LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

On comment spam

On comment spam

Posted Jul 29, 2010 9:34 UTC (Thu) by ortalo (subscriber, #4654)
Parent article: On comment spam

First, note I second the preceeding post starting by "Know the enemy". Sounded sensible and pragmatic to me.

Maybe I am opening a can of worms, but I am tempted to suggest you too to explore also the other side: "Know your allies".
Currently, opening an account on LWN is pretty anonymous. This is nice too and some level of anonymity between readers is certainly desirable. However, maybe a stronger and better identification of the owner of an account could be set up. Honestly, I would not mind giving you more personal information about myself if it can help you spot abuses and build a more trusted environment [1].
Technically, note that I have always been admirative of PGP-like decentralized webs of trust (via cross peer to peer key signing/certification) and, well, reluctant to X.509-like hierarchical certification organizations (which probably only work for organizations which can afford the administrative burden and the associated workforce, like a public service).

Both from the technical point of view and from the users side, it comes to me now that I may just be suggesting to extend LWN in the direction of a *secure* social networking site. For blocking spam comments.
I wonder if it may be interesting on its own too ;-) or if I am simply dreaming too much...

Anyway, just my 0.02

Rodolphe

[1] As a side note, this is absolutely the first time I tell that to a web-based business. And maybe this is due to the fact that, historically, this site is also the first web-based business I trusted enough to pay for online (well, not exacly true: first payment was more like clearing an old debt). And probably also because it is certainly the only one that *never* asked me to provide personal information even if I used it regularly for more than a decade.

(Log in to post comments)

On comment spam

Posted Jul 29, 2010 11:22 UTC (Thu) by cesarb (subscriber, #6266) [Link]

Some people are just shy. Some people cannot use their real name as it would cause problems with their employers. And you could imagine several other reasons for not wanting to use their real name.

Not to mention how would one be identified: by the name on the credit card used to pay for the subscription? You have things like gift subscriptions, people who do not have credit cards yet using a friend's credit card, and so on.

Not to mention the "barrier" effect: the more hoops you have to jump through to make a comment, the greater amount of people who will give up before commenting. The less insightful comments, the less the utility of the site (the articles are very good, but the comments are also very good; I do not know how much of the value of the site comes from each, but the comments do contribute to its value).

On comment spam

Posted Jul 30, 2010 10:22 UTC (Fri) by ortalo (subscriber, #4654) [Link]

I know this would not be easy, and I first seconded the proposal to set up obstruction measures targetted at spammers.
I am simply saying that it would be nice to further complement these by mechanisms allowing us to increase the overall trust level between legitimate users. It seems to me some form of better identification is needed for that (not necessarily withdrawing anonymity).
Furthermore, if successfull, I wonder if these mechanisms would not be a real plus for the site. But the editors may have other more urgent work to do of course (including fighting comment spammers in the first place).

On comment spam

Posted Jul 29, 2010 21:49 UTC (Thu) by nix (subscriber, #2304) [Link]

Honestly, I would not mind giving you more personal information about myself if it can help you spot abuses and build a more trusted environment
You are forgetting the Second Rule of Antispam: 'spammers lie'. They'll hand you lots of personal information happily: someone else's.

(Unfortunately with the advent of organized crime, the First Rule, 'spammers are stupid', no longer appears to be so true, if it ever was. They're not stupid, just evil.)

On comment spam

Posted Jul 30, 2010 10:26 UTC (Fri) by ortalo (subscriber, #4654) [Link]

Cross-certification ala PGP sounds interesting for me to explore as a way to defeat such malicious information, while simultaneously building a network of trust.
Spammers may try to cross recommend themselves but, first it raises the bar for them; and second I suppose legitimate users would not be so easy to trick into recommending a comment spammer. (Unless someone recommends everyone without thinking - which is certainly a problem to solve too - like in key-signing.)

On comment spam

Posted Jul 30, 2010 13:58 UTC (Fri) by farnz (guest, #17727) [Link]

On that note, the Advogato trust metric is interesting. In the LWN case, you could treat the staff as the seeds, and have the staff certify all subscribers at a low level.

On comment spam

Posted Jul 30, 2010 15:18 UTC (Fri) by ortalo (subscriber, #4654) [Link]

Thanks for the link!

Note that I was probably thinking even further; possibly to extend to other aspects than simply the integrity of the identifier [1] - a sort of multi-dimensional trust graph.

Well, maybe I inconsciously try to reach the highest level in the "computer dreamer" metric dimension. More useful dimensions I can think of may be e.g.: kernel programmer, security tester, company X employee, non-spam commenter, etc. The kind of things that social networking sites like to display albeit weakly verified and without user control. A further difficulty is to draw a line between public facts - suitable for certification - and opinions or privacy-related facts - things you must leave out of scope...

[1] Not so simple of course, but still leaves room for improvement: see comment starting by "User Foo is certified but..." on the FAQ page of Advogato.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds