"Permanent" ban

I understand your perspective. And I agree: fighting spam is essentially always a losing battle, at least at a technical level. It doesn’t mean it’s not worth fighting, but it does argue for a rational upper bound on effort expended.

One point that Merk always stressed (and which, frankly, I discounted before I saw it firsthand) is that the spam here does not come from bots. We do have simple questions in place for registration and they do keep the bots out. All the spammers that get through are humans that are determined to post here. We had one extreme case where a guy pretended to be a novice I7 user and, after several incoherent posts, wrote about his “game idea” that involved buying UK flowers.

The typical spammer signs up for an account but doesn’t activate it right away. (Presumably they are registering on other forums during this window.) I delete these accounts in bulk every few hours; the total comes to about 50 per day that get scrubbed before they ever hit the members list. To give you a sense of the scale, in the last 30 days we added 50 legitimate new members.

Maybe once or twice a day, we get an overachieving spammer who signs up, activates his account within minutes, and begins flooding the board. These are the only ones that get an IP ban. They’ve demonstrated that they are a somewhat more determined adversary. Prior to IP bans, they would simply sign up for a new account and do the same thing immediately.

I disagree that Bayesian classification could work here; we simply don’t have a large enough corpus of posts. It is incredibly effective at scale, as Gmail’s filtering demonstrates, but we are many orders of magnitude below that volume.

Sending new users to a moderation queue is an option. My sense is that it would undermine the relative sense of open access here. Having someone be able to sign up, ask a question about their Inform 7 problem, and get a reply within a few minutes is a real strength. That happens every day and it’s a great thing.

David and I are both administrators now, with the important caveat that we do not have access to the server and cannot install or modify any of the software.

But the IP address filtering problem is a fair point. However stifling it is to new users to be held in a queue for moderation, it would be far worse for them to be greeted by a “permanent ban” message. I admit it was easier to justify the policy before it affected you. I admit also that my reflexive dismissal of Tor as a use case was misguided, offensive, and based largely on ignorance.

I will let David weigh in but I am inclined to handle IP bans somewhat differently. Perhaps we can continue to issue the bans, but expunge the list of banned IPs on a weekly basis. That should still provide some deterrent value without the risk of encroaching on legitimate users over time.

A very good way currently to catch spammers is stop forum spam. I don’t know if there are good phpbb integration mods for it out there though. It might be worth looking into. From a quick search, it looks like that forums that have this integrated pretty much solved their spam problems.

I use that site to identify spammers that register, but it’s a manual process. I found a phpBB plugin for it that looks promising:
support.prophpbb.com/topic2572.html

I’ll see if Merk will install it.

I’ve used Akismet before which is pretty reliable.

Akismet is pretty good for Wordpress spam, though it has a fairly high false positive rate. I’ll look for a phpBB plugin for it.

The correct way would be to have new users play a small piece of IF with randomised puzzles, and some very basic in-jokes. This would prove their humanity and interest in IF. I am sure a collaborative project would come up with a really enjoyable game, especially if some of the big names (Emily Short, zarf, …) would take part.

An easier option would be to have the test question refer to what happens in some famous piece of IF. Only people who are willing to play the IF will be able to answer it - fun for IF-lovers, but work for would-be spammers. And it would force newbies to play at least one good piece of IF, which is only good.
Of course the question ought still to be randomised (but constant for a login name), so that a determined spammer will end up playing lots of IF and be converted from his evil ways…

But if the test-IF game is feasible, it would make a nice comp!

To be honest, both of those ideas sound like excellent ways to dissuade people from registering on a forum. If I had to play a short piece of IF before I was allowed to post on a forum, I’d probably go elsewhere. Or if I had to go and play an IF game and look for a specific clue before I could register, I’d likewise go elsewhere.

Not to mention that, as has been mentioned several times already in this thread, a good deal of this forum’s spam isn’t from bots but human beings so neither of these ideas would help at all.

While I understand and like the sentiment behind the suggestions, I agree with David. There may be better ways to do this than we currently have, but these are not them.

-Kevin

I wouldn’t do this. (I’m pretty sure I have an interest in IF, so perhaps I’m less human than I thought.)

Besides, it’s inevitable that people will get stuck, and in order to post to the “help playing IF” forum, they have to register to the forum, and in order to register, they have to play . . .

That’s just reactionary and prejudicial. It doesn’t even matter if you’ve personally seen lots of child porn on that network, it’s still completely off-base and ignores large communities who depend on Tor and talk about their reliance on it, online, at length. In any case, I don’t care if you feel the need to block Tor because of spammers, really, that’s not what I’m saying. I’m just saying that child porn has zero to do with this, and your perspective on Tor is so twisted and unfair that I just had to counter it.

For the topic at hand, I think the best solution would be to automatically hide posts with no admin intervention required, if a certain threshold of users reported them, like 3 or more. However, it doesn’t seem that this board software would support that kind of regime. Really the most scalable solution to the spam problem is automatically crowdsourcing in some way the judgement as to what is spam – and then let the poster appeal to the moderator to have his or her posts reinstated, to counter the case where a posse of members might gang up and unfairly mark someone else’s posts as spam.

Paul.

EDIT: I guess it must have really been an uphill battle for Tor to “somehow acquire a veneer of respectability” after being “designed, implemented, and deployed” by that wretched hive of scum villains and child abusers known the US Naval Research Laboratory…

Who uses Tor?

As I’ve been absent for a minute, and this is the first post at the top of the unread list, I think it a fitting place to start…

I’m going to have to agree with Ben here, for two reasons. The first reason is a matter of principle. I also dislike Tor. Not because of the service itself, necessarily, but because of the way it’s used. It’s a tool for the hyper paranoid, which is fine. Whatever makes you feel safer on the internet, do what you have to do. Otherwise, it’s pretty much useful only if you’re doing something illegal or immoral. The only thing it’s masking is your IP address. If you’re using it to access any site, compromised information will include your usernames, passwords (encrypted or no, but once someone has your encrypted password for that site, it doesn’t matter) and any other personal information that you’ve provided to that site are completely visible. Tor can’t do squat about any information that’s intercepted after its left your keyboard. Tor is a false sense of security.

There are people who will agree and people who will disagree. It really doesn’t matter. If you like the service, use it. If you don’t like it, don’t use it. My opinion is that using it for something like these forums is overkill and unnecessary. This is NOT a criticism of the people who do. It’s simply a matter of opinion. No more, no less.

The second reason is practicality. There are few moderators/admins on this forum. There are fewer active mods/admins. The forum gets a respectable amount of traffic for what it is. No one pays Ben, David, Merk or anyone else to keep up with it. They do it as a service to YOU, the user, and because they have a passion or respect for the community. Their task is not a small one. If they see a majority of Tor traffic coming in as spam and very little (if any) coming in as legitimate use, it’s not unreasonable for them to want to ban the entire network.

The subject of spam has been tossed around a couple of times. Like Ben said, almost all of the forum spam here is from real people who jump through the hoops to make a post. And these people aren’t random, isolated individuals working from a bedroom in Chicago. These are, in many cases, organized groups of paid (no matter how poorly) individuals whose job it is to get a few links into a forum post. If you throw up something like “Play this game and get the secret code to register”, normal users are going to balk. Spammers are going to have one person play the game and share the secret code with their coworkers.

The only true answer to spam is active, personal, human evaluation and subjectivity. And even that will occasionally fail, as it’s human against human. However, the best we can hope for under the circumstances is to let the forum admins fight the fight the best way they can. If that means making sweeping, biased judgements for the good of the community… That’s their discretion, that’s their right and sometimes that’s their only choice.

I, for one, support it.

I’ve already apologized for my original stance. You’re welcome to belabor the point at length, days later, but I don’t feel the need to apologize for it in perpetuity.

Defending my position at this point would only make that apology seem insincere. I may not be able to avoid ignorance but I can at least strive for sincerity.

I don’t consider “funded by the US military” to be an unimpeachable claim to respectability, and frankly I’m surprised you would go there.

Spoken like a person who doesn’t seem to understand why anyone would mistrust any government’s pronouncements on what is properly legal or moral.

Spot on. Fight robots with robots. Fight humans with humans. We already have an organised community capable of fighting this issue quite handily — we just don’t have the right software for it.

Me too, as stated. Whatever has to be done is going to get done, even if it’s a suboptimal solution.

The way I read it, you apologised for offending someone but you made no attempt to retract your specious statements regarding Tor. So, I did not take your apology too seriously. It sounded like one of those non-apologetic apologies, to me. Anyway, I am not looking for another – I just needed to correct the record on this because what you said was a great injustice that needed to be opposed. I am not belabouring anything – that was the first I mentioned it, and no one else made the points I made.

If you were trying to give the impression that you were sincerely reconsidering your views about Tor, this message did not get through.

Neither do I, but it completely explains how Tor acquired a “veneer of respectability”, “somehow”. This should not be mysterious to you. It didn’t ‘acquire’ a postive reputation. It had that from the beginning.

Paul.

It did get through to me, actually. Which may have been me misreading a miswritten statement in such a way that it came out exactly as intended, but let’s apply the principle of charity here.

All he said is that it was his opinion and not board policy. But opinions influence what other people conclude, and therefore they must be opposed when they talk smack about stuff they don’t understand. I’m just fighting the good fight but don’t worry — I like Ben and I do not have any kind of shitlist that I put people on when we disagree. I just said what I said, and I’ll say it again if necessary. No one is going to smear Tor users as child pornographers on my watch and get away with it by claiming that it is only their opinion. I did nothing but my duty here.

Paul.

I am not sure what else you want me to say. When the Tor alpha came out, I ran a node on a 5/5 link. A friend told me about the network’s reputation for unsavory content. I ran tcpdump and was appalled. Judging by the HTTP requests, essentially everything was child porn. Some of that could have been military secrets encoded in questionable images with steganographical techniques. Some of that could have been people trolling node ops with fake file requests. I didn’t care; I shut my node down.

Today I moderate this forum. Essentially all the spam that doesn’t come from China or Russia comes through Tor. You’re welcome to link to all the pro-Tor articles you want, but when your “Who uses Tor?” page doesn’t mention spammers or CP traffickers, I am inclined to dismiss it as propaganda.

Anecdotes are not data, but my experiences with Tor did not predispose me to learn all I could about the network. Hence I was ignorant of its evolution and misguided when I wrote off its users. I took the opportunity to learn more last week, recognized my error, and apologized to Hannes. I made the statement above as a retraction.

If you are looking for me to state that there is no spam or CP on Tor, I will not. I will only rephrase my earlier statement: there are other reasons to use Tor, and those reasons are more important.

I never wanted you to say anything in particular. I just wanted to say what I said (about Tor). You were just the person who had just said a terrible thing (about Tor). This was not about getting an apology: I don’t think in terms of extracting apologies, but rather in terms of opposing wrong beliefs. As I say, I felt the call of duty.

But thanks for pointing out that second quote. I admit I missed it because that admission was buried in a section where you seemed to have already moved on from the issue of your opinions and put that question aside. So I skipped that section because I didn’t care about the implementation details of banning Tor because I don’t object to banning Tor if it becomes necessary. (The reason I do not object to actually banning Tor BTW is that I value this forum a lot and freedom of speech should not be a suicide pact with spammers.)

So for what it’s worth I do apologise to you, Ben, for skipping that section and getting your stance wrong. I probably still would have said something more in defence of Tor if I had read it, but I would have softened the rhetoric.

Well, yeah, it is advertising. It was put out by the Tor project itself. I posted it as evidence for the origin of Tor in the US Naval Research Laboratory (which you are not disputing) in order to counter your assertion (which I hadn’t noticed you had retracted) that Tor acquired a veneer of respectability later on.

It doesn’t surprise me that the most unsavoury elements jumped on Tor the earliest. The same thing happened to P2P, which is increasingly now used for perfectly legal distribution, for which it is by far the superior tech. Remember back when the ‘hot’ news item was that the vast majority of internet traffic was porn? That was when the internet was young. It isn’t true anymore.

Thanks for clarifying; I am not looking for you to state those things, nor did I state them.

Paul.

Just a note (feeling the call of duty; I don’t mean to take a position on any other issue in this thread); if that was based on the Marty Rimm study, it was always bullshit. From this account, it seems like the conclusion we should have drawn was that the vast majority of internet traffic on BBSes devoted to porn was porn.

Ah yes. Now that you mention, I do recall these objections at the time. I forgot about the USENET focus though. I remembered the issue with the study as comparing image bytes to text bytes and coming up ‘mostly porn’ (a comparison that I think would no longer be true today even if it ever were true, which as you point out – probably not).