the terrorists will have won..

[TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"
[ Parent ]

Nothing (3.75 / 4) (#14)
by Torgos Pizza on Tue Feb 05, 2002 at 03:36:15 PM EST

The way the Internet is currently set up, there's nothing you really can do. The best that I can think of is limiting IP connections. To get to a point of having a "one person, one account scenario" there would have to be some sort of Internet personal identification system.

The problem lies in the inherent nature of how we communicate through the Internet. There is no physical contact that we can have to verify identity. Our five senses have been cauterized so to speak. With all traces of humanity removed, we are forced to rely on our judgment based on subtle clues based on writing style and content.

In person, I have all my senses working to tell me who is in front of me. With a phone call, I can tell by the voice whom I'm talking to. With a hand-written letter, I have my eyes to look at the handwriting. The Internet can manipulate images, sounds and writing to fool me into thinking that a person is someone else.

Getting back out of the metaphysical, we need something that can be traced back to the physical world and tie into a person. An IP address can be traced back to a physical machine, but any individual could have been there. A credit card number ties it back to a person, but it can be easily stolen. We don't have anything widely available today to identify a person on the Internet as being who he says he is.

The future will eventually bring us systems that establish identity based on fingerprints, retinas and perhaps DNA. These in turn will create special crypto keys that can be used to verify and cross-check identity. The technology is there now, but not widely available. Until that day, all we have to rely on is our judgment.

I intend to live forever, or die trying.
[ Parent ]

But, is that even a good thing? (4.50 / 6) (#20)
by rusty on Tue Feb 05, 2002 at 03:48:35 PM EST

I'm actually kind of uncomfortable with the idea of making someone prove they are someone in particular. I don't know if we'd require that even if it were possible to, right now.

The issue we want to address is not that general. The question isn't "who are you?" but "Are you not also users X, Y, Z, and pi?" and even that for only a pretty small range of actions, such as story voting and comment rating. Other than those two things, I don't really care if people maintain multiple "personae" and I utterly don't care who anyone really is.

Not the real rusty
[ Parent ]

Catch-22 (4.75 / 4) (#23)
by Torgos Pizza on Tue Feb 05, 2002 at 04:02:36 PM EST

Ah, that's the Catch-22. How can you tell if a person isn't also x, y and z without first establishing who that person is first? In order to do so, you need something to tie everything back to. But how can this be done anonymously?

With anonymity comes a loss of responsibility. Is the Internet community ready to give up their pseudonyms and come forward? No, I'm not that naive to even consider that answer for an instant. I'm not even ready to do that. Strange how we exist in this electronic world of electrons and photons that we are just a bunch of real people hiding behind nicknames. I think you're right rusty, we're not ready to give up our certain Internet anonymity. It would take a third party to hold information secret and sacred to pull it off. But even then, could you trust it?

I intend to live forever, or die trying.
[ Parent ]

Not necessarily (4.00 / 3) (#28)
by rusty on Tue Feb 05, 2002 at 04:27:53 PM EST

Well, maybe it would take a third-party. I'm not against pseudonymity -- in fact, I see little difference between the pseudonymity of the net and the pseudonymity of real life, other than that it's easier to slip between psuedonyms online. I don't see any real need for people to abandon thweir more flexible concept of identity online. But sometimes, as we can imagine here, it would be awfully useful to discourage multiple identities from individuals.

Identity in general, online and off, is a really interesting issue, but not one I'm prepared to go into at length right now. :-)

Not the real rusty
[ Parent ]

Have you considered asking them? (4.00 / 1) (#71)
by Weezul on Wed Feb 06, 2002 at 03:13:48 AM EST

I don't think it would necissarily work out well for the K5 culture, but some weblogs can and do just let people create multiple pseudonyms. There are many reasons to have multiple accounts: reserving future handles, situation specific names, posting things with may get low mods, diffrent accounts for diffrent moods, diffrent accounts from work and home, etc. You could just make it easy to switch names, but only allow one vote/rating per name group.

btw> IP address checking alone will not work as many people are behind a fire wall. I know everyone in my university's dorms appears to come from the same IP address.

"Fascism should more appropriately be called Corporatism because it is a merger of state and corporate power." - Benito Mussolini
[ Parent ]
There is a solution, not a perfect one.. (none / 0) (#95)
by johwsun on Fri Mar 15, 2002 at 06:24:44 AM EST

In java Plug-in 1.4 exist the so called signed applets where you can grant full access to the downloaded applet, if you want.
By using such applets in k5 you can mark with a secret signature any computer that is willing to vote for k5.
There two deficiencies:
1) Someone may have more than one computers. This implementation limits the troll accounts a real user can create to the number of computers he owns. At least this is much better than the e-mail system you use to subscribe someone as a k5 voter.
1) By granting full access to the applet, k5 administrator could destroy all computers that are connected to his site. But you may find some other ways in order not to give full access to the applet but limited access.

[ Parent ]
Here there be Draconians (4.57 / 7) (#24)
by jabber on Tue Feb 05, 2002 at 04:06:08 PM EST

Alternative solution 1

Well, you could mail (instead of email) people their passwords.. You could require that everyone who wants an account send you a self-addressed, stamped envelope, along with a photocopy of their ID or something to that effect..

This way, given your ample free time (you don't do anything all day, do you?) you could make 'cloned' accounts inconvenient enough for the Goblins (they're not really Trolls, but they're nasty beasties nevertheless) to not bother any more.. After all, they only do it because it's a cheaper form of amusement than the alternatives.

Of course, eventually you'd run out of room for storing all those papers, and would have to hire a few trained monkeys to bang all these addresses into a database.

Alternative solution 2

Switch to a token subscription. A one time, or annual $5 fee for the creation of an account.. You'd lose many readers, and those who choose to 'clone' now have paid for the priviledge of pissing in the public pool.

Alternative solution 3

Have some fun with the database.. There's gold in them there tables! We can already see who voted how on a story (thanks for that BTW).. We can already see a users rating history, whom they rate and how.. Merge the two, and dig deeper.. See if there's funky patterns in there.. Who consistently voted +1 on stories by whom? Who consistently rates who a '5' in a story, diary, whatever.. What small number of users log in from the same IP address, or what small set of IP addresses is shared by a small group of users.. Be sure to also correlate the time of day a user posts or rates/votes with their apparent geographical location, the school schedule and business hours for that part of the world, etc.. Have fun, go wild!

It's not 'proof', but it certainly will make some patterns readily apparent. And it's good exercise in data mining.

Better yet, give the users the ability to do this for themselves.. I'd love to know whom Reginald Johnson HATES (or seems to), or who voted +1FP on all stories by Anne Marie, or if Streetlawyer and Paget-Paget log in from the same IP address...

Eventually, with enough public disclosure, the Goblins will spend too much time masking their activities to further any coherent agenda. All they'll be able to achieve without revealing their goals is to drop the S/N of the site.. Unfortunate, but also rather unrewarding. They'll have to revert to /. which will welcome their k5-sharpenned wits with karma aplenty and flamage to match.

[TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"
[ Parent ]

Days of yore... (4.75 / 8) (#34)
by ucblockhead on Tue Feb 05, 2002 at 05:18:53 PM EST

Those of us around during the golden years of the dialup BBS remember callback schemes used to prevent fake accounts.

Yeah, this "problem" goes back twenty years at least.
This is k5. We're all tools - duxup
[ Parent ]

Interesting info (4.16 / 6) (#36)
by jasonab on Tue Feb 05, 2002 at 05:29:15 PM EST

Have some fun with the database.. There's gold in them there tables!
I think this is an excellent idea. I'm less worried about people trolling as people abusing the voting. Voting determines what we discuss, and therefore the basic fiber of the site.

Another possible solution goes back to the trust issue: allow people to create multiple persona from one "account," and allow only one vote/story/account.

So, if I want to have three persona, I can create three "screen names" in my account, and post as anyone of them. I cannot, however, vote or rate more than once per overall account. It could still be abused, of course, but I think it would encourage people to play by the rules.

[ Parent ]

One Account (4.33 / 3) (#40)
by TON on Tue Feb 05, 2002 at 06:00:30 PM EST

But that just pushes the problem back one step. How do you then limit people to one account? It's the same problem.

"First, I am born. Then, the trouble begins." -- Schizopolis


[ Parent ]

National ID tags (4.00 / 4) (#46)
by dr k on Tue Feb 05, 2002 at 07:13:42 PM EST

... and barcode tattoos. Of course then it becomes a logistical problem, you'd have to hook up card and barcode readers to everyone's machine. But I think it would be worth it.

[ Parent ]
barcode tattoos? (none / 0) (#83)
by mauftarkie on Wed Feb 06, 2002 at 10:20:06 AM EST

Well, I'd wager most of us have the free CueCat reader...

Without you I'm one step closer to happiness without violence.
Without you I'm one step closer to innocence without consequence.

[ Parent ]
Barcodes (4.00 / 1) (#94)
by Mitheral on Thu Feb 07, 2002 at 05:23:20 PM EST

But then you run into one of the ten commandments of security. Thou shall not trust the client.

[ Parent ]
Doesn't have to be like that.. (3.33 / 3) (#54)
by jabber on Tue Feb 05, 2002 at 08:49:58 PM EST

I like the screen-name idea for it's own merits..

As for duplicate account creation, simply make the process more complex.. Something that can't really be automated.. Say, use firrerent forms, different parameter names via which user values are returned to the server.. make maybe a dozen alternatives, and cycle them daily, hourly, per attempt, randomly, whatever fits..

This way, a valid attempt is just that, but a bot doing it will be foiled.. Though this really flirts with the Arms Race problem..

[TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"
[ Parent ]

Trained monkeys (2.66 / 3) (#39)
by I Am A Troll So There on Tue Feb 05, 2002 at 05:56:20 PM EST

Of course, eventually you'd run out of room for storing all those papers, and would have to hire a few trained monkeys to bang all these addresses into a database.

Wouldn't they be banging in the entire works of Shakespeare instead? Oh wait, nevermind ... the Internet already disproved that theory[*]. :-)

[*] Shamelessly adapted from Robert Wilensk's observation: "We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare. Now, thanks to the Internet, we know this is not true."

[ Parent ]

Key word... (3.00 / 2) (#52)
by jabber on Tue Feb 05, 2002 at 08:43:48 PM EST

"Eventually". We've just not waited long enough yet.

[TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"
[ Parent ]

Addition (3.00 / 1) (#53)
by jabber on Tue Feb 05, 2002 at 08:44:54 PM EST

Though I must say, some of the stuff I've seen on Adequacy comes pretty close to a sonnet.

[TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"
[ Parent ]

great.. (3.00 / 1) (#63)
by Rainy on Tue Feb 05, 2002 at 11:58:35 PM EST

good idea about mailing..

The db thing is not, though - if two people have similar tastes/views, they will be voting similarly, and so would be flagged, even though they're legal.
Rainy "Collect all zero" Day
[ Parent ]

run for the hills (4.00 / 2) (#25)
by Delirium on Tue Feb 05, 2002 at 04:10:22 PM EST

[ Parent ]
Slow them down. (4.50 / 2) (#72)
by haro on Wed Feb 06, 2002 at 04:48:45 AM EST

If you slow down the process, it would take the fun out of it for all but the most determined. Give a welcome message to the new account that includes something along this line: "In 1 week you will be a full member with moderating privileges. Right now you are allowed to post stories to the queue, participate in the editorial discussion, participate in the normal discussion."

To the genuine user this will be no problem. A delay of one week is not to take away any democratic rights, nor does it make the democratic rights dependent on wealth or eloquence.

This does not solve the problem. There is no such thing as a final solution. But it would make k5 a place where those seeking instant gratification might find it better to participate.

[ Parent ]

"the more reputable users" (3.60 / 5) (#4)
by wiredog on Tue Feb 05, 2002 at 02:59:39 PM EST

And how do you know that Rusty, Inoshiro, Hurstdog, et. al. don't have troll accounts? It's just the sort of thing they'd do. I, of course, am a Fine Upstanding Citizen of k5, who would never do such a thing.

What we need is a way to prevent spam in the queue. Maybe a requirement that you actually have posted X comments over time Y, for instance. Start with, say, X=20 comments and Y=7 days.

Peoples Front To Reunite Gondwanaland: "Stop the Laurasian Separatist Movement!"

Erm, no... (5.00 / 3) (#11)
by I Am A Troll So There on Tue Feb 05, 2002 at 03:24:23 PM EST

What we need is a way to prevent spam in the queue. Maybe a requirement that you actually have posted X comments over time Y, for instance. Start with, say, X=20 comments and Y=7 days.

Please don't. This will only encourage people to spam with garbage comments just so they can get past the limit and start posting.

[ Parent ]

Yeah (5.00 / 3) (#17)
by rusty on Tue Feb 05, 2002 at 03:43:39 PM EST

That's my feeling on measures like that too. They ultimately just tend to put a hoop in front of someone, that they'll figure out a way to jump through with the minimum effort.

Not the real rusty
[ Parent ]
Exactly (4.75 / 4) (#21)
by J'raxis on Tue Feb 05, 2002 at 03:51:24 PM EST

Just look at Slashdot. The more hoops, the more fun it is for the trolls to break through them. Lameness filter to block ASCII art? Tweak the ASCII art a bit, broken. Caps filter? Break it by adding lowercase garbage at the end. Dupe filter? Add a single character to break it! Automatic hard-wrap to prevent page widening? They’ve re-broken this one at least a dozen times. Holy shit, has that been broken lately. All the different time delays? Broken by multiple accounts or proxying. IP bans? Again with the proxies.

— The trolltalk-Reading Raxis

[ J’raxis·Com | Liberty in your lifetime ]
[ Parent ]

/. is sucking ass lately (4.00 / 1) (#49)
by Oxymoron on Tue Feb 05, 2002 at 07:56:09 PM EST

I totally agree, sometimes the troll
action over there is quite funny.
I do it from time to time (canadian troll)
but, stuff that impairs reading of
"content" really pisses me off.

Like troll tuesdays, where all you get a page
lengthening and page widening posts.
What im wondering is how k5 seems to sidestep all
that shite, and gives us some damn fine reading.
.... hmmm... something to think about

Fighting the war, on drugs.
"Yeah, girls smelling like oranges is always a recipe for trouble. They'll invariably end up getting thrown on the floor and kissed." -conraduno
[ Parent ]
Slashdot was as good as K5, once (none / 0) (#85)
by HoserHead on Wed Feb 06, 2002 at 11:09:36 AM EST

Background: I've been on Slashdot since almost the beginning (not since Chips 'n' Dips, but my user id is 599, so that tells you something).

Slashdot used to be as good as K5 when it came to discussion; people who had actually done the pioneering work, or known those who had, would participate in the discussions. I remember when 100 comments was an enormous number - it happened only on very rare occasions, such as when Netscape announced it would make Navigator Free Software (wow, that was a long time ago).

What happened to Slashdot? More or less the "tragedy of the commons." As its popularity grew its percentage of people who wanted to disturb the shit went up; or perhaps, the percent didn't change, but the sheer numbers definitely did.

K5 will (probably) eventually get to that. I imagine it won't be any time soon, since it's exclusively a discussion site, but you can see signs. Anyone remember MEEPT? At least he tried to make on-topic trolls and flamebait. Eventually people who are only interested in decreasing the S/N ratio will arrive, and all hell will break lose.

The difficult question is just how to slow or stop this (almost?) inevitable decline. If you come up with a solution to that, I'll be really interested.

[ Parent ]

Insipid filters (none / 0) (#92)
by J'raxis on Wed Feb 06, 2002 at 11:27:35 PM EST

I still believe the primary reason it happens at Slashdot is because the trolls enjoy the challenge of breaking through yet another insipid technological barrier thrown up by the Editors. Here, crapfloods get rated down to zero and then virtually no one sees them.

Now, there is an organized group (actually several, all at war with each other) of perhaps a few hundred users, out of 550,000 registered accounts, that make it their sole purpose to continue to break through the barriers.

— The Raxis

[ J’raxis·Com | Liberty in your lifetime ]
[ Parent ]

K5 voters should ... (none / 0) (#96)
by johwsun on Fri Mar 15, 2002 at 06:37:18 AM EST

..give full priviledges of their computer to k5 site. That way k5 site could mark any computer with a secret signature.
This system limits the number of trolls to the number of computers a real user owns. This is much better i think.
Even more , a special protocol like ANDOS could be implemented in order NOT TO GIVE FULL ACCESS TO K5, but ALSO LET K5 sign your computer.
How this can happen? I ll tell you in the next lesson.

[ Parent ]
Human beings crave challenge (4.50 / 2) (#30)
by I Am A Troll So There on Tue Feb 05, 2002 at 04:46:59 PM EST

People crave challenge, in one form or another (what form being dependent on their personality). Specifically putting in filters to weed out spammers only gives them a new challenge to try to work around it. Once they do overcome it, they get a kick out of it and become even more motivated.

The best solution is to somehow remove the incentive for them to spam. Perhaps by ignoring them, or by rusty "silently fixing things", etc..

[ Parent ]

Examples (2.66 / 3) (#7)
by jesterzog on Tue Feb 05, 2002 at 03:16:25 PM EST

Do you have any actual examples of this being a problem? Do you dislike k5 the way it is because of these examples?

If not then why bother dealing with it?

jesterzog Fight the light

Scoop wins because it trusts users. (4.66 / 24) (#8)
by Joe Groff on Tue Feb 05, 2002 at 03:18:55 PM EST

I will admit that, when I was a younger and more foolish man, I spent many hours entertaining myself by spamming Slashdot with ASCII art, first posts, and all of the other well-known abuses. While I have since grown out of that stupid crapflooder phase, I can tell you that I would never do the same thing to Kuro5hin or any other scoop site. Why?

Because K5 trusts its users.

Kuro5hin doesn't challenge its users with "lameness filters", 20 second waits, bitchslaps, or any other such anti-spam munitions. The Slash coders have gotten themselves entrenched in an arms race with the crapflooders: an endless cycle of newly-discovered exploits followed up with "fixes" to the filters (which oft end up blocking legitimate posters as well). By continuing to challenge the likes of Klerck and CmderTaco, the editors are locked in a Spam War which they have no hope of winning as long as they keep trying to fight it.

The Scoop coders, on the other hand, don't have to deal with this at all. By refusing to challenge crapflooders and merely zeroing and deleting their posts, Rusty and the gang make sure that there's little incentive to continue crapflooding, modstorming, and performing other abuses. Instead of trying to erect automatic barriers, they quietly fix such abuses on the rare occasions that they occur.

I or anyone else could easily post a goatsex ASCII, penis bird, page-widening post or other spam right now. But precisely because it's so easy, there's no reason for me to do so. And because if I were to do so, my abuses would be swiftly erased from the record by trusted users and editors, I have even less reason to. The only way to "fix" these problems is to ignore them; abusers desire attention and programming in code to block them merely gives them that attention and makes them beg for more.
How long must I travel on
to be just where you are?

The NYC graffiti solution (3.00 / 2) (#90)
by jcolter on Wed Feb 06, 2002 at 05:16:35 PM EST

The New York City subway system attempts to control "graffiti" in a similar fashion. People that fp, crapflood, and spam like to see there own work. The MTA remedies that by immediately painting graffiti before the tagger can return to appreciate his work.

I think the zero function on K5 serves the same purpose.

[ Parent ]
Reality (4.20 / 10) (#10)
by ucblockhead on Tue Feb 05, 2002 at 03:21:24 PM EST

The reality of the situation is that in any society imaginable, assholes can make things less than enjoyable. That's a fact of life. "Technology" isn't going to fix it. If this concerns you, then there is one solution: Don't be an asshole.

If you think that somehow that what you need to do to "prove" to everyone that the system doesn't work by being an asshole, well, you are missing the point. That's like mugging people to prove that the police don't patrol enough.

My suggestion to you is to take your own advice:

Finally, the upshot of all this is, please don't take this site too seriously.
Because 90% of the problems on this site (ratings whines, mod-storms, crapflooding, obsessive attention getting behavior, meta-whines like yours) are the result of people taking this site too seriously. Lord knows things would be a lot better around here if more people understood that it was just a website, just words on a computer screen, and in the greater scheme of things mean exactly zero.
This is k5. We're all tools - duxup
How Furrymuck does it... (3.71 / 7) (#12)
by chipuni on Tue Feb 05, 2002 at 03:27:08 PM EST

Furrymuck is a chat zone roughly twice Kuro5hin's size (based on the number of people logged in here.) We have a problem with trolls.

Our imperfect solution has been to record the IP addresses where people come from. When we get a complaint that user X is acting like user Y, we compare IP addresses. (Such a thing could be automated, of course.)

We've banned people by IP address (when nothing else works). Luckily for us, the troll population has been relatively small (though they try to grab a lot of accounts.)
Perfection is not reached when nothing more can be added, but only when nothing more can be taken away.
Wisdom for short attention spans.

IP addresses don't entirely cut it (4.85 / 7) (#15)
by rusty on Tue Feb 05, 2002 at 03:39:56 PM EST

Watching IP addresses helps, sort of, but doesn't fix the problem. Like K5 only lets you create two accounts from a given IP per day. But the problem is when someone's really determined, these kinds of measures just make it harder to track them down.

For example, imagine a script that creates lots of accounts, slowly, and then acts as a proxy to all of them, running all it's activity through open web proxies around the net. As far as I know, this doesn't exist yet. But it could easily be done.

The only solutions I can come up with are:

  1. Run heuristic checks on voting, to see if groups of users seem to always vote the same way. We may or may not already be doing this. :-)
  2. Charge a nominal fee for an account. Like $5.00 for lifetime access. This would at least make it cost something to abuse the system. But on the downside, it would discourage new users from signing up.
While we're talking about this anyway, what do people think about charging for accounts, if this did become a problem? It wouldn't be a good funding source for the site, but as an imposed "barrier to entry" it could help curb this kind of abuse.

Not the real rusty
[ Parent ]
not necessary (4.25 / 4) (#22)
by alprazolam on Tue Feb 05, 2002 at 04:00:59 PM EST

Because there is no problem. Where it (multiple accounts) ever to become a problem, the "$5" solution would effectively discourage a lot of people who may have something to say but no money to say it: these are the people that most need to post to k5.

[ Parent ]
Yeah (4.66 / 3) (#29)
by rusty on Tue Feb 05, 2002 at 04:29:57 PM EST

I feel like that too.

Perhaps before this becomes an issue, someone will come up with something better. Because have no doubt, it will become an issue eventually. Unless, perhaps, heuristics work very well to identify that kind of thing. I guess we'll see.

Not the real rusty
[ Parent ]

i'd rather see some amount of (4.25 / 4) (#32)
by alprazolam on Tue Feb 05, 2002 at 04:57:39 PM EST

free ummm participation, so at least somebody could come in, and say what they have to say, without having to pay money. but it seems like a slippery slope, and even though i plan on donating when you get cc stuff ready, i still feel like i will be contributing more to the site's downfall than stability by doing so.

[ Parent ]
voting, moderation (4.80 / 5) (#33)
by garlic on Tue Feb 05, 2002 at 05:12:11 PM EST

Well, if the issue is only in voting on stories or moderation, you can make the fee be simply for that. So once you sign up, you get access to everything except for voting up stories and moderation of comments. Then it becomes an issue if you think not enough people think those rights are worth whatever cost you assign it.

HUSI challenge: post 4 troll diaries on husi without being outed as a Kuron, or having the diaries deleted or moved by admins.
[ Parent ]

Symbolism (4.60 / 5) (#45)
by marx on Tue Feb 05, 2002 at 06:43:13 PM EST

Well, if the issue is only in voting on stories or moderation, you can make the fee be simply for that.

The symbolism of that would be pretty crappy though.

Join me in the War on Torture: help eradicate torture from the world by holding torturers accountable.
[ Parent ]

which makes the problem (none / 0) (#89)
by alprazolam on Wed Feb 06, 2002 at 02:54:42 PM EST

of "groupthink" an actual problem, as opposed to a myth.

[ Parent ]
heuristics, money, mojo (4.66 / 3) (#55)
by fhotg on Tue Feb 05, 2002 at 09:16:26 PM EST

They heuristics solution you describe (look for sets of users with identical or similar voting behaviour) can be circumvented just as well. Might just need some more fake accounts to get the same result.

Money will be a barrier for some, none for others. And then, hell yes, the sexually abused boy from Usbekistan should be able to post to K5 too !

I see only one ressource that can be used to tie votes to a real life person, and that is mojo. If the ability to vote costs the production of some amount of contribution, you have to contibute double to use a second account, and then you deserve it to vote twice.
Gitarren für die Mädchen -- Champagner für die Jungs

[ Parent ]

a problem. (1.00 / 1) (#82)
by garlic on Wed Feb 06, 2002 at 09:46:43 AM EST

not when you moderate your other account and give yourself mojo. A good basis for an idea though.

HUSI challenge: post 4 troll diaries on husi without being outed as a Kuron, or having the diaries deleted or moved by admins.
[ Parent ]

exchange rate (none / 0) (#84)
by fhotg on Wed Feb 06, 2002 at 10:22:33 AM EST

Not if casting one vote costs more or equal mojo which you can gain from one vote.

That's of course very much simplified, and a system which gurantees enough overall voting power to have all comments rated would have to be pretty sophisticated.

If I had the time, I'd really like to formalize this problem.
Gitarren für die Mädchen -- Champagner für die Jungs

[ Parent ]

Paying per Account (4.80 / 5) (#31)
by Osiris on Tue Feb 05, 2002 at 04:47:34 PM EST

That's the thought I had while reading this article, too, but I don't want pay-per-account here. A partial solution might be to use the subscribing infrastructure already in place- let people view based on only subscriber voting, if they really want to. Or even compare subscriber averages to general populace ones, because you are more sure that there is a 1-to-1 corellation between subscribed accounts and real people. Thus, if there starts to be a big discrepancy in the two sets (say, subscribed people are voting a story about 50-50 up and down, but it's going up rapidly anyway), skew is more strongly indicated to exist.

But anyway, there needs to be better subscription support before I'd even think that was workable, because I don't trust paypal enough to get an account with them. Credit cards? Please?

[ Parent ]
I'm all for it (4.50 / 2) (#48)
by quartz on Tue Feb 05, 2002 at 07:47:22 PM EST

IMO that would be the perfect solution to ensure the quality of information on K5 stays high. As someone who loves quality, I'd pay $5 in a heartbeat for a lifetime account (actually, I'd make it more like $50 if I were you, $5 is still way too affordable to the determined abuser). But I can already see the protests from the "democracy on K5" crowd: "Not everybody has that kind of money! The voice of the little sexually abused boy from Uzbekistan and others like him must be heard! How the fuck am I supposed to troll if you charge me money for extra accounts? I don't have the balls to post trolls under my own (utterly insignificant) account name." And so on. *sigh*

In the end, for any "many-to-many" communication medium I guess it all boils down to this: Level of democracy * quality of discussion * number of participants = constant.

Fuck 'em if they can't take a joke, and fuck 'em even if they can.
[ Parent ]
re: pay (5.00 / 1) (#65)
by Rainy on Wed Feb 06, 2002 at 12:04:26 AM EST

Pay $1 for lifetime, and nobody will abuse it 'cause you can see the real name of the user, and won't let anyone create another account with a check signed by the same name, or with a credit card registered to the same name. Also, make it so that anybody can still post, but only these 'mod' accounts can moderate. I think the current system is much worse than you may think for psychological reasons: even though it may happen very rarely, you still look at some post that was moderated, and you think, was it tampered with? That sort of devalues moderation system to a large extent.. For me, anyway.. am I paranoid?
Rainy "Collect all zero" Day
[ Parent ]
easy to pay 5$. More difficult to buy a new PC. (none / 0) (#97)
by johwsun on Fri Mar 15, 2002 at 06:50:19 AM EST

Look at my previous comments...

[ Parent ]
I will now yawn and roll my eyes. (4.12 / 8) (#27)
by RareHeintz on Tue Feb 05, 2002 at 04:12:09 PM EST

Finally, the upshot of all this is, please don't take this site too seriously. You're probably getting a heavily colored view of things.
Well, no shit. I doubt, though, that it's that heavily colored by moderation abuses (though I'm sure the site is at least tinted by them). I'd think it to be far more heavily colored by the population here skewing toward younger, wealthier, more technologically knowledgable Americans than anything else. (Not that the site consists exclusively of those groups, of course.)

Anyway, if you're looking for a solution to that, it's to find (or create) a site more to your liking. If you're looking for a solution to moderation abuses that still allows any amount of anonymity, relative convenience, and low administrative and CPU overhead, you're dealing with the wrong species. Homo sapiens will probably always contain this relative proportion of assholes, morons, and loons, and you just have to get better at filtering the signal from the noise on your own.

Even the best moderation system is no replacement for personal judgement about what to read and believe.

- B
http://www.bradheintz.com/ - updated kind of daily

Ok... (3.60 / 5) (#41)
by m0rzo on Tue Feb 05, 2002 at 06:04:03 PM EST

You bitch about this "problem" and I've often wondered about it myself. Whilst describing the ways in which the system could be undermined you don't actually present any kind of solution. Therefore, your whole article is one extended bitch.

I know the system is open to abuse but really barr requesting credit card information like ebay, I really cannot see any solution. Also, is there actually any evidence to suggest this happens? I haven't seen any. I think you're being slightly paranoid. Also, surely Rusty would be immediately able to tell if anyone was taking advantage of the system due to the fact that just because the username changes, the IP address does not. Of course, if you were that concerned you'd log on and off a couple of hundred times.

I think it's fairly likely that your article will reach the sections, that should go some way to convincing you that people don't rig the queues.

My last sig was just plain offensive.
you left out MS Passport (3.00 / 5) (#42)
by bsmfh on Tue Feb 05, 2002 at 06:12:19 PM EST

(just kidding)

I voted it up, because it's worth discussing, but the solutions may be more offensive than the problem....


Or, infinitely worse... (1.00 / 1) (#50)
by _cbj on Tue Feb 05, 2002 at 07:58:12 PM EST

More boring.

[ Parent ]
5 accounts can make all the difference (4.62 / 8) (#43)
by Sheepdot on Tue Feb 05, 2002 at 06:25:19 PM EST

I know people on here (most from the trolltalk sid) that have verified 2nd and 3rd accounts. They haven't been using them lately save one of them, and are generally good posters otherwise.

It becomes a problem when one person gets 5 accounts. There's a little kick they must get out of getting trusted user status, I suppose.

Logging in and out of the accounts I think slows them down, but it really doesn't matter all that much when only five accounts can get a poster up to trusted user status without drawing much attention.

Diaries and hidden sids are an *excellent* way to create your trusted users. Posting large amounts of stuff is a good idea too, since the more posts you have, the longer people have to look to find the +5 ratings from "duplicate1, duplicate2, etc."

I posted a whine after one of greenrd's stories did a massive turn-around in the queue. I ended up deleting it and just vented instead. For me, there is no doubt that K5 has a problem with this, but, and this is important to note, THERE IS NO SOLUTION. I know you aren't used to hearing it, but the popularity of this site has hit a point where duplicate accounts and trolls are here to stay. There is simply nothing that can be done that doesn't end up ruining the site in another fashion.

Also, you talk about using free mail accounts. Screw that, I'm sure a lot of K5 owns a domain name and can set up mydomain or something similar to forward mail sent to "*@domain.com" to the same address. Bingo, set it up on a script and you have an account maker.

Of course, you'll get caught rather easily if you do this rapidly. Best to generate, say, 50 accounts over time, randomize mammal names and numbers as the usernames, and you now have a way to deadlock the queue for hours on your "Natalie Portman Petrified" post.

I also like the handle of this poster. What is funny is his/her account is all but 2 days old. Of course it is easy to create a dupe account, this person not only did it, but made a submission about it.

And now they want to know if the account should be for spamming or trolling.

Personally I don't care about duplicate accounts or troll accounts. At some point, however, voting accounts will be the norm. I can assure you that all those "street layer"-style leftover troll accounts will be used for voting stories and rating comments.

I get rated by people I never see comment frequently, do you?

Domains (4.80 / 5) (#47)
by rusty on Tue Feb 05, 2002 at 07:14:59 PM EST

We can also ban domains from creating accounts. People have done this "many addresses, one domain" trick before. We usually notice eventually, and there go all the accounts.

It does only work, really, if you use a public free mail service. Though we've banned those in the past too, because someone was obviously using one of them to create lots of accounts. Basically, we have the obvious bases covered.

Not the real rusty
[ Parent ]

Rare qualities (2.66 / 3) (#51)
by johnny on Tue Feb 05, 2002 at 08:19:58 PM EST


Not only are you just and clever, you are also level-headed. My hat is off to you.

yr frn,
Get your free download of prizewinning novels Acts of the Apostles and Cheap Complex Devices.
[ Parent ]

Yes but... (4.00 / 4) (#57)
by Sheepdot on Tue Feb 05, 2002 at 10:16:48 PM EST

.. if they dont fsck up and either:

1) troll, or
2) mass-vote/rate within a minute, or
3) register all of them at once, then

do you really notice?

I could test this, and I'm pretty certain I could get away with it too, cause I could register in moderation and use sparingly, but I won't simply because this kind of thing isn't worth proving.

[ Parent ]
No (4.66 / 3) (#62)
by rusty on Tue Feb 05, 2002 at 11:53:56 PM EST

That's what I'm saying. It's hard to catch clever abuses. I don't have a good answer to it -- in fact, I don't think there is one. If they're obvious about it, it tends to get noticed quickly. If not, it may never be noticed.

On the other hand, if no one ever notices, is it actually abuse? :-)

Not the real rusty
[ Parent ]

If no one notices...? (2.00 / 3) (#64)
by I Am A Troll So There on Tue Feb 05, 2002 at 11:59:57 PM EST

Dare I point you out to ...

this comment? ;-)

[ Parent ]

See! (5.00 / 5) (#68)
by rusty on Wed Feb 06, 2002 at 12:40:56 AM EST

You tried to troll, and instead, you managed to get a lot of people into a pretty interesting disucssion. I voted early. Had I waited a bit, I probably would have voted for it, since the discussion got into a bunch of interesting issues about identity.

So who has the last laugh now! :-)

Kuro5hin.org: Subverting would-be trolls since 1999.

Not the real rusty
[ Parent ]

"Interesting" discussion, eh? (1.50 / 4) (#81)
by I Am A Troll So There on Wed Feb 06, 2002 at 08:43:48 AM EST

The fact that I had no interest whatsoever when writing the article kinda puts into perspective the value of this discussion, don't you think? ;-)

[ Parent ]

In fact it was (4.00 / 2) (#86)
by adamant on Wed Feb 06, 2002 at 11:54:21 AM EST

No, not really.


[ Parent ]
Rusty has at least two accounts (4.00 / 4) (#80)
by wiredog on Wed Feb 06, 2002 at 08:21:07 AM EST

He's also Bob Abooey

Peoples Front To Reunite Gondwanaland: "Stop the Laurasian Separatist Movement!"
[ Parent ]
There IS A GOOD SOLUTION (not perfect)... (none / 0) (#98)
by johwsun on Fri Mar 15, 2002 at 06:54:48 AM EST

...but you have to "donate" your PC to k5.
Look my previous comments..and wait for the next lesson...

[ Parent ]
Rehash of old idea. (3.77 / 9) (#44)
by valeko on Tue Feb 05, 2002 at 06:33:45 PM EST

I like the thesis of the article, but ultimately all you manage to prove is that systems that are based on "democratic" processes are susceptible to abuse, misuse, and other inherent flaws.

In the case where strength in numbers is relevant, one can subvert the honesty of the popular vote process in the manner which you described. In the real world, you can (via a program of systematic indoctrination through corporate media) herd sheep into some illusion of "democracy" where you vote for "candidates" from one party with two right wings (not naming any names). What's your point? That's how things work.

There are merits and cons to leaving the editing up to the operators of the site, as Slashdot and Adequacy (?) do. Similarly, there are favourable and unfavourable aspects of K5's approach to content. Inevitably, the aggregation of the voting power of the masses here is inclined to preserve the status quo; most "radical" articles are quickly voted out or obscured in some "section." There's no guarantee that it would be any better if the site's operators would do a better job of delivering reasonably equivocal coverage to everyone. It's really not a perfect system at all.

But it's something, and it's different. For all it's worth, I like K5's current approach and defend it on the grounds that it really is a better solution than most others which we can conceive. It's suspect to flaws created by human nature, as is anything else....

"Hey, what's sanity got going for it anyways?" -- infinitera, on matters of the heart

Who cares? (3.00 / 2) (#56)
by adamant on Tue Feb 05, 2002 at 09:54:13 PM EST

People who have the spare time will always find a way to fuck with you. Let it go. This isn't world peace we're discussing here. If it gets that bad here, we could all just go somewhere else or go back to work. I'm sure we'll find something.

I roll in and out of here every few months. Sometimes it's really good. Sometimes it's really bad. It's been a couple of years and it's still really good sometimes -- that says something, right?

I would just let those who think that they're getting away with something to keep their game going.

This reminds me a lot of the people I ran into while working in higher ed: people hold on to the little piece of the world that they can control very fiercely. It always seems to be when the stakes are the lowest that seemingly smart people act like suck babies.


So, what? (4.33 / 3) (#58)
by Sunir on Tue Feb 05, 2002 at 11:01:22 PM EST

What's the big difference if someone created a handful of accounts and gave himself trusted moderator status? The worst that could happen is that a lot of comments will be downrated. Sorting comments based on rating is pointless anyway. Or some bad stories would get posted for no apparent reason. So you may read more junk on the Internet. Big deal.

In general, the fundamental principle of soft security is that there are more good people than bad people. Usually the majority will overwhelm the malicious. The major problem is that kuro5hin's rating/voting system is accumulative, so one person can be more equal than others by voting/rating more than others.

I suppose you're next going to ask for ideas on how to fix this. Well, you can deny the effect of multiple accounts by ignoring those you don't trust. cf. RatingGroups. Or you can just do away with ratings altogether. cf. WebLogDigests.

Showing people's IPs or domains would not be a bad idea either. See MeatballWiki's RecentChanges to see how that works. Try waving the mouse cursor over an author's name. A tooltip should pop up with the domain or IP they posted from.

If you want to write new weblog software, you may want to consider those strategies. Kuro5hin already works with the many good : few bad principle.

"Look! You're free! Go, and be free!" and everyone hated it for that. --r

Conspiracy Theory (2.50 / 2) (#60)
by bugmaster on Tue Feb 05, 2002 at 11:40:07 PM EST

I voted it up (only once, relax), but this sounds like a conspiracy theory to me. Can you present any evidence of this mysterious Group X that is secretly in control of k5, nay, in control of our very lives ?

The above statement is a hyperbole, of course, but still - are you sure this is such a large problem ?

LOL! (3.33 / 3) (#88)
by I Am A Troll So There on Wed Feb 06, 2002 at 01:41:56 PM EST

Of course it's a conspiracy theory! Pity you already voted it up by the time you realized that.


[ Parent ]

Why pity ? (none / 0) (#91)
by bugmaster on Wed Feb 06, 2002 at 09:14:06 PM EST

Hey, I enjoy conspiracy theories as much as anyone, I'd expect. Keep 'em coming :-)
[ Parent ]
Possible (illegal?) solution. (4.33 / 3) (#66)
by bleach on Wed Feb 06, 2002 at 12:23:22 AM EST

There is a bug in Internet Explorer where you can get a unique ID from the client thanks to windows media player. Most of the trolls are probably using windows/IE in the first place.

If you want more info, you have my email rusty, mail me :P

There are ways around this but if you didn't make it public this was happening.. people probably wouldn't try to defeat it..

You see, if you just took a few min out of a day to scan for users who had used the same GUID at one point or another.. it would bust 99.9% of abuse.

For that other 0.1% of abuse. You could have a forum specificly for abuse.

#define CODE "\270\105\000\000\303";
int (*foo)();main(){foo=CODE;printf("I like to %d\n",foo());}
Illegal? (none / 0) (#93)
by srichman on Thu Feb 07, 2002 at 01:15:07 AM EST

Why on earth would this be illegal?

Further, it's not a "bug" at all.

Further, "there are ways around this" is a bit of an understatement; it's a checkbox in the Media Player preferences.

[ Parent ]

Interesting bug! (none / 0) (#99)
by johwsun on Fri Mar 15, 2002 at 06:59:04 AM EST

[ Parent ]
simple answer (4.00 / 1) (#67)
by xriso on Wed Feb 06, 2002 at 12:28:02 AM EST

On the internet, anybody can create multiple identities. In order to force one identity per human being, we would need to bring in information from the real world. As you have mentioned, this is an unrealistic requirement. The fact of the matter is that we should not really expect good democracies on the Internet. kuro5hin seems to be running well enough right now, but we should not expect this for everywhere and for all time.

One alternative is to form a meritocracy. A user would have powers that are greater than or equal to a linear correspondence with their merit. The result is that it is not advantageous to split your accounts. Also, you would have actually give away your merit when approving something so that you don't develop a single meritous account and then bring other accounts to the same level through ratings. I could go on and on about ways people might abuse it, and how to defeat those methods.

No matter what you do, at some point the site admin will have to execute his/her absolute power to defeat some sort of attack. Now, the admin doesn't want to control everything, but wants a good order in the system. Giving jobs over to other people allows admins to get on with their lives. But, there will always be a way for somebody to make something happen that shouldn't. That is where the admin steps in.
*** Quits: xriso:#kuro5hin (Forever)

a possible solution... (4.25 / 4) (#69)
by klamath on Wed Feb 06, 2002 at 01:12:55 AM EST

... that would be a total pain in the ass to implement would be simply to establish a "ring of trust", PGP-style: you could even use PGP keys if you like. When someone wants to create an account, they need to provide contact information so that a member of the "inner circle" (e.g. already authenticated people) could confirm their identity: for instance, provide a phone number and let Rusty call you collect. Or find another K5'er in the same geographical area, and meet up for a beer. Implement this idea using public-key cryptography and, technically, such a system should be secure from this kind of fraud. So yes, such a system would work: it would just be a major PITA for everyone involved.

So my suggestion is: don't worry about it. Realistically, I doubt very much whether this is happening, or will happen in the near future. And even if it did, there are other sites on the Net: if K5 starts to suck, just find somewhere else. I love K5, but it's not magic: there are other great discussion sites out there... IMHO, a community eventually self-destructs: Usenet, Slashdot, even the Roman Empire ;-)

Heuristic Multiple Account Detection! (3.50 / 2) (#70)
by alpinist on Wed Feb 06, 2002 at 01:58:53 AM EST

HeMAD for short! Just scan all accounts and find ones that repeatedly vote the same, log in at close to the same times, same IP addresses, etc, etc, and weasel out those little double voting buggers!

Then again... Is it worth the effort? I suppose having 81 accounts and the ability to submit a story and instantly post it to the front page might motivate a few shut-ins out there, but otherwise, we know a few folks here have more than one account, but they don't seem to be raining on the parade. I'm sure if it becomes a problem, K5 will be able to handle it one way or another.

Won't measure what you're looking for (5.00 / 2) (#75)
by Secret Coward on Wed Feb 06, 2002 at 06:22:24 AM EST

HeMAD for short! Just scan all accounts and find ones that repeatedly vote the same, log in at close to the same times, same IP addresses, etc, etc, and weasel out those little double voting buggers!

If you try to match up people who vote the same way, you will end up with a list of biased liberals, a list of biased conservatives, a list of people who vote based on the quality of a story, a list who votes based on the uniqueness of a story, etc.

If you match people based on the time of their posts, you will get a list of people who finish work at 5, a list who finish work at 4, a list who post while at work, etc.

If you match based on IP numbers, you will have problems with proxy servers.

If you combine them, you will get a list of VA Systems employees whose secret vise is to post on K5 :^)

[ Parent ]

I`m looking in the submission queue (none / 0) (#73)
by FredBloggs on Wed Feb 06, 2002 at 05:05:30 AM EST

but i don`t see anything wrong. Was i supposed to look at it at a given point in time?

I think he ment (4.00 / 1) (#74)
by Ranieri on Wed Feb 06, 2002 at 06:03:23 AM EST

... that you should look at the submission queue to see a mechanism that can be exploited utilizing the "fake account" strategy, not that you should look into the submission queue to see the rampant abuse taking place at this very moment.
I admit he had me fooled for a split-second too.
Taste cold steel, feeble cannon restraint rope!
[ Parent ]
He`s suggesting (none / 0) (#76)
by FredBloggs on Wed Feb 06, 2002 at 06:34:47 AM EST

that someone will create 80 accounts, and log onto each of them one after the other, to vote up a story he posted using another account? If someone goes to that much effort i think they deserve to have the story posted! :)

[ Parent ]
Easy to script (5.00 / 1) (#77)
by Nickus on Wed Feb 06, 2002 at 07:05:41 AM EST

That shouldn't be too hard to write an automatic script that does it for you. Just make sure it doesn't fire off all the events at the same time because a story that get posted and voted up in less than 10 seconds are probably going to draw attention from the sysadmins of this good site.

Now when I have suggested this thing, how long will it before someone produces proof of concept?

Due to budget cuts, light at end of tunnel will be out. --Unknown
[ Parent ]
Extra Bonus Effect! (5.00 / 1) (#78)
by Ranieri on Wed Feb 06, 2002 at 07:18:25 AM EST

Just make sure it doesn't fire off all the events at the same time because a story that get posted and voted up in less than 10 seconds are probably going to draw attention from the sysadmins of this good site.

Not to mention the fact that 80 faux users simulaneuously logging in and voting on the same story will make the K5 servers grind to a halt on a moderately busy EST morning :)
Taste cold steel, feeble cannon restraint rope!
[ Parent ]

Easy solution (5.00 / 1) (#79)
by FredBloggs on Wed Feb 06, 2002 at 08:19:30 AM EST

"That shouldn't be too hard to write an automatic script that does it for you"

Not if to post a message here (or at the very least to create an account, or log on) you needed to read an english word which had been graphically manipulated (sheared, stretched, bent etc), so a human could figure it out, but a script couldnt.

[ Parent ]
No, you're missing the point in my second example (3.00 / 4) (#87)
by I Am A Troll So There on Wed Feb 06, 2002 at 01:24:24 PM EST

... of population X basically taking over K5.

Basically, population X has:

  • Double, or triple voting rights each, depending on how many accounts each member has
  • Undetectable, or mostly so, since it's not one person with a ton of accounts
  • The same, or almost the same, viewpoints (herd mentality theory).

Conclusion: K5 will be overrun by a group of herd mentalities which will basically control the direction of discussion, and nobody would know any better because in appearance it is indistinguishable from a normal, one-account-per-user population that happens to have rather biased viewpoints.

(P. S. This is a blatantly outrageous conspiracy theory that made it into the section pages. Gives you a lot of confidence in K5's submission queue, doesn't it? HAND.)

[ Parent ]

The flaw of unaccountable accounts | 99 comments (95 topical, 4 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest © 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!