New users and IP bans


#1

New users no longer need to have their posts approved, and we’ve emptied out the IP ban list! This is not to say that we will never add new IP bans again; if we need to in order to prevent abusive users then we will. But we hope it will help any of our normal users who have been caught out by the bans in the past.


GamerGate
(Old Admin) #2

From the GG discussion thread:

What was in place before:

Every new user must have their first post approved before any of their posts show up in the forum.
When spammers are identified, their IP address is blacklisted (but just here).

I received complaints about both of those things, although mostly the latter. Some were understanding of the situation (some blocks had to be wide enough that the net caught more than just the spammer). Some, not so much.

What is in place now:

No first-post approval required
No local IP address blacklisting
Forum mod that checks various shared blacklists, with options to report.

The blacklist is working extremely well. For the two sets of spam that got through today, hundreds have been blocked. That said, it isn’t hard to re-enable the first-post approval that was in place previously. It didn’t appear to be needed, since in the days since the Spam Blocker was added, not a single spam post had made it through the filter. If this is the case, a minor revision will be needed to a certain bit in the Code of Conduct.

As for the IP bans, I’m not sure we need to bring that back. Effectively, we’re doing the same thing with this new add-on, but in a way that doesn’t have to cast the net as wide as we did before.

As for “bots” versus “humans” – I don’t know if it’s really, or entirely, bots. The sign-up process asks a random question that the user has to answer. It’s supposed to require some thought. So either a human is signing up (whether or not the account is then turned over to a bot to do the actual spamming), or a sign-up bot has been customized with the answers to these questions (in which case we could make up new ones, which would help at least for a while).


#3

The new user approval has been turned on again temporarily. As before, we try to be quick to approve posts!


(Old Admin) #4

I was in there trying to figure it out, and I set a “1” for the number of posts for a user to remain in the New Registered Users group. Hope I didn’t mess up the actual feature in doing so. I forgot how it worked.


#5

No, that’s exactly how it gets turned on.


#6

Could we have a definite statement how this IP blacklist works? Is the user’s address matched against a previously downloaded blacklist or are all addresses sent to some third-party to be matched? I’d be very uncomfortable with the latter.


#7

It gets sent to another site.


#8

So what is your agreement with this third party about processing, usage and storage of this personal information?


#9

An IP address is not personal information. Before your IP even gets to the machine hosting intfiction.org, it passes through a multitude (dozens) of other services first. All of those intermediaries then have your IP address.

If you think that sending your IP to the blacklist matcher is a problem, then you have waaaaay bigger problems to worry about first.


#10

European legislation and courts disagree.


(Old Admin) #11

Every time you send an email, visit a website, or do anything not involving a direct connection to another machine, your IP address is being sent to a third party. It’s especially common with email, since they use many of the same techniques and services as this does, in fighting spam. This is fundamental to how the internet works, even without the concept of RBL’s. If you feel this is a violation of privacy, then it goes much deeper. You can’t use the internet without your IP address being distributed to systems you’re not even aware of.

But if you do feel it’s a violation of privacy, please post links to the legislation you’re referencing. I’m always interested in learning more about the latest trends in internet security. I’m also interested in seeing how this relates to a server hosted in the United States, and what their stance is on how the internet works at a fundamental level.


(Andrew Plotkin) #12

That’s a little broad. Visiting a website is a direct connection to a machine. My IP address is visible to my ISP, the destination machine, and the ISPs and backbone services in between us. Okay, also to other customers of the ISPs who happen to be snooping. It’s not protected by strong security but there is an expectation of where it goes.

If a site has ads or Google analytics then a lot more people track the IP address. (This site doesn’t use such things.) That’s something that I’m aware of, even if not everybody is. You can use ad-blockers or browser settings to limit this. If you want to know what Google Analytics does with IP addresses, you can read their policy. (“Google Analytics does not share actual IP address information with Google Analytics customers” but they track it themselves.)

It’s not unreasonable to ask what services the site is using behind the scenes.


#13

I don’t know who is writing this. In any case, I find it very offensive. I believe I asked a perfectly reasonable question in a polite tone. I get an extremely condescending answer posted from an administrative account. I did not come here to receive lectures (or give any, for that matter) about “how the Internet works”. I simply want to know what the terms of use of this forum, which seem to have changed since I signed up, are.

Just from the first search engine results:
Sweden: http://history.edri.org/edri-gram/number7.13/sweden-ip-addresses-personal-data
Germany: http://www.webnews.de/119468/experten-sehen-ip-adressen-persoenliche-daten
Austria: http://derstandard.at/3192889
http://www.washingtonpost.com/wp-dyn/content/article/2008/01/21/AR2008012101340.html
http://www.mondaq.com/x/162538/Copyright/ECJ+Confirms+That+IP+Addresses+Are+Personal+Data


#14

I read those articles, and they really don’t say very much. They’re mostly about whether a copyright holder can request IP addresses, and whether IP bans are legal.

The RBL sites we check might temporarily store the requests (some I just checked said 7 days for example), but they’re only going to store the addresses of reported spammers for any longer than that. Otherwise their servers would be overflowing with useless data.

We will alter the terms of service/code of conduct to say that we do transmit your IP and email when you register.


#15

A bit of info was posted starting at https://intfiction.org/t/you-have-been-permanently-banned-from-this-board/7364/9

I also very much prefer the former method.

Could you, please, link to the relevant Privacy Terms of the third-party/ies? Thanks.


#16

It’s all in how you read it, what tone you bring to it. I read the Admin text as cordial and helpful, not offensive or condescending.

It does seem weird for “Admin” to say “I” and have an opinion though :slight_smile:


#17

That contradicts what Dannii is insinuating in this thread, though.

Seeing that your supportive request…

…is already a week old as well, I can only take it that the operators here are either unwilling or unable to provide even the most basic information about this. Sad. I don’t see what’s so hard about simply admitting that they don’t have any explicit agreement with that service provider, i.e. that this third party can currently do whatever they want with the data. At least that would be honest.


(Daniel Stelzer) #18

Here is the privacy policy for StopForumSpam. I assume that’s the one you’re interested in?


#19

Here are the other sites it uses.

dnsbl.otello.ch/
uceprotect.net/en/rblcheck.php
blocklist.de/en/view.html
cbl.abuseat.org/lookup.cgi
spamhaus.org/query/bl
spamcannibal.org/cannibal.cgi
sorbs.net/lookup.shtml
barracudacentral.org/lookups/ip-reputation


(Hanon Ondricek) #20

Hi PetrGek.

This post is from 2014 and much of the information is out of date. I just had to approve this first post you made.

We do not ban people nor remove accounts unless they are spamming or violate the TOS. Initial posts must be approved by a mod, and spammers are deleted and reported.